{"swagger":"2.0","info":{"version":"0.0.3","title":"CipherTrust Manager API","contact":{"name":"Thales Group","url":"http://www.thalesgroup.com"}},"basePath":"/api","schemes":["https"],"consumes":["application/json"],"produces":["application/json"],"x-tags":{"Users":{"description":"Users are unique individuals or systems using the API.\n\nUsers are authenticated against authentication systems, called\n\"connections\". A \"connection\" can be an identity provider, such as\nan OpenID endpoint, or a directory, such as LDAP or AD. CipherTrust Manager\nhas a built-in, internal user directory, whose connection name is\n\"local_account\".\n\nThe User's `connection` property refers to the authentication system in\nwhich the user's credentials and identity reside. When you create a User,\nyou must specify the `connection`: this tells CipherTrust Manager which\nauthentication system it should use to authenticate the User.\nSome connections may require additional, connection-specific\nproperties to create the User.\n\nCipherTrust Manager supports external authentication systems.\nOnce a user is authenticated against an external authentication system, a\nuser will be created with connection|unique ID. This unique ID will be\ntaken from an attribute associated with that user on the external authentication\nsystem. For more information, look at Connections.\n\nThe `user_id` identifies Users and it is in the form of:\n\n connection|unique ID in that connection\n\nThe internal user database uses UUIDs, so a user in the `local_account`\nconnection might have a `user_id` of:\n\n local_account|9cd4196b-b4b3-42d7-837f-d4fdeff36538\n\nUsers have two attributes, `user_metadata` and `app_metadata`, which\ncan be used to store application-specific information. The system\ndoes not use this information; it just stores it for the convenience\nof applications using the API. These properties are unstructured JSON\ndocuments: the caller can put any JSON-structured information in them.\n\n`user_metadata` is typically used to store application-specific data which\nthe end user is allowed to see and modify, such as user preferences.\n\n`app_metadata` is typically used to store application-specific data\nabout the user which the end user is *not* allowed to view or modify,\nsuch as the user's security roles.\n\n`certificate_subject_dn` is used to store Distinguished Name. To enable certificate-based authentication, add \"user_certificate\" authentication method in `allowed_auth_methods`.\nValue of Distinguished Name in the certificate and the value in the user object must match for successful authentication.\n\n`nickname` has been deprecated. It will be removed in a future release.\n"},"Connections/Connections":{"description":"Connections defines how and where to authenticate CipherTrust Manager users.\n\nA \"connection\" can be an identity provider, such as a OpenID endpoint, or\na directory, such as LDAP or AD. CipherTrust Manager has a built-in,\ninternal user directory, whose connection name is \"local_account\".\n\nWhen you create a connection, you must specify the `name`, `strategy`, and\nseveral options which will be listed below in the POST command (create). `name` is\nthe friendly name that is associated with the connection that will be used\nby a user. `strategy` will be the type of connection. Currently, the allowed\nstrategies are 'ldap', 'oidc' and 'local_account'.\n\nFor an **LDAP** connection:\n\nIn order to create a connection, the following parameters must be provided:\n\n- `server_url`\n- `root_dn`\n- `uid_field`\n\nThe following parameters are optional:\n\n- `search_filter`\n- `guid_field`\n- `bind_dn`\n- `bind_pass`\n- `user_dn_field`\n- `group_base_dn`\n- `group_filter`\n- `group_id_field`\n- `group_member_field`\n- `insecure_skip_verify`\n- `root_cas`\n\nIf the `bind_dn` and `bind_pass` are not provided when the connection is\ncreated, the user's credentials will be used to run the LDAP search. If\nthe `guid_field` is not provided, it will default to whatever `uid_field`\nis.\n\nFor an **Active Directory** connection:\n\n- `user_dn_field` should be set to `distingushedName`.\n- `search_filter` should be set to `(objectClass=User)`\n\nDefault values for other optional parameters should suffice, but can be\nconfigured as required.\n\nGroup support:\n\nTo enable group support for a connection, `bind_dn`, `bind_password`, `group_base_dn`,\n`group_filter`, `group_id_field` and `group_member_field` are mandatory\nparameters. If any one of them is not specified, group support is\ndisabled for the connection.\n\nThese parameters are discussed more in-depth in the POST command (create)\n\nHere is an example of a successful creation of an LDAP connection:\n\n {\n 'name' : 'testServer',\n 'strategy' : 'ldap',\n 'options': {\n 'bind_dn': 'cn=admin,dc=example,dc=com',\n 'bind_pass' : 'admin',\n 'server_url' : 'ldap://ldap.example.com:389',\n 'root_dn' : 'dc=example,dc=com',\n 'uid_field' : 'uid'\n }\n }\n\nFor an **OpenID Connect** (OIDC) connection:\n\nIn order to create a connection, the following parameters must be provided:\n\n- `client_id`\n- `redirect_uris`\n- `discovery_uri`\n"},"Connections/LDAP":{"description":"This section is for browsing LDAP users and groups. There are two endpoints which provides us with following capability:\n\n- `LDAP User Listing`\n- `LDAP Group Listing`\n\nThe LDAP connection needs to be created in **LDAP Connection Manager**.\n\nWhen browsing LDAP users, the POST parameters are optional and overwrites the values stored in the Connection Manager LDAP connection.\n"},"Banners":{"description":"This service is used to get or set the banners of the CipherTrust Manager Server. There are two kind of banners,\nthe pre-authentication banner, which is shown to a user before the user is authenticated by the\nCipherTrust Manager server, and the post-authentication banner, which is shown to a user after the user is\nauthenticated by the CipherTrust Manager server.\n\nBanner text supports unicode and markdown.\n"},"Groups":{"description":"Users and Clients can be added to Groups. Users' and Clients' group\nmembership is available to the authorization system, so policies can\nuse users' and clients' group membership to assign permissions.\n\nGroups have an `app_metadata` property, which, like the User and Client property, can be\nused by applications to store application-specific data about the group.\n\nGroups are identified by their name, which must be unique.\n\nTo get a list of users in a group, use the `/users/` endpoint with\na `groups` query parameter to filter by group. Use `groups=nil` to\nlist users that are not in any group.\n\nTo get a list of groups a user is in, use the `/groups/` endpoint, with\nthe `users` query parameter to filter by user member.\n\nTo get a list of clients in a group, use the `/clients/` endpoint with\na `groups` query parameter to filter by group. Use `groups=nil` to\nlist clients that are not in any group.\n\nTo get a list of groups a client is in, use the `/groups/` endpoint, with\nthe `clients` query parameter to filter by client member.\n"},"Groupmaps":{"description":"The keys created by a CipherTrust Manager system can be configured to allow or disallow\ncertain operations based on the groups a user belongs to. Groupmaps extend configuration\nof key permissions to connection groups. For example, an LDAP group can be mapped to the\nsystem defined `KeyUsers` group; this allows all members of the LDAP group to be key users.\nAlternately, an LDAP group can be mapped to a non-system defined CipherTrust Manager group.\nThe mapped CipherTrust Manager group can then be used to configure group-based key permissions.\nGroupmaps also allows mapping a group from parent domain to a child domain group. This allows\nmembers of mapped parent domain group to be member of child domain group when they log-in\nto child domain.\n\nA groupmap maps a connection name, and a group associated\nwith that connection, to a CipherTrust Manager group. The `groupmaps` API\ncan be used to create, delete, get, list, and modify mappings. A mapping is\ncreated by passing the three parameters to the create API. This returns an\nID along with other information. The ID can be used to get, modify or delete\nthe mapping.\n\nThe list API supports searching for all mappings associated with\n(a) a connection, (b) a CipherTrust Manager group, and/or (c) a connection group. Wildcards\ncan be used in the list API.\n"},"Permissions":{"description":"Permissions are queries made to the platform to ascertain which functions the user can access.\n\nThe user creates an array of `operations`, each item containing an `action` with an optional `context`\n\nThe query follows the format below:\n\n {\n \"operations\": [\n {\"action\":\"\", \"context\":{...}},\n {\"action\":\"\", \"context\":{...}},\n {\"action\":\"\", \"context\":{...}}\n ]\n }\n\nTypical usage is either a large list to query or a more precise set of functions, i.e. `CRUD` access to keys.\n\nQuery for a large selection of functions:\n\n {\n \"operations\": [\n {\"action\": \"ReadUser\"},\n {\"action\": \"ReadGroup\"},\n {\"action\": \"ReadRecord\"},\n {\"action\": \"ReadKey\"},\n .....,\n {\"action\": \"ReadBackup\"}\n ]\n }\n\n Note that this order emulates the order of the CipherTrust Manager GUI\n\nQuery for specific key functions:\n\n {\n \"operations\": [\n {\"action\": \"CreateKey\", \"context\":{\"resource\":{\"meta\": { \"ownerId\": \"\"}}}},\n {\"action\": \"UpdateKey\", \"context\":{\"resource\":{\"meta\": { \"ownerId\": \"\"}}}},\n {\"action\": \"DeleteKey\", \"context\":{\"resource\":{\"meta\": { \"ownerId\": \"\"}}}} ]\n }\n\n USERID is the information retrieved from the platform after login, i.e. `local|99b0d0d3-8462-440a-bc6d-7ff0395a5536`\n\n The response to these queries will be an array of submitted 'function' names, a blank 'context' and an 'allowed' flag (`yes/no/maybe`)\n\n Response:\n\n [\n {\n \"action\": \"ReadUser\",\n \"context\": {},\n \"allowed\": \"no\"\n },\n {\n \"action\": \"ReadGroup\",\n \"context\": {},\n \"allowed\": \"no\"\n },\n {\n \"action\": \"ReadKey\",\n \"context\": {},\n \"allowed\": \"yes\"\n },\n .....\n {\n \"action\": \"ReadBackup\",\n \"context\": {},\n \"allowed\": \"no\"\n }\n ]\n"},"Tokens":{"description":"Access Token: API calls are authenticated with access tokens. An access token\nis a string representing an authorization issued to the client. It is referred\nas an API authentication token.\n\nRefresh Token: Refresh tokens are issued to the client by the authorization server\nand are used to obtain a new access token when the current access token becomes\ninvalid or expires, or to obtain additional access tokens.\n\nThe `/auth/tokens/` endpoint can be used to exchange a username and password for an\naccess token and long lived refresh token that can be used to get access token without\nusing the user's credential. You can obtain tokens for LDAP users by entering a username\nin the format | or by specifying a connection name in the connection field.\n\nTo make API calls against the rest of the API, the token value needs\nto be placed in the `Authorization` HTTP header, prepended with\n`Bearer `. For example:\n\n Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJkMzEzYzcwZS01NmYyLTQ5MTUtOGJkNy01ZmMyYmUyNzk2YzEiLCJzdWIiOiJsb2NhbHxiM2ZjOGZlNy1hN2ZlLTQ1YzEtOWU1OS0zYmUxNTRkMTZjYmQiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsImN1c3QiOnsiZ3JvdXBzIjpbImFkbWluIl19LCJpYXQiOjE0ODEyMjg1NzgsImV4cCI6MTQ4MTIyODg3OH0.2ZCX8qzzU-a499Ef58tDnDcXqrOv8pw_AXD-z-WeEE0\n\nAccess tokens expire and so must be refreshed periodically. A new\naccess token can be created with the user's credentials, or with the refresh\ntoken that has not been revoked or expired.\n\nThe `/auth/revoke` endpoint can be used to revoke the refresh token.\n"},"Client-Management/Tokens":{"description":"These endpoints perform client registration token operations.\n\nIt provides methods for managing client registration tokens for\nregistering new CipherTrust Manager clients.\n"},"Client-Management/Clients":{"description":"These endpoints perform client management operations.\n\nIt provides methods for registering new CipherTrust Manager clients and their\nmanagement.\n\nIn case of renewing a client that is issued by an external CA, you need to provide\nthe new certificate signed by the external CA in the request.\nAfter the client renewal process, the newly issued certificate will have the client id\nset as the UID in the DN of the certificate. This is done to ensure that the DN of a client\ncertificate is unique to each client.\n"},"Client-Management/Impersonated Users":{"description":"These APIs should only be used for KMIP and ProtectApp Clients. \nImpersonating the user means client can login as user without providing user's credentials.\nClient can impersonate the user which is added as Impersonated User to the client. \nCurrently, only 1 impersonated user can be added to a client. \nOne should be Client Admin or Admins to use this API.\n"},"Crypto":{"description":"These endpoints perform cryptographic operations.\n\nIt provides methods for format preserving encryption (FPE), symmetric and\nasymmetric key encryption, hashing and MAC, and digital signatures.\n\nAll crypto operations require a key. The hide/unhide operations (FPE)\nuse a default if no key is specified as a parameter. The hide operation will\nauto-create keys if a key name is specified that does not yet exist.\n\nHowever, all other operations require an existing key. Any of\nthe key's identifiers (the name, id, or URI) can be used in the\ncrypto-operation's parameters.\n"},"Keys":{"description":"Keys are the cryptographic material used in crypto operations.\n\nKeys can be symmetric or asymmetric, in various sizes and algorithms.\nThe crypto endpoints take key identifiers as parameters to specify\nwhich key to use. If the key is exportable, the key material can\nbe exported to the caller and used for local encryption.\n\nKeys have a `meta` attribute, which can be used to store\napplication-specific information. This is stored for the convenience of\napplications using the API. These properties are unstructured JSON\ndocuments: the caller can put any JSON-structured information in them.\n\nKeys have a `label` attribute which can be used to group keys using\nkey/value pairs. APIs that list keys can use labels to filter the set of\nmatching resources.\n\nKeys have three additional identifiers: uuid, muid, and keyId.\nThese identifiers support legacy DSM behaviours and can be used to filter\nkeys while listing the keys. The identifiers muid and keyid will be returned in\nthe response of key APIs only if set.\n\nThis is an example of a key resource:\n\n {\n \"id\": \"d22042eb-b527-48fe-b2d6-65fb0c7c3e04\",\n \"uri\": \"kylo:kylo:vault:keys:russ2-v0\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2016-12-01T19:57:04.884862Z\",\n \"name\": \"mykey\",\n \"updatedAt\": \"2016-12-01T19:57:04.884862Z\",\n \"usage\": \"any\",\n \"meta\": {\n \"ownerId\": \"local|81f34b79-e3c4-4391-a4c9-4bdd85b13f98\",\n \"permissions\": {\n \"UseKey\": [\n \"stars\"\n ],\n \"ReadKey\": [\n \"stars\"\n ],\n \"DecryptWithKey\": [\n \"stars\"\n ],\n \"EncryptWithKey\": [\n \"stars\"\n ],\n \"customAttributes\": [\n {\n \"name\": \"color\",\n \"value\": \"blue\"\n }\n ],\n }\n },\n \"version\": 0,\n \"algorithm\": \"AES\",\n \"size\": 256,\n \"format\": \"raw\",\n \"unexportable\": false,\n \"undeletable\": false,\n \"uuid\": \"64614b84-fd1e-4126-892b-f2a14f4bc025\",\n \"muid\": \"64614b84-fd1e-4126-892b-f2a14f4bc025cba2b073-bf22-43a6-8f52-6ccbe882bbe6\",\n \"labels\": { \"region\": \"noram\", \"team\": \"sales\" }\n }\n\nThis key was created via the\nNAE-XML interface (rather than the REST interface). The NAE-XML\ninterface has added its own properties to `meta`, to help support\nlegacy behaviors:\n\n`customAttributes`: This property holds name/value pairs set by NAE-XML\n requests. They map to the `CustomAttributes` element of NAE-XML\n keys.\n`permissions`: This property holds a map of actions to user groups.\n CipherTrust Manager's default Policies use this metadata to grant these\n permissions to members of the listed groups.\n If this property is deleted, it is equivalent to clearing all\n group permissions via the NAE-XML interface.\n`ownerId`: This property holds a `user_id`. CipherTrust Manager's default Policies\n grant that user most permissions to the key. If it is deleted,\n only admins (members of the \"admin\" group) will have permissions\n to the key.\n`global`: This property can be set to JSON `true` or `false`\n (e.g. `\"global\":true`). This property marks the key as a \"global\" key,\n which will allow unauthenticated NAE-XML users some permissions to\n the key. \"Global Users\" is a feature specific to the NAE-XML interface,\n and has no equivalent in the REST interface. In addition, support of \"global\" \n keys from the NAE/KMIP interfaces will be deprecated in the future releases.\n`versionedKey: This property marks the key as an NAE-XML \"Versioned Key\".\n This property is only used to emulate the behavior of NAE-XML keys.\n Keys are always versioned, but in NAE-XML, a key can either be\n \"versioned\" or \"non-versioned\", and versioned keys produce a\n different format of ciphertext. NAE-XML crypto commands using a\n versioned key produce ciphertext with a header which contains the key's version. The same NAE-XML\n crypto commands using a *non-versioned* produce ciphertext without\n the header. The NAE-XML interface layer uses this \"versionedKey\" property\n to track whether this key should produce the ciphertext headers. It is\n not recommended you change this, or you will not be able decrypt\n ciphertext created with the key before changing the field.\n\nThe REST interface also allows specification of key aliases. Key aliases are used by\nKMIP to specify one or more \"Name\" attributes associated with the key. A key alias\nhas an alias, an alias-type, and an index. The alias is an alternative name for the key,\nand is unique over an account. The allowed alias-types are \"string\" and \"uri\". The\nindex is generated internally, and is unique for each alias in a key. Key aliases\ncan be specified while creating a key. They can be added, deleted or modified after\ncreation using the HTTP patch interface. Key aliases can be used for finding keys.\nHere is an example of aliases associated with a key:\n\n \"aliases\": [\n {\n \"alias\": \"keyalias1\",\n \"type\": \"string\",\n \"index\": 0\n },\n {\n \"alias\": \"keyalias2:monk:gemalto:com\",\n \"type\": \"uri\",\n \"index\": 1\n }\n ]\n\nCipherTrust Manager's default authorization policies impose a requirement on newly\ncreated keys. Users in the \"admin\" group can create any kind of key, but\nother users will be required to include an \"ownerId\" attribute in the\nmetadata of the key, which must be set to the creating user's own\n`user_id`. This is because, in order to mimic legacy CipherTrust Manager, keys\nmust have owners. The `user_id` of the user is *not* the user's login\nname. It's unique identifier the system assigns to the user.\n\nUse the `/auth/principal` endpoint to fetch information about the\ncurrent user. Here's an example response:\n\n {\n \"sub\":\"local|95a4d02e-2371-422c-bb17-a218ba0375a5\",\n // more attributes, omitted here\n }\n\nThe `sub` property holds the current user's `user_id`. To create a\nKey which will pass the default authorization policies, include the\nfollowing in the body of the `POST /vault/keys` request:\n\n {\n \"meta\": {\n \"ownerId\":\"local|95a4d02e-2371-422c-bb17-a218ba0375a5\"\n },\n // other key create params, omitted here\n }\n\nIf the key create request doesn't contain that stanza, the request will\nbe denied by the system's policies.\n\nThe `key_format_type` property is server generated and is only applicable when the key format is `opaque`. \nAs shown below:\n\n {\n \"meta\": {\n \"key_format_type\":\"opaque\"\n },\n // other params, omitted here\n }\n\n**CTE Specific Keys**\n\nTo use a key in CTE policies, certain CTE-specific attributes should be specified in the key meta at the time of key creation.\nHere's an example request to create keys for CTE ESG policies:\n\n {\n \"name\": \"CTEESGKey\",\n \"algorithm\": \"aes\",\n \"size\": 256,\n \"undeletable\": true,\n \"unexportable\": false,\n \"meta\": {\n \"ownerId\": \"local|59ba6797-e5a6-4427-b11c-a5534b5a975e\",\n \"permissions\": {\n \"ExportKey\": [\n \"CTE Clients\",\n \"Key Users\"\n ],\n \"ReadKey\": [\n \"CTE Clients\",\n \"Key Users\"\n ]\n },\n \"cte\": {\n \"persistent_on_client\": true,\n \"encryption_mode\": \"XTS\",\n \"cte_versioned\": false\n }\n },\n \"xts\": true,\n \"id\": \"95cc7868-89bf-492b-b868-bbb884a9b379\",\n \"uuid\": \"95cc7868-89bf-492b-b868-bbb884a9b379\"\n }\n\n**Note**: For ESG keys, supply the same values for both `id` and `uuid` field in the valid UUID format in the key creation request, as shown in the example above.\n\nCTE-specific parameters that should be supplied in the meta field at the time of key creation are listed below.\n\nparent-parameter | parameter | description\n--- | --- | ---\nmeta | permissions | The \"ExportKey\" and \"ReadKey\" permissions are required for the \"CTE Clients\" group. Both these permissions are also required for the \"Key Users\" group for ESG keys.\ncte (inside meta) | persistent_on_client | true or false. Set to `true` if the key is to be stored in persistent memory on the client, otherwise, set to `false`.\ncte (inside meta) | encryption_mode | Mode can be CBC, CBC_CS1, or XTS. CBC_CS1 and XTS can be supplied only when the \"xts\" parameter is set to `true`.\ncte (inside meta) | cte_versioned | true or false. Set to `true` for keys to be used in LDT policies. Set to `false` for all other types of policies.\n - | unexportable | false. Always keep it set to `false` for CTE policies.\n - | xts | true or false. For use cases such as IDT, ESG, and device-level protection using Standard policies and for COS policies, set `xts` to `true`. \n\n**Wrapping/Unwrapping parameters** \nThe key material of a key can be wrapped using the export endpoint with the following parameters. For more information \nabout the parameters consult the schema for the wrappingMethod and other parameters. \n| wrappingMethod | encrypt | encrypt | encrypt | encrypt | encrypt | mac/sign | mac/sign | pbe |\n|--------------------------|----------------------------------------|---------------------------|---------------------------|----------------|-----------------|-----------------------|-----------------------|-----------------------------------|\n| Wrapping algorithm | AES Key Wrap with Padding/AES Key Wrap | AES Key Wrap with Padding | AES Key Wrap with Padding | RSA encryption | RSA AES KWP | MAC | SIGN | |\n| DEK | Symmetric DEK | Private DEK | Certificate | Symmetric DEK | RSA private DEK | Symmetric/Private DEK | Symmetric/Private DEK | Symmetric/Private DEK/Certificate |\n| macSignKeyIdentifier | | | | | | ☑ | ☑ | |\n| macSignKeyIdentifierType | | | | | | ☑ | ☑ | |\n| padded | ☑ | | ☑ | | | | | ☑ |\n| pemWrap | | ☑ | | | ☑ | | | ☑ |\n| signingAlgo | | | | | | | ☑ | |\n| wrapHKDF | ☑ | ☑ | ☑ | | | | | |\n| wrapKeyIDType | ☑ | ☑ | ☑ | ☑ | ☑ | | | |\n| wrapKeyName | ☑ | ☑ | ☑ | ☑ | ☑ | | | |\n| wrapPBE | | | | | | | | ☑ |\n| wrappingEncryptionAlgo | ☑ | ☑ | ☑ | | ☑ | | | |\n| wrappingHashAlgo | | | | | | | ☑ | |\n| wrapPublicKey | | | | ☑ | ☑ | | | |\n| wrapPublicKeyPadding | | | | ☑ | | | | |\n| wrapRSAAES | | | | | ☑ | | | | \n\nThe key material of a key can be unwrapped using the create endpoint with the following parameters. For more information \nabout the parameters consult the schema for the wrappingMethod and other parameters. \n| wrappingMethod | encrypt | encrypt | encrypt | encrypt | encrypt | mac/sign | mac/sign | pbe |\n|--------------------------|----------------------------------------|---------------------------|---------------------------|----------------|-----------------|-----------------------|-----------------------|-----------------------------------|\n| Wrapping algorithm | AES Key Wrap with Padding/AES Key Wrap | AES Key Wrap with Padding | AES Key Wrap with Padding | RSA encryption | RSA AES KWP | MAC | SIGN | |\n| DEK | Symmetric DEK | Private DEK | Certificate | Symmetric DEK | RSA private DEK | Symmetric/Private DEK | Symmetric/Private DEK | Symmetric/Private DEK/Certificate |\n| macSignBytes | | | | | | ☑ | ☑ | |\n| macSignKeyIdentifier | | | | | | ☑ | ☑ | |\n| macSignKeyIdentifierType | | | | | | ☑ | ☑ | |\n| material | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ |\n| padded | ☑ | | ☑ | | | | | ☑ |\n| signingAlgo | | | | | | | ☑ | |\n| wrapHKDF | ☑ | ☑ | ☑ | | | | | |\n| wrapKeyIDType | ☑ | ☑ | ☑ | ☑ | ☑ | | | |\n| wrapKeyName | ☑ | ☑ | ☑ | ☑ | ☑ | | | |\n| wrapPBE | | | | | | | | ☑ |\n| wrappingEncryptionAlgo | ☑ | ☑ | ☑ | | ☑ | | | |\n| wrappingHashAlgo | | | | | | | ☑ | |\n| wrapPublicKey | | | | | | | | |\n| wrapPublicKeyPadding | | | | ☑ | | | | |\n| wrapRSAAES | | | | | ☑ | | | |\n"},"Key Policies":{"description":"Key policy consists of all the permissions that is applied to a given label.\nIn simple terms, it is the mapping of label to their permissions.\nThese Permissions would be for clients, users and groups. It specifies which clients, users, or\ngroups have permission to use the key, read key, sign key, etc.\nSo, whenever an operation is performed on a key, all labels applied on this key are fetched.\nAfter that, all key policies related to these labels are computed which decides whether the client, user or a\ngroup is authorized to performed the operation or not.\nNAE/KMIP clients work on user based context i.e. they perform operations on behalf of a user. To grant\npermissions to NAE/KMIP client, permissions to NAE/KMIP client’s respective user has to be granted, instead of\nthe client itself.\n\n {\n \"clients\": {\n \"UseKey\": [],\n \"ReadKey\": [\"ClientID\"],\n \"SignWithKey\": [],\n \"DecryptWithKey\": [],\n \"EncryptWithKey\": [],\n \"SignVerifyWithKey\": [],\n \"MACWithKey\": [],\n \"MACVerifyWithKey\": [],\n \"ExportKey\": [],\n \"UploadKey\": []\n },\n \"groups\": {\n \"UseKey\": [],\n \"ReadKey\": [\"Application Data Protection Admins\"],\n \"SignWithKey\": [],\n \"DecryptWithKey\": [],\n \"EncryptWithKey\": [],\n \"SignVerifyWithKey\": [],\n \"MACWithKey\": [],\n \"MACVerifyWithKey\": [],\n \"ExportKey\": [],\n \"UploadKey\": []\n },\n \"users\": {\n \"UseKey\": [],\n \"ReadKey\": [\"UserID\"],\n \"SignWithKey\": [],\n \"DecryptWithKey\": [],\n \"EncryptWithKey\": [],\n \"SignVerifyWithKey\": [],\n \"MACWithKey\": [],\n \"MACVerifyWithKey\": [],\n \"ExportKey\": [],\n \"UploadKey\": []\n }\n }\n"},"Secrets":{"description":"Secrets are managed objects that can store user defined data. This data\ncan be a blob, a password, or a seed (see the `dataType` attribute).\nThere are two types of objects used to store secrets: a \"Secret Object\"\nand an \"Opaque Object\"\n\nA \"Secret Object\" is a password or seed data type. The seed may be used\nfor cryptographic operations in the future, which is why it is a separate\ntype. The password is a convenient way to store simple text strings.\n\nAn \"Opaque Object\" is a blob data type. It can be used to store\narbitrary data.\n\nSecrets support many of the same attributes that keys do. They can be\nmade un-deletable, support meta-data, etc. They also support most of the\nsame lifecycle states as keys.\n"},"Templates":{"description":"It is a named Managed Object containing the client-settable attributes of a Managed Cryptographic Object.\nA Template is used to specify the attributes of a new Managed Cryptographic Object in various operations.\nAttributes specified in a Template are applied to all the created objects that reference the Template by name.\n"},"Services":{"description":"Services API can be used to reset a CipherTrust Manager instance, that is, wipe all data in\nthe CipherTrust Manager, restart CipherTrust Manager services and get their status.\n\nThe CipherTrust Manager services that can be restarted with this API are 'NAE' and 'KMIP'.\n"},"Interfaces":{"description":"Interfaces are the services the CipherTrust Manager is hosting. Most interfaces\nare listening on a particular port, but may also represent other input\nchannels, like local shell access or serial port access.\n\nCurrently, there are four default interfaces:\n\n- *web*: The HTTP server on port 80 and 443. This interface serves\nboth the GUI and the REST API.\n- *nae*: The NAE-XML server, on port 9000.\n- *kmip*: The KMIP server, on port 5696.\n- *ssh*: The SSH system service, on port 22.\n\nSome interfaces can be added and removed, they are:\n- *snmp*: Only running and available when listed as an interface\n- *nae*: Additional ports can be allocated for NAE by adding additional\n interfaces\n\nCurrently, SSH service on host machines can be enabled or disabled via Enable/Disable Interface feature.\nOnce disabled, it will block ssh access on the host machine.\nThis setting will persist on subsequent system restarts.\n\nDefault connection:\nThe default connection may be \"local_account\" for local authentication or the LDAP domain\nfor LDAP authentication. This value is applied when the username does not embed the connection\nname (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE\nonly and is ignored if set for web and KMIP interfaces.\n\nThe *mode* Interface configuration parameter specifies the Interface mode, and\nmust be one of the following:\n- *no-tls-pw-opt*: No TLS, allow anonymous logins.\n- *no-tls-pw-req*: No TLS, user must supply password.\n- *unauth-tls-pw-opt*: TLS, allow anonymous logins, ignore client cert.\n- *unauth-tls-pw-req*: TLS, user must supply password, ignore client cert, deprecated and replaced with tls-cert-opt-pw-opt.\n- *tls-cert-opt-pw-opt*: TLS, user must supply client cert or password.\n- *tls-pw-opt*: TLS, allow anonymous logins, verify client cert.\n- *tls-pw-req*: TLS, user must supply password, verify client cert.\n- *tls-cert-pw-opt*: Verify client cert, user name taken from client cert, auth request is optional.\n- *tls-cert-and-pw*: Verify client cert, password is needed, user name in cert must match user name in authentication request.\n\nEach interface has the following restrictions on the mode:\n- *nae*: All modes are allowed. Default is *unauth-tls-pw-opt*.\n- *web*: The only allowed mode is *tls-cert-opt-pw-opt*.\n- *kmip*: The only allowed modes are *tls-pw-opt*, *tls-pw-req*, *tls-cert-pw-opt* and *tls-cert-and-pw*. Default is *tls-cert-pw-opt*.\n- *snmp*: N/A.\n- *ssh*: N/A.\n\nThe *tls-pw-opt*, *tls-pw-req*, *tls-cert-req* and *tls-cert-and-pw-req* modes verify that the TLS client\ncertificate is signed by one of the trusted CAs.\n\nThe *tls-cert-req* and *tls-cert-and-pw-req* extract the user name from the certificate.\nThe *certUserField* Interface configuration parameter specifies how the user name is extracted\nfrom the client certificate. The default value is *CN*. It must be one of the following:\n- *CN*: common name\n- *OU*: organizational unit\n- *SN*: surname\n- *E*: email address\n- *UID*: user ID\n- *E_ND*: email without domain; the data to the left of the @ sign in the email address is taken as the user name.\n\nHard delete option for KMIP keys:\nkmip_enable_hard_delete option enables hard delete of keys on KMIP Destroy operation, that is, both meta-data and\nmaterial are removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data\nis preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling\nthe feature or 0 for returning to default behavior.\n\nTLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB)\nfor TLS handshake. Every new interface will be created with the default set of cipher suites and can be updated using\nupdate interface API (/v1/configs/interfaces/{interface}).\nRemoval or addition of any cipher suite is not allowed; cipher suites can only be marked as enabled or disabled provided\nthey are configurable, and also, order can be changed to set preference order.\nTLS 1.3 ciphers suites are not configurable, however, you can disable the TLS protocol as a whole.\nDisabling all cipher suites for protocols up to TLSv1.2 is restricted unless respective protocols are disabled.\n\nThe CipherTrust Manager system might need to be restarted after any interface update for the new settings to take effect.\n"},"Records":{"description":"A record is an auditable event. Audit records are created for significant\nevents in CipherTrust Manager, such as logins, key creations, password changes,\nand other events of note. As well, client records from CipherTrust client events \nare uploaded to CipherTrust Manager.\n\nThe API provides an endpoint for searching records and for configuring\nconditions to create an alarm based on a matching record.\nThis is an example of a record resource:\n\n {\n \"id\":\"547617c3-bd1f-4d8f-89f8-98936a5480da\",\n \"uri\":\"kylo:kylo:audit:records:547617c3-bd1f-4d8f-89f8-98936a5480da\",\n \"account\":\"kylo:kylo:admin:accounts:kylo\",\n \"application\":\"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\":\"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\":\"2019-08-13T06:36:44.35942Z\",\n \"principal\":{\n \"acc\":\"kylo\",\n \"iss\":\"kylo\",\n \"sub\":\"local|34118030-ee80-4eb3-9289-5ed78af9eae1\",\n \"acct\":\"kylo:kylo:admin:accounts:kylo\"\n },\n \"details\":{\n \"id\":\"0ab0c77e2a549b49c8399c5139a233e3c0b50c1d73ab0861896df60d60cefb64\",\n \"uri\":\"kylo:kylo:vault:keys:key1-v0\",\n \"name\":\"key1\",\n \"size\":256,\n \"ownerId\":\"local|34118030-ee80-4eb3-9289-5ed78af9eae1\",\n \"algorithm\":\"AES\",\n \"usageMask\":12,\n \"objectType\":\"Symmetric Key\"\n },\n \"message\":\"Create Key\",\n \"service\":\"minerva\",\n \"requestId\":\"183004e4-fea3-4810-bfc0-840f24bdf145\",\n \"success\":true,\n \"username\":\"admin\",\n \"severity\":\"info\",\n \"client_ip\":\"\",\n \"source\":\"\"\n }\n"},"Policies":{"description":"Policies define access control rules.\n\nCipherTrust Manager uses an [Attribute-Based Access Control (ABAC)](https://en.wikipedia.org/wiki/Attribute-Based_Access_Control)\nsystem to authorize requests. ABAC essentially means authorization\ndecisions are based on the attributes and the entities involved with\nthe request. ABAC is a superset of many other authorization frameworks.\nFor example, RBAC, which makes decisions based on the roles of the\nuser, is also an ABAC system. RBAC uses one specific attribute of the\nuser (roles) to make authorization decisions.\n\nABAC systems, like CipherTrust Manager, can use any attribute of the request,\nthe requesting user, or the resources involved, to make the\nauthorization decision.\n\nCipherTrust Manager's ABAC policy language is based on XAMCL. The core concept\nof the language is the Policy resource. Policy resources describe the\nwho, what, where, and when of what is allowed and what is denied.\nCipherTrust Manager breaks each request down into a set of discrete *operations*\nrequired to fulfill the request. For each operation, CipherTrust Manager searches\nits database for Policies which match attributes of the operation, and\ncombines them into an authorization decision. The decisions for\neach operation are combined to issue a final authorization decision for\nthe overall request.\n\nWhen a request is received by the system, it translates the request into a\nset of *operations*. An *operation* is a JSON object describing the\nrequest. Here's an abridged example of an operation:\n\n {\n \"action\": \"ReadKey\", // the requested action\n \"resource\": \"a:b:vault:keys:signingkey\", // the target resource\n \"context\": {\n \"principal\": {\n // attributes of the requesting user\n },\n \"resource\": {\n // attributes of the target resource\n },\n \"environment\": {\n // other request attributes, like time of\n // day, network origin, or request params\n }\n }\n }\n\nThere are usually lots of attributes in the `principal`, `resource`, and\n`environment` sections. Here's an example of an actual, complete operation:\n\n {\n \"action\": \"CreateKey\",\n \"resource\": \"kylo:kylo:vault:keys:first-v0\",\n \"context\": {\n \"principal\": {\n \"aud\": \"4414d7ec-9b80-4bb4-b7a6-4c8ad5648333\",\n \"sub\": \"local|dc0d9fa0-a0d3-4b46-baee-cd9e07a3be77\",\n \"iss\": \"kylo\",\n \"acc\": \"kylo\",\n \"cust\": {\n \"groups\": [\n \"admin\"\n ]\n },\n \"acct\": \"kylo:kylo:admin:accounts:kylo\",\n \"user\": \"ncryptify:gemalto:admin:users:local-dc0d9fa0-a0d3-4b46-baee-cd9e07a3be77\",\n \"ident\": \"ncryptify:gemalto:admin:identities:local-dc0d9fa0-a0d3-4b46-baee-cd9e07a3be77-local-dc0d9fa0-a0d3-4b46-baee-cd9e07a3be77\",\n \"app\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"dev_acct\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"jti\": \"7478ba67-26b0-494e-9a9d-bf42c21a8629\",\n \"jwtid\": \"7478ba67-26b0-494e-9a9d-bf42c21a8629\",\n \"signer\": \"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODU0Nzc2OTUsImlhdCI6MTQ4NTM4NDA5NSwicHViayI6Ii0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLVxuTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFvdnBlR3FwQkZidlFZQnpraDI1d1xuTkFEYnhMTGRJWHVpNzNCR0V4YXZzaXIvekMxeUtLem5nMnBqRWVkMklSL1VsbG5BTnRGaWRwMnFJL29PMkw1NVxuNlhvTlBSVk9NQkVRZ1pBK3I1bkpwR2JIcWtKRTFFVW8yNy9weVdXTUc3cndISjhqTWc4UTBwY3NUZXhGYi80MVxuUUxHaGp0c1RZcnVTMmpvU2FxSVVzSEhGT2Y0T1RNMlcrNUxTNGFUVzQ4aFFXL2lKbytnQnFtc0lWaFE3Y2JEc1xuMTNnNUhjTlVaN3FadUNobjFJZ1Jsb2Z6NjNFakN3UkVqNGlYVmQwdStwUklVTnFZZElzdGdmU0FGRlZLSkpyUVxuM1pjeVZTWUdqYjRGNFFQS3dBVUxhNi8rb1dLbGpsRDRDT0hNaC8vWjdDWGxkeHBJcVZnL04zYkRjQTJDbWlkbVxucVFJREFRQUJcbi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS1cbiJ9.u1HydcVRRciFvtzciv7f-46P4m8jCNFiJFQAMjkdc1niD9yT6cHBqVei86ETGyDOGXX3ztczqiImKd6say95WZxe7CrZTqC6HF_6ZF1rtlSSpPk34yr7HAOz78_4CLksAxfQnt9OX1rriZ_VTloDlMXufEIJzdP-ysKDVVnUeMo\",\n \"iat\": 1485384273,\n \"exp\": 1485384873\n },\n \"resource\": {\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"algorithm\": \"AES\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"createdAt\": \"0001-01-01T00:00:00Z\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"format\": \"raw\",\n \"id\": \"\",\n \"meta\": null,\n \"name\": \"first\",\n \"size\": 256,\n \"undeletable\": false,\n \"unexportable\": false,\n \"updatedAt\": \"0001-01-01T00:00:00Z\",\n \"uri\": \"kylo:kylo:vault:keys:first-v0\",\n \"usage\": \"blob\",\n \"version\": 0\n },\n \"environment\": {\n \"time\": \"2017-01-25T22:44:33.914124104Z\"\n }\n }\n }\n\nA Policy consists of properties describing the attributes of matching\noperations, and a rule, which is the effect the Policy has on the\nfinal authorization decision: either allow or deny. This is an\nabbreviated example of a Policy resource which matches the operation\nabove:\n\n {\n \"allow\": true,\n \"actions\": [\"ReadKey\"],\n \"resources\": [\"a:b:vault:keys:signingkey\"],\n \"conditions\": []\n }\n\nThe system then selects the set of Policies where:\n\n1. the operation's `action` matches one of the Policy's `actions.`\n2. AND the operation's `resource` matches one of the Policy's `resources.`\n3. AND the operation meets all the Policy's `conditions` (if any).\n\nAn operation may match many Policies. The `allow` properties of the\nmatching Policies combine to form a final decision. CipherTrust Manager's\nstrategy for combining policies is that an operation must match at\nleast one \"allow\" policy, and cannot match any \"deny\" policies.\n\n> Policies by themselves are not immediately enforced, meaning the\n> authorization system will ignore them. Policies need to be assigned\n> to a set of users in order to be enforced. See [Policy Attachments](#Policy_Attachments).\n\nThe following sections describe the Policy's properties in more detail.\n\n**`actions`**\n\nThe `action` attribute of an operation is a string, in the form of\n\"VerbResource\" (e.g. \"CreateKey\"), or\n\"VerbWithResource\" (e.g. \"EncryptWithKey\"). Most of the resource types,\nlike \"Key\", \"Policy\", and \"Record\" share a common set of verbs: \"Read\",\n\"Create\", \"Update\", and \"Delete\". For example, the basic set of\nactions which target Key resources are:\n\n- CreateKey\n- ReadKey\n- UpdateKey\n- DeleteKey\n\nSome resources support additional verbs. For example, the following\nadditional actions apply to Keys:\n\n- ExportKey\n- UseKey\n- EncryptWithKey\n- DecryptWithKey\n- SignWithKey\n- SignVerifyWithKey\n- MACWithKey\n- MACVerifyWithKey\n\nThe `actions` attribute of Policies is an array of these values,\nand may contain wildcards (? or _). Examples:\n\n \"actions\": [\"CreateKey\"] // matches \"CreateKey\"\n \"actions\": [\"CreateKey\",\"DeleteKey\"] // matches \"CreateKey\" OR \"DeleteKey\"\n \"actions\": [\"*Key\"] // matches all actions ending with \"Key\"\n \"actions\": [\"*\"] // matches all actions\n\n**`resources`**\n\nThe `resource` attribute of an operation is in the form of a\nresource URI. Therefore, the `resources` attribute of Policies is an\narray of URIs, and can contain wildcards (? or *). Examples:\n\n \"resources\": [\"a:b:c:d:e\"] // single resource\n \"resources\": [\"a:b:c:d:e\",\"x:y:z:w:v\"] // multiple resources, matches either\n \"resources\": [\"a:b:*:d:e\"] // wildcard\n \"resources\": [\"*\"] // matches all resources\n\n**`conditions`**\n\nConditions are rules for matching the other attributes of the operation.\nRemember, an operation is a JSON object describing everything about the\nrequest: the who, what, to what, when, etc.\nConditions use an expression syntax that let you compose complex\nmatching rules against almost any attribute of the operation.\n\nIn the Policy structure, the `conditions` attribute is an array of condition objects.\nWhen evaluating whether a policy matches an operation, any conditions contained in the policy are\nalso evaluated against the operation. All conditions must be satisfied for the policy to match,\ni.e. the conditions are combined with a boolean AND.\n\nTo understand the syntax of a condition, let's look at an\nexample operation, and a policy which matches the operation.\n\nThis is the operation:\n\n {\n \"action\": \"CreateKey\",\n \"resource\": \"kylo:kylo:vault:keys:moms3-v0\",\n \"context\": {\n \"principal\": {}, // omitted...\n \"resource\": { // some properties omitted...\n \"alg\": \"aes\"\n },\n \"environment\": {}, // omitted...\n }\n }\n\nThis is a matching Policy, with a condition:\n\n {\n \"allow\": true,\n \"actions\": [\"*Key\"],\n \"resources\": [\"*\"],\n \"conditions\": [\n {\n \"path\": \"context.resource.alg\",\n \"op\": \"equals\",\n \"values\": [\"aes\"]\n }\n ]\n }\n\nThis Policy will grant the users to which it is assigned permission\nto perform actions matching \"*Key\", on any resource, with\none condition: the key must have a property named \"alg\" with the value\n\"aes\".\n\nThe condition's `path` is \"context.resource.alg\". That is\ninterpreted as a JSON path, evaluated against the operation object:\n`context` -> `resource` -> `alg`, which resolves to a\nvalue of \"aes\".\n\nThe `op` property of the condition is the comparison operator used to\ncompare the value in the operation with the conditions' values.\n\nThe `values` property of the condition can be a single value or an array of\nvalues. If `values` is an array, the values combine with a boolean\nOR. In other words, the operation value is compared\nwith *each* of the items in the `values` array, and if *any* match, the\ncondition is met. If `values` is not an array, it's treated like\nan array of one item.\n\n> To disambiguate an array of values from a single value *which\n> is an array*, you'll need to nest such values\n> inside another array. As an example, say I want\n> to match against users who are members of two, and only two, groups: \"hr\"\n> and \"eng\". That condition would look like:\n>\n> {\n> \"path\":\"context.principal.groups\",\n> \"op\":\"equals\",\n> \"values\":[[\"hr\",\"eng\"]]\n> }\n>\n> `values` is set to an array with a single item, which itself is an array\n> with the two groups in it. This translates to \"`groups`\n> must equal an array containing `hr` and `eng`\".\n> If the condition had been:\n>\n> {\n> \"path\":\"context.principal.groups\",\n> \"op\":\"equals\",\n> \"values\": [\"hr\",\"eng\"]\n> }\n>\n> ...that would translate to \"`groups` must equal either `hr`\n> or `eng`\".\n\nThe `op` property is the operator used to compare the operation value\nto the condition values. These are the supported operators:\n\nop | description\n--- | ---\nequals, == | values must match exactly. Values can be any JSON type (string, int, array, object, etc).\nequalsignorescase | like `equals`, but only works with string values\nempty | the value must not be present in the operation, or must be equal to `null`, an empty string, an empty array, or an empty object. `values` is ignored.\nmatches, regex, =~ | `values` should be regex expressions, which are matched against the operation value. Only works with strings.\ncontains, @> | The operation value must \"contain\" the condition value. JSON containment is implemented like postgres' [JSONB containment](https://www.postgresql.org/docs/9.4/static/datatype-json.html#JSON-CONTAINMENT) operator. Briefly, for scalar values, like strings or ints, containment is the same as equality. For arrays, array A contains value B if either B is a scalar value and present in A, or B is also an array, and all of B's items are also in A. For objects, object A contains object B if all of B's properties are in A, and the A's values for those properties contain B's values for those properties (recursively).\n\nExamples:\n\n \"foo\" contains \"foo\" // scalars just use equality\n [\"foo\",\"bar\"] contains \"foo\" // array contains scalar\n [\"foo\",\"bar\"] contains [\"foo\"] // array contains array with matching items\n {\"color\":\"red\"} contains {\"color\":\"red\"} // objects: properties match\n {\"groups\":[\"hr\",\"eng\"]} contains {\"groups\":[\"hr\"]} // contains is recursive\n [[\"hr\",\"eng\"]] does not contain [\"hr\"] // left array does not contain\n // a single scalar value equal to\n // \"hr\". but...\n [[\"hr\",\"eng\"]] contains [[\"hr\"]] // and...\n [\"hr\",[\"it\",\"eng\"]] contains [\"hr\"]\n\n**Template Variables**\n\nConditions also support the use of \"template variables\", which are resolved at\nthe time of the authorization request. Variables are useful for conditions\nthat compare one attribute of the request to another attribute of\nthe request, e.g. to compare an attribute in the target resource to\nan attribute of the user making the request.\n\nThe `path` and `values` properties of conditions also support the use\nof template variables, which are resolved at the time of the\nauthorization request. To understand the syntax of template variables,\nlet's use an example. A user has made a request, which resulted in\nan authorization check on this operation:\n\n {\n \"action\": \"CreateKey\",\n \"resource\": \"kylo:kylo:vault:keys:moms3-v0\",\n \"context\": {\n \"principal\": { // Some properties omitted...\n \"groups\": [\"hr\",\"it\"]\n },\n \"resource\": { // Some properties omitted...\n \"permissions\": {\n \"CreateKey\": [\"it\"]\n }\n },\n \"environment\": {} // omitted\n }\n }\n\n\nHere's an example of a matching policy condition which\nuses template variables:\n\n {\n \"path\":\"context.resource.permissions.{{action}}\",\n \"op\":\"contains\",\n \"values\": \"{{context.principal.groups}}\"\n }\n\nThe `path` for this condition contains the template variable `{{action}}`.\nWhen the condition is evaluated, `{{action}}` will be replaced by the\naction in the operation, which in this example is \"CreateKey\". So\nthe resolved path will be \"context.resource.permissions.CreateKey\".\n\nSimiliarly, the `{{context.principal.groups}}` variable will be\nevaluated against the operation, and will resolve to\n`[\"hr\",\"it\"]` (the `groups` attribute of the principal).\n\nPut these together, and the condition could be described as\n\"The resource's permissions must grant the requested action to one of\nthe user's groups\".\n\nThe fully resolved condition would look like this:\n\n {\n \"path\":\"context.resource.permissions.CreateKey\",\n \"op\":\"contains\",\n \"values\": [\"hr\",\"it\"]\n }\n\nBecause `values` are combined with a boolean OR, this condition means\nthat the array of group names at `context.resource.permissions.CreateKey`\nmust contain one of the group names in the `values` array (any one).\n\nTemplate variables must be embedded inside string values, and are\nenclosed in double curly braces. The value inside the braces is\na JSON path evaluated against the operation at the time of the request.\n\n> Even though the template variable in `values` was embedded\n> in a string, since it resolved to an array, the system replaced the\n> string with an array. If the template variable is the entire value of\n> the string its embedded in, the string is replaced with\n> the resolved value. If the template variable is embedded in a string with\n> other characters, the overall value will still be a string.\n\nThe final, resolved condition is then evaluated against the operation.\nTemplate variables are useful in situations where the condition involves\ncomparing multiple attributes of the operation to each other.\n\n**Operation Attributes**\n\nThe `resource` of the operation will be the same\nJSON object that is returned if you GET that resource with the REST\nAPI. To see the attributes of a resource which can be referenced\nin policy conditions, GET that resource. Here is a complete example\nof a Key resource:\n\n {\n \"id\": \"2ad35187-e180-4339-a36c-a8de9ae6f64b\",\n \"uri\": \"kylo:kylo:vault:keys:moms3-v0\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2016-12-21T17:24:53.092358873Z\",\n \"name\": \"moms3\",\n \"updatedAt\": \"2016-12-21T17:24:53.092358873Z\",\n \"usage\": \"blob\",\n \"meta\": {\n \"ownerId\": \"local|95a4d02e-2371-422c-bb17-a218ba0375a5\"\n },\n \"version\": 0,\n \"algorithm\": \"AES\",\n \"size\": 256,\n \"format\": \"raw\",\n \"unexportable\": false,\n \"undeletable\": false\n }\n\nThe `principal` of the operation is an object containing\nthe attributes of the authenticated user. Use the `/admin/principal`\nendpoint to get the principal resource for the current user.\nHere's an example of a `principal` resource:\n\n {\n \"aud\": \"4414d7ec-9b80-4bb4-b7a6-4c8ad5648333\",\n \"sub\": \"local|95a4d02e-2371-422c-bb17-a218ba0375a5\",\n \"iss\": \"kylo\",\n \"acc\": \"kylo\",\n \"acct\": \"kylo:kylo:admin:accounts:kylo\",\n \"user\": \"ncryptify:gemalto:admin:users:local-95a4d02e-2371-422c-bb17-a218ba0375a5\",\n \"ident\": \"ncryptify:gemalto:admin:identities:local-95a4d02e-2371-422c-bb17-a218ba0375a5-local-95a4d02e-2371-422c-bb17-a218ba0375a5\",\n \"app\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"dev_acct\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"cust\": {\n \"groups\": [\n \"admin\"\n ]\n }\n }\n\nThe `sub` attribute is the user's `user_id`. `cust.groups` is an array\nof the groups of which the user is a member. `aud`,`iss`,`acc`,`acct`,`user`,\n`ident`, `app`, and `dev_acct` are reserved for future\nuse.\n"},"Policy Attachments":{"description":"Policies on their own are not enforced. Policies have to be assigned to a\nset of users first. This is done by creating Policy Attachment resources.\nHere's an abbreviated example of a Policy Attachment:\n\n {\n \"policy\": \"a:b:admin:policies:admins\",\n \"principalSelector\": {\n \"cust\": {\n \"groups\": [\"admin\"]\n }\n },\n\n // The following properties are copied from the attached\n // policy. They are read-only, and included here reduce\n // the number of roundtrips to the API\n \"actions\": ...,\n \"resources\": ...,\n \"allow\": ...,\n \"conditions\": ...\n }\n\nA Policy Attachment assigns, or \"attaches\", a single policy, identified\nby the `policy` attribute, to a set of\nusers whose attributes match a selector, known as the `principalSelector`.\nThis is very similar to the way Policies match the attributes of the\noperation. In fact, a Policy Attachment is virtually identical a policy\ncondition in the form:\n\n {\n \"path\": \"context.principal\",\n \"op\": \"contains\",\n \"values\": [ {} ] // the object nested is the principalSelector\n }\n\nThe effect of Policy Attachments and conditions overlap: it is possible\nto achieve identical effects by attaching a broad Policy to a narrowly\ndefined Policy Attachment, or attach a Policy with a narrowly defined\ncondition on the \"context.principal\" to a broadly defined Policy\nAttachment which matches all users. The redundancy is intentional:\n\n1. Policies are somewhat expensive to evaluate, so the fewer Policies that\nneed to be evaluated against a request, the better. Policy Attachments\nevaluate faster than Policy conditions, so they can quickly narrow the\nset of Policies to evaluate.\n2. On the other hand, Policy Attachments do not support template\nvariables, which are supported in Policy conditions. Template variables\nsometimes reduce the number of Policies required to express complex\nauthorization rules. Again, this reduces the number of policies to\nevaluate, which increases performance. Template variables can also\nexpress rules that cannot be expressed with Policy Attachments.\n3. Finally, Attachments promote Policy re-use.\n\nTo create a Policy Attachment, the request must include the `policy`\nand `principalSelector` properties. The `policy` property can be any\nof the policy's identifiers: the `id`, `uri`, or `name`. After creation,\nthe `policy` attribute will be the policies `uri`.\n\nThe `principalSelector` should include a set of attributes to match\nagainst the principal of an operation. The system evaluates whether\nthe principal \"contains\" the `principalSelector`. The semantics of the\n\"contains\" operator, and the attributes of principals, are described in\n[Policies](#Policies). To match *all* users, use an empty\n`principalSelector`.\n\nThe attributes of Policy Attributes which are copied from the\nreferenced policy do not need to be specified when creating Policy\nAttachments. They are read-only.\n\nFor convenience, repeating the same create Policy Attachment request is\nallowed, and indempotent. In other words, if I issue the same create\nrequest three times, containing the body:\n\n {\n \"policy\":\"admins\",\n \"principal\": {\n \"cust\": {\n \"groups\": [\"admin\"]\n }\n }\n }\n\n...the first request will succeed, creating the Attachment. The\nsubsequent requests will also succeed. They will be no-ops on the server,\nand will simply return the existing attachment.\n"},"Licensing":{"description":"Licenses can be installed to enable extended functionality for enterprise level\nfeatures such as clustering and external identity provider options, and for various\nconnectors such as KMIP clients.\n\nBy default the system ships with a trial for the enterprise level features, which can be\nactivated using the `licensing/trials` API.\n\nLicenses are locked to a particular Virtual CipherTrust Manager instance. Get the license lock code using the\n`licensing/lockdata` API and use the license lock code on Thales’\nVirtual CipherTrust License portal to get the license code. Install the\nlicense using the `licensing/licenses/` API. Installed licenses and\nlicensed features can be retrieved as well.\n\nThe API provides an endpoint for license management.\n"},"Syslog Connections":{"description":"Audit records can optionally be sent to one or more external syslog\nserver(s). By default audit records are stored in the local database and\nwill continue to do so even if syslog connections are configured. Each\naudit record will be sent to each configured syslog connection.\n\nA syslog connection can either use UDP, TCP or TCP + TLS as the transport\nprotocol. When TCP + TLS is used a trusted CA certificate in PEM format\nmust also be provided.\n\nAll syslog messages are generated with facility `local0`.\n\nAvailable log message format are:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n\nAn example entry looks as follows:\n\n**Plain Message:**\n```\n2019-08-12 06:25:12 ciphertrust CipherTrust: 2019-08-12 06:25:12 | 'Update Syslog Connection' succeeded ({\"createdAt\":\"2019-08-12T06:25:12.380743Z\",\"details\":{\"id\":\"e847e529-d331-45f9-a494-83ee7ce6ab69\"},\"message\":\"Update Syslog Connection\",\"service\":\"kylo\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"clientIP\":\"\",\"source\":\"\"})\n```\n\n**RFC5424:**\n```\n2019-08-12 06:22:16 ciphertrust CipherTrust: <134>1 2019-08-12 06:22:16 ciphertrust CipherTrust - b7999852-dd64-46e9-b924-c3999eca9fad [msg=\"Update Syslog Connection\" sev=\"6\" details=\"'Update Syslog Connection' succeeded ({\"createdAt\":\"2019-08-12T06:22:16.113081Z\",\"details\":{\"id\":\"e847e529-d331-45f9-a494-83ee7ce6ab69\"},\"message\":\"Update Syslog Connection\",\"service\":\"kylo\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"clientIP\":\"\",\"source\":\"\"})\"]\n```\n\n**CEF:**\n```\n2019-08-05 11:40:19 ciphertrust CipherTrust: 2019-08-05 11:40:19 ciphertrust CEF:0|Thales Group|CipherTrust|Development|34a71dbf-26d2-47ea-b66d-44e38d0f6c99|Update Syslog Connection|6|'Update Syslog Connection' succeeded ({\"createdAt\":\"2019-08-12T06:14:54.762963Z\",\"details\":{\"id\":\"e847e529-d331-45f9-a494-83ee7ce6ab69\"},\"message\":\"Update Syslog Connection\",\"service\":\"kylo\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"clientIP\":\"\",\"source\":\"\"})\n```\n\n**LEEF:**\n```\n2019-08-05 12:39:03 ciphertrust CipherTrust: 2019-08-05 12:39:03 ciphertrust LEEF:2|Thales Group|CipherTrust|Development|Update Syslog Connection|{\"name\":\"Update Syslog Connection\",\"sev\":\"6\",\"details\":\"'Update Syslog Connection' succeeded ({\"createdAt\":\"2019-08-12T06:20:06.926665Z\",\"details\":{\"id\":\"e847e529-d331-45f9-a494-83ee7ce6ab69\"},\"message\":\"Update Syslog Connection\",\"service\":\"kylo\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"clientIP\":\"\",\"source\":\"\"})\n```\n\nThe first time stamp is generated and added by syslog and the second time\nstamp is the time of the actual audit record.\n\nIn a multi-node clustered environment the syslog connections\nconfiguration will be automatically synchronized and each node will be\naware of all syslog servers. The syslog message will be sent from the\ncurrently active node. This means that if an event that results in an\naudit record is performed on node 1 the syslog message will originate\nfrom node 1, in a similar manner if an audit event is performed on node 2\nthe syslog message will in this case originate from node 2.\n\nPlease note that it can take up to 5 minutes before the syslog\nconnections configuration is applied to all nodes in the cluster.\n"},"Cluster":{"description":"A `cluster` is a group of one or more system `nodes` that syncronize their data. A `cluster` is\ninitially created on a single system, which becomes the first node in the cluster. Additional nodes\ncan then be added. The full sequence for creating a two node cluster is:\n\n1. POST `/cluster/new` on the initial node. This creates a one node cluster.\n2. POST `/cluster/csr` on the new node to get a CSR.\n3. POST `/nodes` with the CSR to the member node to get a cert and chain.\n4. POST `/cluster/join` on the new node with the cert and chain to join the node to the cluster.\n\nAdditional nodes can be joined in the same way by repeating steps 2,3 and 4. Note that on some calls a hostame is\nrequired. This must be a hostname or IP address that nodes in the cluster can use to contact each other.\n"},"Cluster Nodes":{"description":"The Cluster Nodes API is used for creating new nodes, getting information about existing nodes, and for deleting nodes. When\ndeleting a node, the DELETE must be send to a node other than the one being deleting. This will cause replication\nto stop to the deleted node, which should be destroyed.\n"},"Backups/Backup-Restore":{"description":"Backups are a snapshot of the data in a system at a point in time. They are created on the system,\nand after creation they can be used to restore the system to a previous state, or to transfer data\nfrom one system to another. When a backup is created, it starts an asynchronous backup operation. The status of\na backup can be checked with a GET request. Backups are encrypted with a `backup key`. They can then\nbe stored externally or transferred to another system. You must transfer the backup key to the target system before\nrestoring an encrypted backup.\n\nFor domain backup-restore, CCKM resources: Projects, Google EKM Endpoints and Cryptospaces are in Tech-Preview.\n"},"Backups/SCP Backup":{"description":"The APIs in this section are used to copy backup to the external servers using Secure Copy Protocol (SCP).\n\nThe following operations can be performed:\n- Get SCP public key\n- Copy backup to remote host machine\n- Get backup SCP status\n\nSupported auth methods for SCP connections are key and password.\nFor the auth method key, the user must download the public key from scp/publickey API and append it to the destination host machine's authorized keys,\nAnd for the auth method password user can provide the destination host machine password.\n\nUser also need to provide host public key for verification, which can be located at \"/etc/ssh/\" at destination host machine.\n"},"Backup Keys":{"description":"A backup key encrypts a backup file. A backup key includes two keys: an AES 256 encryption key and a HMAC SHA-256 signing key.\nA default backup key is created for each system, and additional keys can be created as needed. To\nrestore a backup to a different system, download the backup key used to encrypt the backup,\nand then upload the key to the target system. A password is required to protect the backup key when it is downloaded\nfrom the system.\n"},"Certificate Authority":{"description":"A Certificate Authority (CA) issues and installs digital certificates and\ncertificate signing requests (CSR).\n\nA certificate generally acts as the identity of a server or client and\nthis API can be used to issue server and client certificates in order to\nsetup trusted communication channels to the system. A Certificate\nAuthority acts as the initially trusted shared entity between peers and\ncan issue signed certificates to make it possible for each party to trust\nthe other.\n\nThe system distinguishes between local CAs and external CAs with the\ndifference that a local CA can issue signed certificates as the private\nsigning key is stored inside the system. An external CA does not store\nthe private key and can instead be used as a trusted entity for various\ninterfaces and services inside the system when certificates are issued\nexternally. It is fine to have a mix of both.\n\nDuring initial bootstrapping of a new server a new local `CipherTrust Manager root\nCA` is automatically generated. This CA is later used to issue a server\ncertificate for the interfaces available in the system. An easy way to\ninspect the certificate chain is to view the certificates in your browser\nwhen you connect to the web interface. All interfaces and services will\nby default trust this CA which means that a client certificate issued\nfrom this initial `CipherTrust Manager root CA` will automatically be trusted by\nthe system. If preferred it is possible to create new local CAs and/or\nexternal CAs and instead used them for the internal interfaces and\nservices.\n\nCreating a local CA is a two step process:\n 1. Invoke `Create local CA` which creates a local CA in `pending` state\n and returns a CSR for signing.\n 2. A `pending` local CA can then be activated in two ways:\n - Invoke `Self-sign a local CA` to let the CA sign itself. This is\n typically done for Root CAs.\n - Invoke `Install a local CA` which requires a signed certificate\n based on the CSR from the `pending` CA. This certificate can be\n signed by any other entity such as an external CA or even an other\n local CA.\n\nOnce a local CA exists a signed certificate can be issued in two steps:\n1. Invoke `CSR` to create a CSR and private key. It is also possible to\n create the CSR and the private key using any other software as this API\n is stateless and doesn't store anything in the system.\n2. Invoke `Issue certificate` and provide the CSR, the purpose and the\n duration. A new signed certificate will be returned.\n\nCipherTrust Manager allows to revoke and resume certificates signed by local CA.\nUser can specify a reason to revoke a certificate according to RFC 5280.\nCertificates revoked with `certificateHold` reason will only allow resuming.\n\nCreating an external CA is a single step:\n1. Invoke `Upload external CA` and provide the signed external CA\n certificate.\n"},"Links":{"description":"Links are a way to associate key objects. This implementation is based on the KMIP standard,\nand so there are specific types of Links:\n\n- privateKey\n- publicKey\n- certificate\n- derivationBaseObject\n- derivedKey\n- replacementObject\n- replacedObject\n- parent\n- child\n- previous\n- next\n- pkcs12Password\n- pkcs12Certificate\n\nA link must have a type (one of the above), a source, and a target. For example, if a Link\nhas a source of key1, a target of key2, and a type of `publicKey`, it means that: key2 is the public\nkey associated with key1 (which is presumably a private key). Links are uni-directional, so in the previous\nexample there will be another link of type `privateKey`, with a source of key2, and target of key1.\nIn KMIP calls, links appear as attributes associated with the source object.\n\nFor convenience, links will also appear as a read-only array for objects returned from the Keys API.\n"},"NTP Servers":{"description":"NTP (Network Time Protocol) is used to synchronize time with an external time source.\n\nIf at least one NTP server is added CipherTrust Manager will internally start and run the NTP time daemon `ntpd` to set the\nsystem time. It is recommended to configure more than a single NTP server to ensure the time is correct at all\ntimes. Each time an NTP server is added or removed CipherTrust Manager will automatically referesh the internal NTP daemon to\nuse the new set of NTP servers.\n\nMore information about the recommended number of NTP servers can be found on [ntp.org.](http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers#Section_5.3.3.)\n\nNTP servers in CipherTrust Manager are uniquely identified by the `host`.\n\nPlease note that the NTP server configuration isn't synchronized between servers in a cluster. This means that\nany NTP servers must be added to each individual server in the cluster and it also means that it is possible to\nhave different set of NTP servers in each server.\n"},"Network":{"description":"Tools for testing communications from a CipherTrust Manager system to other\nmachines via tools that emulate ping, netcat (checkport), traceroute and nslookup.\n\nAPIs for managing and retrieving the network interfaces of a CipherTrust Manager\nnode. An interface supports two families: inet (IPv4) and inet6 (IPv6). A\nfamily may be disabled or configured to use either static values or\ndynamic values (e.g. via DHCP). All addresses returned in a response are\nlive values even if the network interface is configured dynamically.\n\nPlease note there is a risk that modifying a network interface remotely\nusing this API may make communication with the node impossible without\nconsole access.\n"},"MKek":{"description":"MKek is Master Key Encryption Key. The Key is common across multiple nodes\nin a cluster and is used as a master key to protect the secrets in a CipherTrust Manager.\nThe interface provides APIs to manage MKek. The following operation can be performed on MKek\n- List MKek : Lists the mkeks.\n- Get MKek : Gets the mkek by ID.\n- Rotate MKek : Rotates the default mkek which creates a new mkek across the nodes in a cluster\nas well as in a non-cluster node.\n"},"HSM Servers":{"description":"HSM (Hardware Security Module) is a physical device for more secure\nmanagement of sensitive data, such as keys, inside CipherTrust Manager. These set\nof APIs allows for dynamic configuration of the HSM servers used.\n\nSupported HSM types are `luna`, `lunatct`, `lunapci`, `aws`, `dpod`, `nshield` and `ibmhpcs`. \n\nBefore you can integrate an HSM with CipherTrust Manager, some configuration\nis needed on the HSM to allow CipherTrust Manager to connect. The necessary values\nare described in the `connInfo` and `initialConfig` schemas. Consult documentation for the particular\nHSM product and version for more information on creating the needed passwords, certificates,\nand string values.\n\nDuring initial setup a `reset` operation is required to perform an\ninitial bootstrap of the CipherTrust Manager using the HSM. This means that all\nexisting data in the system will be wiped and CipherTrust Manager will be stared\nfrom a clean slate.\n\nAfter the initial HSM setup it is possible to add further HSMs for\nhigh-availability (HA). Adding further HSMs doesn't require a reset as\ndata will be synchronized from the other HSMs in the HA group. When the\nsecond HSM is added a HA group will automatically be created and will\nrequire a `restart` operation for all connections to start to use the HA\ngroup. Without the restart all existing connections will use the\ninitially configured HSM and the server won't fully utilize the HA\nfeature.\n\nPlease note that these APIs can have a big impact on the availability of\nCipherTrust Manager and the data inside it. It should be used with great care and\nclear intentions. It is always recommended to take a backup before using\nthese APIs.\n"},"Info":{"description":"These endpoints allow the user to query for some basic information from\nCipherTrust Manager - the name, version and model number, vendor of the platform.\n\nIt is also possible to update the platform name to something that is\nillustrative to the user.\n"},"Disk Encryption":{"description":"For added security, the disk of the CipherTrust Manager system can be fully encrypted.\n\nFollowing are APIs for management of the encryption status of hard disks. It supports\noperations to retrieve the status of the disk and to encrypt the disk at next boot.\n\nThese APIs are only accessible after first boot; if the user desires to encrypt\nthe disk before first boot the cloud-init methods must be used.\n"},"ProtectFile":{"description":"ProtectFile is a file-system level encryption solution that leverages\nthe cryptographic and key management features of the CipherTrust Manager platform\nto protect unstructured data. ProtectFile performs transparent\nencryption - authorized users and processes continue to have read and write access\nto the encrypted data; unauthorized users and processes cannot access the encrypted data.\nProtectFile provides data security with fully automated encryption of unstructured\ndata contained on file servers and network shares. Working together with a CipherTrust Manager\nsystem, ProtectFile combines encryption and access control policies to\nprotect the folders and files residing on servers, and network shares.\n\nWhile handling a file, ProtectFile does not encrypt, modify, or update most\nfile metadata, such as file name, creation time, type, size, ownership, or attributes. Exceptions are-\n- Time stamp. When ProtectFile migrates a folder, each file’s time stamp is updated\nwhen the migration is complete.\n- File size as seen by Backup users. Backup users see the actual size of the encrypted file.\nOther users see the pre-encryption size of the file.\nThe Security Officer administers the policies and ProtectFile keys on the CipherTrust Management\nConsole. CipherTrust Manager pushes the policies and ProtectFile keys to the file server.\nThe file server administrator deploys ProtectFile on\nfile servers and network shares. ProtectFile protects the specified local paths and\nmapped network shares. The file server sends the logs and notifications to CipherTrust Manager.\nThe file user accesses the files from the file server as per the applied access policies.\n"},"ProtectFile/Clients":{"description":"A client represents a ProtectFile client that can be a file server, database server, or any other application server.\nA client profile is required to create a client resource. The client has ipaddress/hostname field to identify a client machine.\nThe creation of a client generates a `sharedSecret` that is required by the client during the registration/bootstrap process.\n\nA client can be linked to multiple rules for encryption of defined paths. The linking of client and rule also requires\na key and an access policy group. The rule needs to be deployed to be effective.\nThe valid operations on a client-rule association are:\n- `Encrypt` : Performs data encryption according to the rule properties.\n- `KeyRotate` : Performs key rotation according to the rule properties and `keyRotationType`.\n- `Decrypt` : Performs data decryption for the specified rule and removes the client-rule association on successful decryption.\n"},"ProtectFile/ClientProfiles":{"description":"A client profile defines the CipherTrust Manager redundancy information, logging criteria for ProtectFile clients, and settings that can be used for several ProtectFile clients. At least one client profile must be defined before a ProtectFile client can be added to the CipherTrust Manager.\n\nA client profile can be configured to:\n- Enable redirection of access logs from a ProtectFile client to a configured Syslog server.\n- Protect sensitive data from a rogue “root” user.\n- Use failover for ProtectFile.\n"},"ProtectFile/AccessPolicies":{"description":"Access Policies define the access restrictions applied on an `encrypted` or `non-encrypted` path.\nThe accesspolicy can be created for the `user`, `group`, `process` or a combination of `user-process` and `group-process`.\n`user-group` is not a valid combination.\nFollowing are the valid access permissions:\n- `NoAccess`: No Access to user/group/process\n- `EncryptDecrypt`: Encrypt and Decrypt permission\n- `Decrypt`: only Decrypt permission\n- `Encrypt`: only Encrypt permission\n- `BackupRestore`: Read and Write permission, but in cipher text\n- `Backup`: Read permission, but in cipher text\n\nThe types defined for access policy are:\n- `user`\n- `group`\n- `process`\n- `user AND process`\n- `group AND process`\n"},"ProtectFile/AccessPolicyGroups":{"description":"Access Policy Group is a logical grouping of multiple access policies. The policy group can be applied to a client instead of\nindividual access policies. The policies can be of different types - `user`, `group`, `user AND process`, etc.\n"},"ProtectFile/Rules":{"description":"Rule defines the a path, properties, and configuration for encryption and access control. Two types of rules are:\n1. Rules with the `encryptData` flag set to true support encryption of data with access control.\n2. Rules with the `encryptData` flag set to false only support access control, not the encryption.\n\nThe fields for extensions can be used to include or exclude files of specific extension(s) to be encrypted and access controlled.\nA single rule can be associated with multiple clients.\n"},"ProtectFile/Shares":{"description":"A share represents a shared path of Network-attached storage. The type of share can be 'SMB/CIFS' or 'NFS'.\nThe share can be created using ip-address or hostname of NAS device.\nA bootstrapped client is required to perform encryption of existing data, this client is known as the `encryptorClient`.\n\nIf Distributed File System (DFS) is used to organize many distributed SMB file shares, it can be enabled using `dfs` flag\nand name can be provided using `dfsAlias`. This is applicable for SMB share with Windows as `encryptorClient`.\n\nThe `automount` flag can be used for Autofs feature of Linux to mount the encrypted share automatically on user’s demand.\nThis feature is applicable for `NFS` share type with Linux client as `encryptorClient`.\n\nA share can be linked to multiple rules for encryption of defined paths. The linking of share and rule also requires\na key and an access policy group. The rule needs to be deployed to be effective.\nThe valid operations on a share-rule association are:\n- `Encrypt` : Performs data encryption according to the rule properties.\n- `KeyRotate` : Performs key rotation according to the rule properties and `keyRotationType`.\n- `Decrypt` : Performs data decryption for the specified rule and removes the client-rule association on successful decryption.\n"},"ProtectFile/Clusters":{"description":"Cluster groups together multiple ProtectFile clients to enable application of same policies.\n"},"Migrations":{"description":"This API can be used for migrating backups taken on 'KeySecure Classic' or 'DSM' (Data Security Manager) devices onto the newer CipherTrust Manager devices.\nThe backup file should be uploaded before migration.\nThe uploaded backup files can be listed and deleted.\nThe migration is performed asynchronously. The state of the ongoing migration can be monitored.\nA 'KeySecure Classic' backup file is protected by a password, and the password is specified when migrating the backup file.\nA 'DSM' backup file is protected by a 'Migration Split Key'. The 'Migration Split Keys' API should be used\nfor uploading these keys. These keys must be uploaded before the backup is migrated.\n"},"Alarms":{"description":"The alarms API displays the state of CipherTrust Manager alarms. Each alarm has a unique name. Examples of alarm state\nare on, off, unknown, etc. Each alarm has a severity, which are listed below.\n"},"ProtectV":{"description":"**Deprecated**: ProtectV is a virtual machine encryption solution that leverages\nthe cryptographic and key management features of the CipherTrust Manager platform\nto protect virtual machines in various cloud platforms.\n"},"CDP":{"description":"The CDP APIs can be used for adding and updating database migration information for CipherTrust Database Protection(CDP) clients.\n"},"SNMP":{"description":"This API can be used for configuring SNMP management stations (notification receivers), Community names and\nSNMPv3 USM users for managing and monitoring the CipherTrust Manager using SNMP protocol.\nSNMP versions v1, v2c and v3 are supported.\n\nSNMP interface is not started by default. It can be started from 'Settings | Interfaces' GUI, API or CLI.\nIt must be started before using this API.\n"},"CTE":{"description":"CipherTrust Transparent Encryption (CTE) delivers data-at-rest encryption with centralized key management, privileged user access control, and detailed data access audit logging. This protects data wherever it resides—on-premises, across multiple clouds, and within big data.\n\nCTE:\n - Encrypts files and raw data\n - Controls which users can decrypt and access that data\n - Controls which processes and executables can decrypt and encrypt that data\n - Generates fine-grained audit trails on those processes, executables, and users\n"},"CTE/Clients":{"description":"A client is a computer system where the data needs to be protected. A compatible CTE Agent software is installed on the client. The CTE Agent can protect data on the client or devices connected to it. A client can be associated with multiple GuardPoints for encryption of various paths.\n\n*OPERATIONS* *On* *Client*:\n\n UnEnroll:\n\n - A CTE client with Active LDT GuardPoints cannot be unenrolled (unregistered).\n\n - After unenrolling, the client's GuardPoints will still be displayed on the CipherTrust Manager. However, their status will be displayed as Unknown.\n\n - The status of the client capabilities, for example, LDT and ESG, will not change on the CipherTrust Manager. They will be displayed the same as they were before unenrolling the client.\n\n - The associated client under the Client-Management section is deleted after unenrolling. If the client is not deleted automatically, you can delete it manually.\n\n - The status of the unenrolled client will be displayed as Unregistered on the CipherTrust Manager.\n\n Delete:\n\n - Waits for the confirmation from the Agent before deleting anything on the CTE client.\n\n - Deletes all entries, capabilities, and GuardPoints associated with the client.\n\n - Deletes the associated client from the Client-Management section of the API playground.\n\n*STATES* *Of* *Client*:\n\n 1. Healthy: Client is registered with the CipherTrust Manager without any errors, that is, `init` is received from Agent without any issues. The client's status on the CipherTrust Manager is displayed as HEALTHY.\n\n 2. Warning: Client's communication is broken with the CipherTrust Manager or a GuardPoint is inactive due to any reasons. The client's status on the CipherTrust Manager is displayed as WARNING.\n\n 3. Error: Client's communication is broken with the CipherTrust Manager for more than five minutes. The client's status on the CipherTrust Manager is displayed as ERROR.\n\n 4. Unregistered: Client is unenrolled from the CipherTrust Manager. The client's status on the CipherTrust Manager is displayed as UNREGISTERED.\n\n 5. Expunged: Client's delete operation is triggered, but its confirmation is not yet received from the Agent. The client's status on the CipherTrust Manager is displayed as EXPUNGED.\n"},"CTE/Clients-GuardPoints":{"description":"A GuardPoint specifies the list of folders that contains paths to be protected. Access to files and encryption of files under the GuardPoint is controlled by security policies. GuardPoints created on a client group are applied to all clients in the group.\n\nA user can apply guardpoint on specific path on a selected file server. It can be either on a directory, or on a raw device, it can be a applied on a cloud storage, and all these options will be driven by the \"guard_point_type\" parameter.\n\nAfter creating a guardpoint user can perform various operations on it. One of them is **delete** operation, which removes the guardpoint configuration from client and server both. Another one is **disable**; which unlike the delete operation, only removes the configuration of guardpoint from agent, whereas its entry will still be available on server for future purposes.\n\nSpecific Guardpoints Details:\n\n Feature | Supported OS | Supported Policies\n --- | --- | ---\n Preserve Sparse Region | Windows, Linux | Live-Data Transformation (LDT)\n Secure Start | Windows | Standard policy and Live-Data Transformation (LDT)\n CIFS | Windows | Live-Data Transformation (LDT)\n\n\n\n\nSample for creating GP with *Preserve* *Sparse* *Region* Enabled:\n\n {\n \"guard_paths\": [\n \n ],\n \"guard_point_params\": {\n \"guard_point_type\": \"directory_auto/directory_manual\",\n \"policy_id\": ,\n \"preserve_sparse_regions\": true/false\n }\n }\n\n Note: \"preserve_sparse_region\" value cannot change to True once marked False for a Guardpoint.\n\n\nSample for creating GP with *Secure* *Start* Enabled:\n\n {\n \"guard_paths\": [\n \n ],\n \"guard_point_params\": {\n \"guard_point_type\": \"directory_auto/rawdevice_auto\",\n \"policy_id\": ,\n \"early_access\": true/false\n }\n }\n\n\nSample for creating GP with *CIFS* Enabled:\n\n {\n \"guard_paths\": [\n \n ],\n \"guard_point_params\": {\n \"guard_point_type\": \"directory_auto\",\n \"policy_id\": ,\n \"cifs_enabled\": True/False,\n \"network_share_credentials_id\": (Applicable if 'cifs_enabled' parameter is TRUE)\n }\n }\n"},"CTE/ClientGroups":{"description":"A client group is used to group one or more clients to simplify configuration and administration. GuardPoints created on a client group are applied to all members of the group. Additionally, you can apply client group configuration settings (except the password, Agent Lock, System Lock, and Communication Enabled settings) to all clients in a client group.\nCTE supports non-clustered client groups. A non-clustered client group contains members that are not members of a cluster. A client can be a member of multiple client groups.\n"},"CTE/ClientGroups-GuardPoints":{"description":"A GuardPoint specifies the list of folders that contains paths to be protected. Access to files and encryption of files under the GuardPoint is controlled by security policies. GuardPoints created on a client group are applied to all members of the group.\n"},"CTE/CloudObjectStorage":{"description":"CTE can encrypt data and apply access rules on the GuardPoints in the cloud. CTE supports Amazon S3 buckets.\n"},"CTE/Policies":{"description":"A policy is a collection of rules that govern data access and encryption. Think of a policy as an if-then statement. Policy rules are processed sequentially. If the criteria of rule one are not met, the policy enforcement engine moves on to the second rule and so on.\n\nPolicies specify:\n- Actors: Users, groups, and processes that are permitted/denied access to protected data.\n- Actions: What actions authorized actors are allowed to perform. For example create/delete, read/write, decrypt, modify permissions, and so on.\n- Files acted upon: Policy rules may apply to entire directories and mount points, or only to files named in a specific way (for example,.docx files may be encrypted and restricted to read‐only access by designated users, while other files may be stored clear and read and written by anyone).\n\n**Note:** All keys which are applicable to be used in CTE policies need to have certain CTE specific parameters under the Key meta section. Refer **Keys** section for complete details\n\n**Types** **of** **Policies**:\n\n STANDARD POLICY:\n A STANDARD policy should contain security rules and/or key rules. At least one of these rules must be added to the standard policy.The security rules define the access permissions based on the policy elements (user sets, resource set, and process sets). The key rules define what key is used for encryption and decryption of data.\n\n LIVE DATA TRANSFORMATION(LDT) POLICY:\n An LDT policy should contain at least one non-exclusion key rule. The security rules define the access permissions based on the policy elements (user sets, resource set, and process sets).An LDT policy has two sets of keys, one is the current key and the other is transformation key.\n\n - Current key: The key with which the data is encrypted before any transformation. If the data is in plaintext, then the current key should be set as \"clear_key\".\n\n - Transformation key: The key with which the data is to be encrypted. This key must be VERSIONED so that multiple key versions can be created as and when required.\n\n CLOUD OBJECT STORAGE(COS) POLICY:\n A COS policy should contain security rules and/or key rules. At least one of these rules must be added to the COS policy.The security rules define the access permissions based on the policy elements (user sets, resource set, and process sets). The key rules define what key is used for encryption and decryption of data.\n\n *NOTE*: COS policies support the \"CBC_CS1\" keys only.\n\n In-PLACE DATA TRANSFORMATION(IDT) POLICY:\n An IDT policy should contain security rules and/or key rules. At least one of these rules must be added to the standard policy.The security rules define the access permissions based on the policy elements (user sets, resource set, and process sets). The key rules define what key is used for encryption and decryption of data.\n\n *NOTE*: IDT policies support the \"XTS\" keys only.\n\n CONTAINER STORAGE INTERFACE(CSI) POLICY:\n A CSI policy applicable to GuardPolicies for CTE Kubernetes (K8s) clients. Access to data is blocked during initial encryption or rekeying of data. This policy is similar to the Standard policy with the following limitations:\n * Signature sets are not supported.\n\n *NOTE*: For Container Storage Interface (CSI) policies, select a CBC-CS1 key. CSI policies do not support XTS and CBC keys.\n"},"CTE/Policies-DataTxRules":{"description":"Data transformation (dataxform) rules define:\n- Resources to be protected\n- Symmetric encryption key to use for\n - Rekeying the specified resources from one encryption key to a different key or\n - Rekeying resources into a plaintext format (also referred to as clear, unencrypted, or decrypted)\n"},"CTE/Policies-KeyRules":{"description":"A key rule defines the encryption key to apply to a specific resource set or the encryption key to use as the\ndefault key, if no other key rule matches. The key rule defines the sequence in which the key rules are to be\nexecuted (Order), the location of the data to be encrypted (Resource), and the encryption key to be applied to\nthe resource set (Key).\n\nWhen defining a key rule for an LDT policy, you can select a key that is applied to the resource set (Current Key\nName) and the key to use to rekey that resource set (Transformation Key Name).\n"},"CTE/Policies-LDTRules":{"description":"Live data transformation rules define:\nResources to be protected.\n\nSymmetric encryption key to use for:\n - Rekeying the specified resources from one encryption key to a different key.\n - Rekeying resources into a plaintext format (also referred to as clear, unencrypted, or decrypted).\n"},"CTE/Policies-IDTRules":{"description":"In-Place data transformation rules define:\n\nSymmetric encryption key to use for:\n - Rekeying the specified resources on a raw device from one encryption key to a different key.\n"},"CTE/Policies-SecurityRules":{"description":"A security rule defines who can access the data (User or Group), what they can do with the data (Action), which\napplications or executables have access to the data (Process), where the data is located (Resource), how the\ndata can be accessed (Effect), and whether it can be viewed from the CipherTrust Manager (Browsing).\n"},"CTE/Profiles":{"description":"A profile contains the CipherTrust Manager logging criteria for CTE clients, Syslog server configuration, default logging level, LDT Quality of Service (QoS) settings, and other settings that can be used for several CTE clients. A default profile, DefaultClientProfile, is created automatically when either of the following happens:\n\n- On successful registration of the first client if no profile is specified during registration.\n- On creation of the first client group. A new client group is automatically linked to DefaultClientProfile.\n\nWhen registering a CTE client, the installer prompts to specify a profile for the client. If not specified, DefaultClientProfile is automatically linked to the client on successful registration. The linked profile can be modified later. It is recommended to not delete or modify DefaultClientProfile.\n"},"CTE/ProcessSets":{"description":"A process set is a collection of processes (executables) that you want to grant or deny access to GuardPoints. This provides a way to manage processes independent of the policy. Policies can be applied to process sets, not to individual processes.\nOptionally, file signing can be configured to check the authenticity and integrity of executables and applications before they are allowed to access GuardPoint data. A signature set must already exist before you can configure file signing in a policy for a process set.\n"},"CTE/ResourceSets":{"description":"A resource is a combination of a directory, a file, and patterns or special variables. A resource set is a named\ncollection of directories, files, or both, that a user or process will be permitted or denied access to.\n"},"CTE/ResourceSets-Tags":{"description":"Provides the details of a CTE ResourceSet Tag.\n"},"CTE/SignatureSets":{"description":"A signature set is a collection of hashes of processes and executables that you want to grant or deny access to GuardPoints. A signature set can be configured in a policy as part of a process set to verify the integrity of a process before it is allowed access to guarded data. Policies are applied to signature sets, not to individual signatures.\n\n**Note:**\n- K8 resources supported are: Pods, Deployment, ReplicaSet, StatefulSets, DaemonSet\n- Following is the sample YAML file for testing /v1/transparent-encryption/signaturesets/{signatureSetId}/upload-yaml API:\n```\napiVersion: apps/v1\nkind: ReplicaSet\nmetadata:\n name: frontend\n labels:\n app: guestbook\n tier: frontend\nspec:\n replicas: 3\n selector:\n matchLabels:\n tier: frontend\n template:\n metadata:\n labels:\n tier: frontend\n spec:\n containers:\n - name: php-redis\n image: gcr.io/google_samples/gb-frontend:v3\n```\n"},"CTE/UserSets":{"description":"A user set is a collection of users and user groups that you want to grant or deny access to GuardPoints. User sets are configured in policies. Policies can be applied to user sets, not to individual users.\n"},"CTE/LDTGroupCommServices":{"description":"An LDT group communication service contains a group of LDT-enabled CTE clients that can communicate with each other. An LDT group communication service is mandatory when using a multi-node solution for LDT over NFS/CIFS. The CipherTrust Manager pushes the LDT group details to all clients in the group.\n\n**Note:**\n\n- The LDT group communication services are applicable to the LDT-enabled CTE clients.\n- A client can be added to only one LDT group communication service at a time.\n- For successful communication among clients in an LDT group communication service, make sure that clients are registered with the CipherTrust Manager using their hostnames or IP addresses.\n\n**WARNING:** All the clients guarding a common share must be part of the same LDT group communication service, otherwise, data may be corrupted. If you need to change the LDT group of a client, ensure that the client no longer guards the common share.\n\nFor example, if 10 clients will be guarding a common share, add all of them to the same LDT group communication service only. To change the LDT group communication service of one of these clients, ensure that the client no longer guards the share. However, to change the LDT group of all 10 clients, it is recommended to take the GuardPoint offline, change the LDT group, and reapply the GuardPoint.\n"},"CTE/CSIStorageGroups":{"description":"This section contains APIs for managing Storage Group resources related to Kubernetes Container Storage Interface (CSI).\n"},"CTE/Permissions":{"description":"This API is used to display the list of permissions for all the CTE resources, for example, Clients, Policies, Signatures and GuardPoints etc. Most of the resources require read, update, and delete permissions. Example of the permissions required by clients and policies resources are given below:\n\nResource Type | Actions | Description\n---------------- | ------------------| -----------\nclients | ReadClientCTE | Permission to read the CTE clients.\nclients | UpdateClientCTE | Permission to update the CTE clients.\nclients | DeleteClientCTE | Permission to delete the CTE clients.\npolicies | ReadPolicyCTE | Permission to read the CTE policies.\npolicies | UpdatePolicyCTE | Permission to update the CTE policies.\npolicies | DeletePolicyCTE | Permission to delete the CTE policies.\n"},"CTE/Reports":{"description":"This section contains APIs for fetching CTE reports. A report contains informaton related to association of CTE clients, policies, keys, guardpoints and profiles.\nReports can be fetched system wide or domain specific.\n\nFor fetching system wide reports user must be member of either `admin` or `CTE Admins` group and for domain specific report `domain_name` filter param is required.\n\nFor example assuming below as CipherTrust Manager domain hierarchy, fetching system wide report will return reports from `root, domain1 and domain1_child` domains.\n\nroot |\n--------------|\ndomain1 |\ndomain1_child |\n**Top to down domain hierarchy**\n\nSample output of client health system wide report:\n\n {\n \"skip\": 0,\n\t \"limit\": 10,\n\t \"total\": 3,\n\t \"resources\": [\n\t\t {\n\t\t\t \"domain_name\": \"domain1\",\n\t\t\t \"client_name\": \"client_domain1\",\n\t\t\t \"os_type\": \"UNKNOWN\",\n\t\t\t \"os_sub_type\": \"\",\n\t\t\t \"os_kernel\": \"\",\n\t\t\t \"client_version\": \"\",\n\t\t\t \"status\": \"UNREGISTERED\",\n\t\t\t \"total_gp\": 0,\n\t\t\t \"enabled_gp\": 0\n\t\t },\n\t\t {\n\t\t\t \"domain_name\": \"domain1_child\",\n\t\t\t \"client_name\": \"client_domain1_child\",\n\t\t\t \"os_type\": \"UNKNOWN\",\n\t\t\t \"os_sub_type\": \"\",\n\t\t\t \"os_kernel\": \"\",\n\t\t\t \"client_version\": \"\",\n\t\t\t \"status\": \"UNREGISTERED\",\n\t\t\t \"total_gp\": 0,\n\t\t\t \"enabled_gp\": 0\n\t\t },\n\t\t {\n\t\t\t \"domain_name\": \"root\",\n\t\t\t \"client_name\": \"client_root\",\n\t\t\t \"os_type\": \"UNKNOWN\",\n\t\t\t \"os_sub_type\": \"\",\n\t\t\t \"os_kernel\": \"\",\n\t\t\t \"client_version\": \"\",\n\t\t\t \"status\": \"UNREGISTERED\",\n\t\t\t \"total_gp\": 1,\n\t\t\t \"enabled_gp\": 1\n\t\t }\n\t ]\n }\n"},"Domains":{"description":"Domains isolate resources. For example resources like keys are isolated to a single domain and cannot be accessed across domains.\nEvery system has a root domain by default. Additional child domains can be created.\n\nWhen a domain is created an administrator can define which system users are administrators of that domain.\nDomain administrators can explicitly add or remove system users to / from the domain or create group maps to implicitly include system users in the domain.\n"},"Scheduler":{"description":"Used for scheduling CCKM synchronization, key rotation and database backup jobs.\n\n**Time Specification**\n\nThe time that a job runs is described in the run_at parameter using the cron expression format : \"* * * * *\". These five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\n\nThe following table lists the accepted values:\n\nField Name | Mandatory? | Allowed Values | Allowed special characters\n ----------- | ------------ | ----------------- | ----------------------------\nMinute | Yes | 0-59 | * / , -\nHour | Yes | 0-23 | * / , -\nDay of month | Yes | 1-31 | * / , - ?\nMonth | Yes | 1-12 or JAN-DEC | * / , -\nDay of week | Yes | 0-6 or SUN-SAT | * / , - ?\n\n\n- Month and Day of week field values are case insensitive. For example, \"SUN\", \"Sun\", and \"sun\" are equally accepted.\n\n- Asterisk ( * ) The asterisk indicates that the cron expression will match for all values of the field; e.g., using an asterisk in the 5th field (month) would indicate every month.\n\n- Slash ( / ) Slashes are used to describe increments of ranges. For example 3-59/15 in the 1st field (minutes) would indicate the 3rd minute of the hour and every 15 minutes thereafter.\n\n- Comma ( , ) Commas are used to separate items of a list. For example, using \"MON,WED,FRI\" in the 5th field (day of week) would mean Mondays, Wednesdays and Fridays.\n\n- Hyphen ( - ) Hyphens are used to define ranges. For example, 9-17 would indicate every hour between 9am and 5pm inclusive, MON-WED would indicate Monday through Wednesday, JAN-JUN would indicate every month from January through June.\n\n- Question mark ( ? ) Question mark can be used instead of (\\*) for leaving either day-of-month or day-of-week blank. ( ? ) means no specific value. For example, to run the job every 10th day of the month and not limit the job to a particular day of the week: '\\* \\* 10 \\* ?'.\n"},"Notifications":{"description":"Notifications are sent whenever an alarm is triggered. For example, if an alarm is triggered because an audit record matches a record based alarm configuration then an email notification is sent to every registered email address.\n\nLimitation: only record based alarms send notifications. Built-in alarms, such as `Disk Full`, will not issue notifications.\n\nNote: notifications via email require configuring an SMTP server.\n"},"SMTP Servers":{"description":"An SMTP server must be configured in order to send notifications via email.\nNote: only a single SMTP server is supported.\n"},"Logs":{"description":"These endpoints perform system logs related operations. They provide APIs for downloading logs and changing logs level.\nThere are two types of logs, debug logs and activity logs (further divided into\nNAE activity logs, KMIP activity logs, and web activity logs).\n\nEach type of log file can be downloaded separately, or they can be all downloaded together. Both the current and rotated\nlogs are included. Download returns a gzipped tar file containing log files, certificate and digital signature. An optional\nparameter (ca_id) can be provided for signing the downloaded log files. If ca_id is not provided, the default local CA,\ni.e., CipherTrust Manager Root CA, signs the downloaded log files.\n\nDownloaded files are placed in a diretory, and the name of the directory is __logs.\n"},"BDT":{"description":"The Batch Data Transformation utility (BDT) provides a policy-based data tranformation and re-key service.\n"},"BDT/Protection Profiles":{"description":"A protection profile is an object that contains all the information needed\nto perform a cryptographic operation.\n"},"BDT/Character Sets":{"description":"A character set is used with format preserving algorithms. For example when\nencrypting a credit card number a user will want the encrypted data to only\ncontain numbers. The default character sets are \"All Digits\" and \"Alphanumeric\"\nbut a user can choose to create a custom character set by specifying\nthe range of the characters used.\n"},"BDT/Containers":{"description":"A container can be either a database or a CSV file. It has all the information\nneeded to access and connect to it (file path, database credentials).\n"},"BDT/Policies":{"description":"A BDT policy contains all the information required to perform a batch operation.\nIt is composed of a source, a destination and the protection profiles\nassigned to each column.\n"},"Data Protection":{"description":"Data protection is a centralized place for all App and Database encryption\nconfiguration. The configuration contains elements such as the key or algorithm\nused for an encryption operation. It can be accessed by multiple products from\nthe CipherTrust Manager platform. This allows a user to use a one product to encrypt\ndata and another product to decrypt it using the same configuration.\n"},"Data Protection/Character Sets":{"description":"A character set is used with format preserving algorithms. For example when\nencrypting a credit card number a user will want the encrypted data to only\ncontain numbers. The default character sets are \"All Digits\" and \"Alphanumeric\"\nbut a user can choose to create a custom character set by specifying\nthe range of the characters used.\n\nNote: The character sets are also used in the BDT API.\n"},"Data Protection/Protection Policies":{"description":"A protection policy is an object that contains all the information needed\nto perform a cryptographic operation.\n"},"Data Protection/DPG Policies":{"description":"Data Protection Gateway (DPG) protects sensitive data which is transmitted over REST in a JSON\npayload based on the configuration defined in its configuration file.\n\nA DPG policy governs the behavior of DPG execution. It contains a set of URLs tied with encryption parameters.\n"},"Connection Manager":{"description":"The Connection Manager can be used to manage connections with third party servers and services such as AWS, Azure, Salesforce, Google CLoud Platform (GCP) Cloud or Luna SA HSM.\nThese connections allow CipherTrust Manager connectors to access resources needed for cryptographic, key management, or data discovery and classification tasks.\n\nNote that Connection Manager does not include external services which authenticate CipherTrust Manager users. Those services\nare managed through the usermgmt/connections endpoints on the Connections section.\n\nThe APIs in this section are common to all types of connections, and can be used to perform the following operations:\n- List/Search connections\n- Delete connections\n\nThe APIs for a specific connection type are not presented here. Check for them in the section associated with that specific connection type.\n"},"Connection Manager/AWS Connections":{"description":"The APIs in this section deal with connections to the AWS cloud. The following operations can be performed:\n- Create/Delete/Get/Update an AWS connection\n- List all AWS connections\n- Test an existing AWS connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/Azure Connections":{"description":"The APIs in this section deal with connections to the Azure cloud. The following operations can be performed:\n- Create/Delete/Get/Update an Azure connection\n- List all Azure connections\n- Test an existing Azure connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/Google Connections":{"description":"The APIs in this section deal with connections to the Google Cloud Platform (GCP) cloud. Currently only service account credentials type is supported.\nThe following operations can be performed:\n- Create/Delete/Get/Update a GCP connection\n- List all GCP connections\n- Test an existing GCP connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/Hadoop Connections":{"description":"The APIs in this section deal with connections to the Hadoop servers. The type of Hadoop connections currently supported is Knox.\nThe following operations can be performed:\n- Create/Delete/Get/Update a Hadoop connection\n- List all Hadoop connections\n- Test an existing Hadoop connection\n- List all the nodes in an existing Hadoop connection\n- Add/Delete/Get/Update a node in an existing Hadoop connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/Luna Network HSM Servers":{"description":"The APIs in this section deal with Luna Network HSM Servers. These servers will be used when creating a connection\nof a Luna Network HSM type. These APIs, currently, support CipherTrust Cloud Key Manager (CCKM) as a product.\nThe following operations can be performed:\n- Create/Delete/Get a Luna Network HSM Server\n- List all Luna Network HSM Servers\n"},"Connection Manager/Luna Network HSM Connections":{"description":"The APIs in this section deal with connections to the Luna Network HSM. A Luna Network HSM connection could be an\nHA or non-HA. HA stands for High Availability which means there will be more than one paritions to ensure\navailability and load balancing. A non-HA connection is a connection to a single partition of an HSM Server.\nAn HA connection is a connection to multiple partitions of one or more HSM Servers.\nThe following operations can be performed:\n- Create/Delete/Get/Update a Luna Network HSM connection\n- List all Luna Network HSM connections\n- Test an existing Luna Network HSM connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/SMB Connections":{"description":"The APIs in this section deal with connections to file shares using the Server Message Block (SMB) protocol.\nThe share's path (share-name) is not stored as part of connection. The path needs to be passed as parameter\nto the test connection APIs.\n\nThe following operations can be performed:\n- Create/Delete/Get/Update a SMB connection\n- List all SMB connections\n- Test an existing SMB connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n\nNote: Common Internet File Share (CIFS) is a dialect of Server Message Block (SMB).\n"},"Connection Manager/DSM Connections":{"description":"The APIs in this section deal with connections to the DSM Key Manager.\nThe following operations can be performed:\n- Create/Delete/Get/Update a DSM connection\n- List all DSM connections\n- Test an existing DSM connection\n- List all the nodes in an existing DSM connection\n- Add/Delete/Get/Update a node in an existing DSM connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n"},"Connection Manager/SCP Connections":{"description":"The APIs in this section deal with connections used to copy files like system backup to the external servers using\nSecure Copy Protocol (SCP).\n\nThe following operations can be performed:\n- Create/Delete/Get/Update a SCP connection\n- List all SCP connections\n- Test an existing SCP connection\n- Test a connection that hasn't been created yet by passing in the connection parameters\n\nSupported auth methods for SCP connections are key and password. For auth method key,\nthe user must download the public key from scp/publickey API and upload it to the destination host machine's authorized keys,\nAnd for auth method password user can provide the destination host machine password.\n\nUser also need to provide host public key for verification, which can be located at \"/etc/ssh/\" at destination host machine.\n"},"Connection Manager/Salesforce Connections":{"description":"The APIs in this section deal with connections to the Salesforce cloud. The following operations can be performed:\n- Create/Delete/Get/Update a Salesforce connection\n- List all Salesforce connections\n- Test an existing Salesforce connection\n- Test a connection that hasn't been created yet by passing in the connection parameters.\n\nThere are two authentication methods supported.\n- Client Credentials: This method uses client secret and password along with the username and client id\nto authenticate the user.\n- Server Certificate: This method uses certificate along with username and client id. On creating a connection\nwhich uses certificate auth, the CipherTrust Manager creates a certificate and returns it. The certificate needs to\nbe uploaded on the salesforce server, for the authentication to work.\n"},"Connection Manager/SAP Data Custodian Connections":{"description":"The APIs in this section deal with SAP Data Custodian connections. The following operations can be performed:\n- Create/Delete/Get/Update a SAP Data Custodian connection for standard or technical user\n- List all SAP Data Custodian connections\n- Test an existing SAP Data Custodian connection\n- Test a SAP Data Custodian connection that hasn't been created yet by passing in the connection parameters\n\nProvide Standard User Credentials, which includes tenant, user and secret, for the authentication.\n\nProvide Technical User Credentials, which includes api key and secret, for the authentication.\nFor technical user, create connection activates the technical user and stores the updated secret which will be used\nfor testing the connection further.\nFor testing the connection without creating a connection first for technical user, activated secret has to be provided.\nAs activation only happens while creating the sap data custodian connection.\n"},"Connection Manager/Oracle Connections":{"description":"The APIs in this section deal with Oracle Cloud Infrastructure connections. The following operations can be performed:\n- Create/Delete/Get/Update an OCI connection\n- List all OCI connections\n- Test an existing OCI connection\n- Test the OCI connection parameters before establishing the connection\n\nThe user_ocid, tenancy_ocid, fingerprint, region, key_file are the mandatory parameters for OCI connection. The pass_pharse parameter is optional.\n"},"Connection Manager/OIDC Connections":{"description":"The APIs in this section deal with Connections to an Identity Provider(IdP) which support OIDC specifications. The following operations can be performed:\n- Create/Get/Update an OIDC connection\n- List all OIDC connections\n- Delete API which prevents deletion of an in-use connection. In order to delete an in-use connection, the force flag has to be set.\n\nThe client_id, client_secret and url are the mandatory parameters for OIDC connection. A SHA256 checksum value will also be sent in create and update API response which will be generated using client_secret and url.\n"},"Connection Manager/LDAP Connections":{"description":"The APIs in this section deal with Connections to an Identity Provider(IdP) which support LDAP specifications. The following operations can be performed:\n- Create/Get/Update/Delete an LDAP connection\n- List all LDAP connections\n- Test an existing LDAP connection\n- Test the LDAP connection parameters before establishing the connection\n\nThe server_url, base_dn and user_login_attribute are the mandatory parameters for LDAP connection.\n"},"Connection Manager/Elasticsearch Connections":{"description":"The APIs in this section deal with Elasticsearch log forwarder. The following operations can be performed:\n- Create/Delete/Get/Update an Elasticsearch connection\n- List all Elasticsearch connections\n- Test an existing Elasticsearch connection\n- Test the Elasticsearch connection parameters before establishing the connection\n\nThe host and port are the mandatory parameters respective to Elasticsearch connection.\n"},"Connection Manager/Loki Connections":{"description":"The APIs in this section deal with Loki log forwarder. The following operations can be performed:\n- Create/Delete/Get/Update a Loki connection\n- List all Loki connections\n- Test an existing Loki connection\n- Test the Loki connection parameters before establishing the connection\n\nThe host and port are the mandatory parameters respective to Loki connection.\n"},"Connection Manager/Syslog Connections":{"description":"The APIs in this section deal with Syslog log forwarder. The following operations can be performed:\n- Create/Delete/Get/Update a Syslog connection\n- List all Syslog connections\n- Test an existing Syslog connection\n- Test the Syslog connection parameters before establishing the connection\n\nThe host, port, and transport are the mandatory parameters respective to Syslog connection.\n\nNote - Test connection for UDP protocol is not supported.\n"},"Connection Manager/CSR Creation":{"description":"The API in this section creates a Certificate Signing Request (CSR) that can be used in a connection (eg: Azure, Salesforce) in CipherTrust Manager.\n\nThe corresponding private key is stored securely on the CipherTrust Manager. The user can get the CSR signed using the external PKI. \nIf the private key remains unused by a connection after 24 hours of creation, it gets deleted automatically.\n"},"CCKM":{"description":"CipherTrust Cloud Key Manager (CCKM) centralizes the management of key life cycle for various cloud services providers.\n\nCCKM complies with data security mandates in cloud storage environments while retaining the custodianship of the encryption keys.\nEnterprises can back up keys on-premise, destroy keys when no longer needed, and manage the entire life cycle of the cloud keys.\n"},"CCKM/AWS Custom Key Stores":{"description":"CCKM provides APIs for integrating Custom Key Stores proxy service for Amazon Web Services. \nCustom Key Stores include External Key Store (XKS) and CloudHSM Key Store.\n\nCustom Key Store of type `AWS_CLOUDHSM` would have keys backed by CloudHSM cluster in AWS.\nCustom Key Store of type `EXTERNAL_KEY_STORE` could have keys from Luna HSM or CipherTrust Manager.\n\nUse the APIs in this section to perform following operations:\n1. Operations common to both key store types: \n - Create, list, get, update and delete custom key stores.\n - Connect and disconnect to a custom key stores.\n - Synchronizes AWS custom key stores, get status of synchronization job, cancel a synchronization job.\n\n2. Operations exclusive to external key store: \n - Block and unblock access.\n - Rotate credential.\n - List and get credentials.\n - Link local external key store with AWS.\n\n3. Operations exclusive to CloudhSM key store: \n - Get list of unused CloudHSM clusters (that are not already associated with a CloudHSM key store).\n\n4. Operations exclusive to HYOK keys:\n - Create an AWS HYOK key in a external key store.\n - Create, list, and get virtual keys and their versions.\n - Link an unlinked HYOK key.\n - List versions of an AWS HYOK key.\n - Block and unblock HYOK key access.\n\n5. Operations exclusive to CloudHSM keys:\n - Create key in a CloudHSM key store.\n"},"CCKM/AWSKeys":{"description":"CCKM provides the key management and storage for Amazon Web Services.\n\nUse the APIs in this section to:\n- Perform tasks such as creating, deleting, and uploading keys on AWS.\n- Synchronize AWS keys.\n- Update key parameters such as add-alias, add-tags, and description.\n- Schedule key rotation.\n"},"CCKM/AzureKeys":{"description":"CCKM provides the key management and storage for Microsoft Azure.\n\nUse the APIs in this section to:\n- Perform tasks such as creating, deleting, uploading, and restoring keys on Azure.\n- Synchronize Azure keys.\n- Update key parameters such as attributes and key_ops.\n- Schedule key rotation.\n"},"CCKM/AWSKms":{"description":"AWS Key Management Service (AWS KMS) is used to create and manage keys.\n\nUse the APIs in this section to:\n- List and add the AWS accounts and regions based on the connections.\n- Get, delete, and update the AWS KMS account.\n- Grant permissions to CCKM users to perform specific actions on the AWS KMS.\n"},"CCKM/AzureVaults":{"description":"Azure Key Vault is a tool for securely storing and accessing keys.\n\nUse the APIs in this section to:\n- Get the list of Azure vaults based on Azure subscriptions.\n- Add, delete, and update Azure vaults from the CCKM.\n- Create a vault on Azure.\n- Grant permissions to CCKM users to perform specific actions on the Azure vaults.\n"},"CCKM/AzureSubscriptions":{"description":"A Microsoft Azure subscription grants you access to the Azure services.\n\nUse the APIs in this section to:\n- Fetch Azure subscriptions based on the connection.\n- Get, list, and delete subscriptions from the CCKM.\n"},"CCKM/AWSReports":{"description":"AWS reports deal with creating various types of reports based on:\n- The key activities in AWS\n- Which applications are using which keys in AWS\n- Reconcile Key activities between Cloud Key Manager and AWS\n\nUse the APIs in this section to:\n- Get, delete Report Jobs.\n- Generate Reports based on report_type.\n- Get, list, and check the status of the report.\n"},"CCKM/AzureReports":{"description":"Azure reports deal with creating various types of reports based on:\n- The key activities in Azure\n- Which applications are using which keys in Azure\n- Reconcile Key activities between Cloud Key Manager and Azure\n\nUse the APIs in this section to:\n- Get, delete Report Jobs.\n- Generate Reports based on report_type.\n- Get, list, and check the status of the report.\n"},"CCKM/HSMLunaPartitions":{"description":"This section manages the Luna HSM partitions which has its own data, access controls, security policies, and separate administration access for at least some roles, independent of other HSM Luna partitions (if your HSM supports more than one). It could be single partition or group of partition which form a HA group.\n\nUse the APIs in this section to:\n- Add, list, and update Luna HSM partitions\n- View details of Luna HSM partitions\n- Grant permissions to users or groups to perform specific actions on the Luna HSM partitions\n- Delete Luna HSM partitions\n"},"CCKM/HSMLunaKeys":{"description":"CCKM provides the key management and storage for Luna HSM Keys.\n\nUse the APIs in this section to:\n- Create Luna HSM keys based on different cryptographic algorithms\n- List, update, replicate, and delete Luna HSM keys on CCKM\n- View details of Luna HSM keys\n- Delete keys from Luna HSM\n- Refresh keys from Luna HSM partitions, view the status of key refresh from partitions, view the details of a key refresh process, and cancel a key refresh process\n- Synchronize Luna HSM keys from partitions in CCKM, view the status of key synchronizations, view the details of a synchronization process, and cancel a synchronization process\n"},"CCKM/SFDC Cache Only Key Endpoints":{"description":"CCKM provides keys on demand for Salesforce Shield Platform Encryption's Cache-Only Key Service.\n\nUse the APIs in this section to:\n- Create and list SFDC Cache-Only Key endpoints for Salesforce to fetch Cache-Only keys.\n- Return details for an SFDC Cache-Only Key endpoint\n- Update base hostname and password authentication details for n SFDC Cache-Only Key endpoint\n- Delete an SFDC Cache-Only Key endpoint\n"},"DNS Hosts":{"description":"The DNS Hosts API is used to add DNS entries to CipherTrust Manager. DNS names are unique. DNS mappings look like: hostname => IP address.\nMultiple hostnames can be assigned for a single IP address. While specifying a hostname, its IP address is required so that CipherTrust Manager can\nconnect directly to that address whenever its hostname is specified for any outbound connection such as SMTP and Syslog Server.\nCurrently, local DNS-Host entries are not resolved while configuring SNMP and NTP server.\n"},"Migration Split Keys":{"description":"The DSM (Data Security Management) product uses these type of keys for protecting its exported backups.\nThe CipherTrust Manager uses these keys for decrypting backups uploaded from the DSM.\n\nThese keys are split keys. That is, a single key is split into many shares.\nA minimum number of shares is required to reassemble the key.\nThe APIs in this section can be used for CRUD operations on these keys.\nThe APIs also provide methods for adding, modifying and deleting shares associated with these keys.\n"},"Proxy":{"description":"The proxy API is used to set the proxy in the system. The API also provides an option to input a CA certificate to trust by the system.\nA system restart is required after adding new or changing proxy settings.The following operations can be performed:\n- Set Proxy(http_proxy, https_proxy, no_proxy, certificate)\n- Update Proxy\n- Get proxy\n- Delete proxy\n"},"Quorum":{"description":"Quorum is a functionality where an administrator can configure a system that requires a number of\napprovers to approve an operation before it can be successfully executed.\n\nA quorum or a quorum request can have one of these six states: pre-active, active, approved, denied, executed, expired.\n\nWhen user initiates an operation, which is configured by the administrator to require a quorum, it is denied\nand leads to a creation of a quorum request. In case a quorum already exists for the same operation, the status\nof the existing quorum is used to determine the outcome of the operation.\n\nA new quorum created is in a 'pre-active' state. The user or requester of this quorum must activate the quorum\nbefore any of the approvers can review the quorum request. The requestor can optionally add a reason or\nmotivation for initiating the request while activating it. Once activated, the quorum is set to an 'active'\nstate and is now available for other approvers to review it. A quorum in 'pre-active' state is prone to an\nexpedited expiry.\n\nAny approver can vote to approve or deny a quorum request. A note can be added for additional information.\n\n - When the required amount of approvals are met, the quorum is set to an 'approved' state\n and any user requesting the operation again would succeed.\n - A deny vote forces the quorum into a 'denied' state suggesting that the operation should not be performed\nand the quorum is terminated.\n\nA quorum request is set to an 'executed' state if the operation has been successfully completed with an approved quorum.\n\nEvery quorum after a defined time limit is expired and this leads to the termination of that quorum.\n\nThe APIs listed in this section can be used to perform the following operations:\n\n1. List/Search Quorums\n\n2. Activate Quorum\n\n3. Delete Quorum\n\n4. Approve Quorum\n\n5. Deny Quorum\n\n6. Revoke vote\n\n7. List Resources of the Quorum \n\nQuorum Configuration:\n\nA quorum configuration consists of two parts: a quorum profile and a quorum policy.\n\nA quorum profile consists of the following configurations:\n\n1. User groups that can vote\n\n2. Number of approvals required\n\n3. Expiration period of a quorum\n\nA quorum policy consists of actions/operations and a quorum profile.\nThe quorum created as a result of this quorum policy uses the configuration parameters mentioned\nin the profile attached to it.\n\nNote:\n\n1. Quorum profiles and quorum policies cannot be created. A predefined set of profiles are provided and\nconsequently a set of policies can be activated associated with the profiles.\n2. Default operations supported for quorum policies:\n\n 1. DeleteKey\n 2. AddUserToGroup\n 3. ManagePolicyAttachment\n 4. DeletePolicy\n 5. DeleteDomain\n 6. DownloadBackupKeyDomain\n 7. RestoreBackupDomain\n 8. DownloadBackupkey (Only Root Domain)\n 9. RestoreBackup (Only Root Domain)\n 10. DeleteEKMEndpoint for deleting EKM Endpoints\n 11. DeleteClientCTE for deleting CTE Client\n 12. DeleteClientGroupCTE for deleting CTE Client-Group\n 13. DeleteGuardPointCTE for deleting CTE Guard-Point\n 14. UpdatePolicyCTE for updating CTE Policies Operations including (key, LDT, IDT, DataTx and Security Rules)\n 15. UpdateClientGroupCTE for updating CTE Client-Group\n 16. DeleteGoogleWorkspaceCSEEndpoint for deleting Google Workspace CSE endpoint.\n\nIf a Quorum is enabled for DeletePolicy and ManagePolicyAttachment(together), the activation and deactivation of \nQuorum for any supported operation has to go through the Quorum's approval process. This also applies to any other \nuser policy in the CipherTrust Manager i.e. If a Quorum is enabled for DeletePolicy and ManagePolicyAttachment, no \naccess control policy can be activated without going through Quorum's approval process.\n"},"Identity Providers":{"description":"The CipherTrust Manager allows configuration of external identity\nproviders with the use of \"connections\" of certain strategy.\n\nAvailable external identity providers:\n\n- OpenID Connect (oidc)\n\nOther external identity providers may be added in the future.\n"},"Log Forwarders":{"description":"Audit records and activity logs can optionally be sent to one or more\nexternal log forwarder. By default these logs are stored in the local\ndatabase and/or local disk and will continue to do so even if log\nforwarders are configured. Each log record will be sent to each\nconfigured log forwarder.\n\nIn a multi-node clustered environment the log forwarders configuration\nwill be automatically synchronized and each node will be aware of all log\nforwarders. The log forwarder message will be sent from the currently\nactive node. This means that if an event that results in a log record is\nperformed on node 1 the log record will originate from node 1, in a\nsimilar manner if a log record is performed on node 2 the log record will\nin this case originate from node 2.\n"},"Prometheus Metrics":{"description":"The CipherTrust Manager (CM) exports metrics that can be collected and viewed by a\nPrometheus monitoring system (see https://prometheus.io/).\nThe CM provides API tokens for Prometheus metrics monitoring clients.\nThe API tokens can be created by an administrator and passed on to the\nPrometheus monitoring clients. The API tokens don't expire.\nAn API token is returned when Prometheus metrics are enabled, or when the status is obtained.\nThe API token can be renewed.\n"},"Root of Trust Keys":{"description":"Root of Trust (RoT) key is the root key for encrypting/decrypting secrets or Master Key Encryption Keys (MKEKs) which are then used to\nencrypt/decrypt secrets. These set of APIs can manage the life cycle and rotate root of trust keys.\n\nThe following operations can be performed on root of trust keys:\n- List RoT keys: Lists root of trust keys.\n- Get RoT key: Gets root of trust key (with given ID/name)\n- Rotate RoT key: Rotates the root of trust key to a new one (optionally with a given ID/name).\n- Delete RoT Key: Deletes the root of trust key (with given ID/name).\n"},"Loki Configuration":{"description":"CipherTrust Manager uses Loki (see https://grafana.com/oss/loki/) to aggregate information for records.\n"}},"definitions":{"Permissions":{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}},"Tokens":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"account":{"type":"string","format":"ncryptify URI","description":"The account which owns this resource."},"labels":{"type":"string","format":"array","description":"Tags."},"userId":{"type":"string","description":"The user that owns the token"},"expiresIn":{"type":"integer","description":"Token expiry since the token created time."},"expired":{"type":"boolean","description":"Token expiry flag. This may not be accurate. Use createdAt and expiresIn to determine expiry."},"revokeNotRefreshedIn":{"type":"integer","description":"Revoke the token if it has not issued an access token within this duration."},"revoked":{"type":"boolean","description":"Token revocation flag."},"refreshedAt":{"type":"string","format":"date","description":"Date/time the last access token was issued"},"createdAt":{"type":"string","format":"date","description":"Date/time the token was created"},"updatedAt":{"type":"string","format":"date","description":"Date/time the token was updated"}}}}}}]},"User":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"Group":{"description":"A group object","type":"object","required":["name"],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{}}},"Token":{"description":"An authentication token.","type":"object","properties":{"jwt":{"type":"string","format":"jwt","description":"The authentication token. This is the value which needs to be\nplaced in the API request headers.\n"},"duration":{"type":"integer","description":"the expiration duration of the token"}},"example":{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2MiOiJreWxvIiwiYXVkIjoiMDNlNGE5M2ItODZhMy00YTViLWIzZTgtOGM4OWFiZmQzMDg4IiwiY3VzdCI6eyJncm91cHMiOlsiYWRtaW4iXX0sImV4cCI6MTQ3NDY0NTg1MSwiaWF0IjoxNDc0NjQ1NTUxLCJpc3MiOiJreWxvIiwic3ViIjoiYWRtaW4ifQ.iD5FGSwzDvGv5leRzULMnEfqls1_4tiR067J9cbV_4Q","duration":300}},"ConnectionUser":{"description":"A ConnectionUser is an abridged User. It is only used in the /connections/{id}/users/ routes.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user.\n\nThe user enters the username and the password to log in.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"email":{"type":"string","format":"email","description":"the email of the user"},"name":{"type":"string","description":"the users full name"}},"example":{"email":"frank@local","name":"frank","username":"frank","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538"}},"ConnectionLDAPOptions":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ConnectionOIDCOptions":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended to use, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended to use, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."}}},"Credentials":{"title":"credentials","description":"User Credentials for testing a connection.","type":"object","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username"}}},"TestConnection":{"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["connection","credentials"],"properties":{"connection":{"description":"Parameters required for testing a connection to an LDAP server.","type":"object","required":["strategy","options"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (ldap)"},"options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}}}},"credentials":{"title":"credentials","description":"User Credentials for testing a connection.","type":"object","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username"}}}}},"ConnectionCreate":{"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["name","strategy"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (`ldap` or `oidc`)"},"options":{"description":"Deprecated, replaced by 'ldap_options'.","type":"object","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended to use, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended to use, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."}}}}},"ConnectionUpdate":{"description":"Parameters required for updating a connection to an LDAP server.","type":"object","required":["strategy"],"properties":{"strategy":{"type":"string","description":"Strategy of connection (ldap)"},"options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended to use, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended to use, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."}}}}},"ConnectionDelete":{"description":"Parameters required for deleting an in-use connection.","type":"object","properties":{"force":{"type":"boolean","description":"If set to true, the in-use connection will be deleted forcefully."}}},"severity":{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},"Configuration":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"},"configurable":{"type":"boolean","description":"TLS cipher suite configurable flag. This is a non-editable field.\nIf it is true, only then the corresponding cipher_suite can be enabled/disabled.\n"}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"ConfigurationAdd":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"name":{"type":"string","description":"The name of the interface. Not valid for `interface_type` `nae`.\n"},"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n\n {\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n }\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local\nauthentication or the LDAP domain for LDAP authentication. This value\nis applied when the username does not embed the connection name (e.g.\n\"jdoe\" effectively becomes \"local_account|jdoe\"). This value only\napplies to NAE only and is ignored if set for web and KMIP\ninterfaces.\n"},"port":{"type":"integer","description":"The new interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can for example be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n\nExamples:\n\nPort `9002` on `ens3`:\n\n {\n \"network_interface\": \"ens3\",\n \"port\": 9002\n }\n\nPort `9002` on all ethernet adapters:\n\n {\n \"network_interface\": \"all\",\n \"port\": 9002\n }\n\nTo open the same port on other ethernet adapters it is possible to\nuse the same port on other ethernet adapter.\n\nDefaults to `all` if not specified.\n"},"interface_type":{"type":"string","description":"This parameter is used to identify the type of interface, what\nservice to run on the interface.\n\nCurrently supported:\n- `web`\n- `kmip`\n- `nae`\n- `snmp`\n\nDefaults to `nae` if not specified.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n- `tls_1_0`\n- `tls_1_1`\n- `tls_1_2`\n- `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"ConfigurationUpdate":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","required":["cipher_suite","enabled"],"properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"}}}},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n"},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"SyslogConnection":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}},"LogForwarders":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}},"Property":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]},"CSRParams":{"type":"object","title":"Parameters for CSR creation","description":"Parameters to be used during creating CSR like the subject, x509 extensions and signature algorithm used.","properties":{"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"emailAddresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPS\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"},"keyUsage":{"type":"array","items":{"type":"string"},"description":"List of names of the permitted key usages added as CSR extensions. Values:\n * digitalSignature\n * contentCommitment\n * keyEncipherment\n * dataEncipherment\n * keyAgreement\n * keyCertSign\n * crlSign\n * encipherOnly\n * decipherOnly\n\nThese keyUsage are allowed for CSR creation.\n"},"extendedKeyUsage":{"type":"array","items":{"type":"string"},"description":"List of names of the permitted extended key usages added as CSR extensions. Values:\n * any\n * serverAuth\n * clientAuth\n * codeSigning\n * emailProtection\n * ipsecEndSystem\n * ipsecTunnel\n * ipsecUser\n * timeStamping\n * ocspSigning\n * microsoftServerGatedCrypto\n * netscapeServerGatedCrypto\n * microsoftCommercialCodeSigning\n * microsoftKernelCodeSigning\n\nThese extendedKeyUsage are allowed for CSR creation.\n"},"signatureAlgorithm":{"type":"string","description":"Signature algorithm used for creating the CSR. sha512WithRSA, sha384WithRSA, sha256WithRSA, sha1WithRSA,\necdsaWithSHA512, ecdsaWithSHA384, ecdsaWithSHA256 and ecdsaWithSHA1 are the permitted values.\n"},"subjectKeyIdentifierHash":{"type":"boolean","description":"If set to true, the Subject Key Identifier extension is set to the hash specified by RFC5280, else\nunset\n"},"isCA":{"type":"boolean","description":"If set, the value of the basic constraints extension value for CA is set to that boolean value and unset\notherwise.\n"},"maxPathLen":{"type":"integer","description":"This parameter is valid only when is CA parameter is set to true and specifies the maximum number of CAs that\ncan appear below this one in a chain. If maxPathLen is -1, pathlen is unset.\n"}}},"DNSHosts":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Host Domain name."},"ip":{"type":"string","description":"Host IP."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was last updated"}}}]},"IfaceMeta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"proxy-config":{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}},"proxy-config-update":{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}},"test-proxy-config":{"properties":{"http_proxy":{"type":"string"},"https_proxy":{"type":"string","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."},"test_url":{"type":"string","description":"HTTPS URL to test with given proxy. By default it is https://www.thalesdocs.com."}},"example":{"https_proxy":"username:password@my.proxy.server:8081","test_url":"https://www.thalesdocs.com/","certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}},"proxy-response-params":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]},"TLSCiphers":{"type":"array","items":{"type":"object","properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"},"configurable":{"type":"boolean","description":"TLS cipher suite configurable flag. This is a non-editable field.\nIf it is true, only then the corresponding cipher_suite can be enabled/disabled.\n"}}}},"TLSCiphersUpdate":{"type":"array","items":{"type":"object","required":["cipher_suite","enabled"],"properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"}}}},"LokiConfiguration":{"description":"Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using the Go library’s time.Duration, such as 24h, in multiple of 24h.\nExample: 240h\n"}}},"LokiConfigurationUpdate":{"description":"Update Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using Go’s time.Duration, such as 24h, in multiple of 24h.\nExample: 240h\n"}}},"ServiceLogLevel":{"type":"object","properties":{"service":{"type":"string","description":"Service Name.","enum":["kmip","nae"]},"level":{"type":"string","description":"Log level string.","enum":["ERR","INF","DBG"]}}},"Kmip-Profiles":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles. Properties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"token":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager client's certificate is valid, default (730)."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."}}}]},"EncryptInput":{"description":"The input to an encrypt operation. It is a JSON object that contains the data to be encrypted. For AES-GCM, it also contains the data to be authenticated. Note that both these are byte arrays. JSON encodes byte arrays to base64 strings. Therefore, the JSON object that is input should contain valid base64 data for both the plaintext and AAD.","type":"object","title":"Encryption Input","required":["id"],"properties":{"id":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"name":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"plaintext":{"type":"string","description":"Data to Encrypt. This is a byte array. JSON encodes byte arrays to base64 strings. Therefore, the string in the JSON object should be a valid base64 string."},"version":{"type":"integer","description":"Version of the key to use."},"mode":{"type":"string","description":"This string identifies the cryptographic mode to use for symmetric key operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM' (default is 'GCM'), and the only allowed value for TDES is 'CBC'."},"pad":{"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES and TDES, allowed values are 'none', 'PKCS5' and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms the allowed values 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384' and 'OAEP512', defaulting to 'OAEP'."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"nae_key_version_header":{"type":"boolean","description":"This flag requests that the 3-byte NAE key-version header be prepended to the returned ciphertext."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."},"batch_request":{"type":"array","description":"Single or multiple data to encrypt.\n\n`\"iv\"`, `\"tag_len\"` and `\"aad\"` can be specified explicitly for each data within `\"batch_request\"` or\nfor all data in the batch request by making it part of the request body.\nIf specified at both the places, values inside `\"batch_request\"` takes precedence.\n\nResponse field `\"batch_response\"` will contain encrypted data. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"EncryptData","description":"Data to encrypt and its associated values\n","properties":{"plaintext":{"type":"string","description":"Data to Encrypt. This is a byte array. JSON encodes byte arrays to base64 strings. Therefore, the string in the JSON object should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."}}}}},"example":{"id":"mykey","plaintext":"ZW5jcnlwdA==","aad":"YXV0aGVudGljYXRl"}},"EncryptedBlob":{"description":"The output of an encrypt operation. It is a JSON object that contains the encrypted data, as well as parameters needed to decrypt the data.","type":"object","title":"Encrypted Blob","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"ID of the key used for encrypting the data, only either ID or name should be specified."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data."},"mode":{"type":"string","description":"The crypto mode (e.g. cbc, ecb, gcm)."},"pad":{"type":"string","description":"The padding algorithm (e.g. none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array, and appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."},"batch_response":{"type":"array","description":"Contains encrypted data.\nReturned only when `\"batch_request\"` is provided in request (i.e if data is sent in batch mode).\n\nIf error occurs while processing any data in the batch, HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully encrypted.\n\n`\"iv\"` and `\"aad\"`, if specified explicitly for a data within `\"batch_request\"`, are returned with the data within `\"batch_response\"`.\n`\"iv\"` and `\"aad\"`, if specified in request body, are returned in response body.\n`\"tag\"` is always returned with the data within `\"batch_response\"`.\nIf `\"iv\"` is not specified anywhere and generated automatically while encrypting, it will be returned with the data in `\"batch_response\"`.\n","items":{"type":"object","title":"Encrypted Data","description":"Encrypted data and its associated values\n","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"ciphertext\"` will be returned.\n"}}}}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"DecryptInput":{"description":"The input of an decrypt operation. It is a JSON object that contains the encrypted data, as well as parameters needed to decrypt the data.","type":"object","title":"DecryptInput","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"ID of the key used for encrypting the data, only either ID or name should be specified."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data."},"mode":{"type":"string","description":"The crypto mode (e.g. cbc, ecb, gcm)."},"pad":{"type":"string","description":"The padding algorithm (e.g. none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array, and appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."},"batch_request":{"type":"array","description":"Single or multiple data to decrypt.\n\n`\"iv\"`, `\"tag\"` and `\"aad\"` can be specified explicitly for each data within `\"batch_request\"` or for all\ndata in the batch request by making it part of the request body.\nIf specified at both the places, values inside `\"batch_request\"` takes precedence.\n\nResponse field `\"batch_response\"` will contain decrypted data. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"DecryptData","description":"Data to decrypt and its associated values.\n","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."}}}}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"DecryptedBlob":{"description":"The output of an decrypt operation. It is a JSON object that contains the plaintext.","type":"object","title":"Decrypted Blob","properties":{"plaintext":{"type":"string","description":"The plain text is a byte array, and appears as a base64 encoded string in the JSON blob."},"batch_response":{"type":"array","description":"Contains decrypted data.\nReturned only when `\"batch_request\"` is provided in request (i.e if data is sent in batch mode).\n\nIf error occurs while processing any data in a batch, Response HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully decrypted.\n","items":{"type":"object","title":"Decrypted Data","description":"Decrypted Data.","properties":{"plaintext":{"type":"string","description":"The plain text is a byte array, and appears as a base64 encoded string in the JSON blob."},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"plaintext\"` will be returned.\n"}}}}},"example":{"plaintext":"VY2D+Q9UyPRj2tIlHP/yVQ=="}},"ReencryptInput":{"description":"The input for a re-encrypt operation. It is a JSON object that contains encryption and decryption parameters.\nThe decryption parameters contain the encrypted data and the parameters required to decrypt the data.\nFor Encryption parameters, in case of AES-GCM, it contains the data to be authenticated. Note that this is byte array. JSON encodes byte arrays to base64 strings. Therefore, the JSON object should contain valid base64 data for AAD.\nNote: The Plaintext parameter is not required.\n","title":"ReencryptInput","properties":{"decrypt":{"type":"object","description":"The input for a decrypt operation. It is a JSON object that contains the encrypted data and the parameters required to decrypt the data.","properties":{"ciphertext":{"type":"string","description":"The ciphertext is a byte array and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array that appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"The ID of the key used for encrypting the data. Specify either ID or name."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data."},"mode":{"type":"string","description":"The cryptographic mode (for example, cbc, ecb, and gcm)."},"pad":{"type":"string","description":"The padding algorithm (for example, none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array that appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array that appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."}}},"encrypt":{"type":"object","description":"The input of Encrypt operation, In case of AES-GCM, it contains the data to be authenticated. Note that this is byte array. JSON encodes byte arrays to base64 strings.","properties":{"id":{"type":"string","description":"The name, ID, or URI of the key used by the crypto operation."},"name":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key to use."},"mode":{"type":"string","description":"Identifies the cryptographic mode to use for the symmetric key operations. The allowed values depend on the algorithm used. Allowed values for AES are 'CBC', 'EBC', and 'GCM' (default is 'GCM'). The only allowed value for TDES is 'CBC'."},"pad":{"type":"string","description":"This string identifies the cryptographic padding algorithm to use. The allowed values depend on the algorithm used. For AES and TDES, the allowed values are 'none', 'PKCS5', and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms, the allowed values are 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384', and 'OAEP512' (default is 'OAEP')."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"nae_key_version_header":{"type":"boolean","description":"This flag requests that the 3-byte NAE key-version header be prepended to the returned ciphertext."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."}}}},"example":{"decrypt":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"},"encrypt":{"id":"mykey","aad":"YXV0aGVudGljYXRl"}}},"ReencryptedBlob":{"description":"The output of a re-encrypt operation. It is a JSON object that contains the encrypted data and the parameters required to decrypt the data.","type":"object","title":"Re-Encrypted Blob","properties":{"ciphertext":{"type":"string","description":"The ciphertext is a byte array that appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array that appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"The ID of the key used for encrypting the data. Specify either ID or name."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data."},"mode":{"type":"string","description":"The cryptographic mode (for example, cbc, ecb, and gcm)."},"pad":{"type":"string","description":"The padding algorithm (for example, none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array that appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array that appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"PostKey":{"title":"Create Key","properties":{"domainId":{"type":"string","description":"Domain ID."},"name":{"type":"string","description":"Optional friendly name, The key name should not contain special characters such as angular brackets (<,>) and backslash (`\\`)."},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"algorithm":{"type":"string","description":"Cryptographic algorithm this key is used with. Defaults to 'aes'","enum":["aes","tdes","rsa","ec","hmac-sha1","hmac-sha256","hmac-sha384","hmac-sha512","seed","aria","opaque"]},"objectType":{"type":"string","description":"This specifies the type of object that is being created. Valid values are\n'Symmetric Key', 'Public Key', 'Private Key', 'Secret Data', 'Opaque Object',\nor 'Certificate'. The object type is inferred for many objects,\nbut must be supplied for the certificate object.\n"},"curveid":{"type":"string","description":"Cryptographic curve id for elliptic key. Key algorithm must be 'EC'. Values:\n * secp224k1\n * secp224r1\n * secp256k1\n * secp384r1\n * secp521r1\n * prime256v1\n * brainpoolP224r1\n * brainpoolP224t1\n * brainpoolP256r1\n * brainpoolP256t1\n * brainpoolP384r1\n * brainpoolP384t1\n * brainpoolP512r1\n * brainpoolP512t1\n"},"size":{"type":"integer","description":"Bit length for the key."},"undeletable":{"type":"boolean","description":"Key is not deletable. Defaults to false."}}},"PatchKey":{"title":"Update Key","properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"unexportable":{"type":"boolean","description":"Key is not exportable.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable."},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object activation date."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object deactivation date."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object archive date."},"rotationFrequencyDays":{"type":"string","description":"Number of days from current date to rotate the key. It should be greater than or equal to 0. Default is an empty string.\nIf set to 0, rotationFrequencyDays set to an empty string and auto rotation of key will be disabled.\n"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"aliases":{"type":"array","description":"Information needed for adding, modifying or deleting key aliases.\nTo delete a key, just specify its index. To add a key, do not specify the index.\nTo modify a key, specify its index, and the new values of the alias and type.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"muid":{"type":"string","description":"Optional additional identifier of the key.\nIt can be set if not set already.\n"},"keyId":{"type":"string","description":"Optional additional identifier of the key.\nIt can be set if not set already.\n"},"allVersions":{"type":"boolean","description":"To update the group permissions/custom attribute or both in metadata of all versions of the key.\nBy default it is set to false.\nSet to true, only when to update the group/custom attribute or both permissions of all versions of the key.\n"},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks). \n"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. When labels are provided\nthey are merged with the key's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n\nRefer to the schema under `/v1/vault/keys2 POST` for a full description\nof labels.\n","example":{"region":"noram","team":"sales"}}},"example":{"meta":"Sample Metadata","activationDate":"2017-10-02T14:24:37.436073Z","deactivationDate":"2018-10-02T14:24:37.436073Z","processStartDate":"2017-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z","aliases":[{"alias":"modified-altname1","type":"string","index":0},{"alias":"newname3","type":"string"},{"index":1}],"allVersions":false,"usageMask":3}},"Key":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},"Keys":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was updated"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"}}}}}}]},"KeyExtended":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"Random":{"properties":{"material":{"type":"string","description":"Hex encoded random bytes"}}},"KeyAlias":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}},"PublicKeyParameters":{"type":"object","title":"Public Key","description":"Information needed to create a public key.","properties":{"name":{"type":"string","description":"Friendly name of the corresponding public key"},"usageMask":{"type":"integer","description":"Defined in PostKey parameters"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"state":{"type":"string","description":"Optional initial key state (Pre-Active) upon creation. Defaults to Active. If set,\nactivationDate and processStartDate can not be specified during key creation.\n"},"aliases":{"type":"array","description":"Aliases associated with the key. The alias and alias-type must be specified.\nThe alias index is assigned by this operation, and need not be specified.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"unexportable":{"type":"boolean","description":"Key is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable. Defaults to false."}}},"QueryKeyParams":{"type":"object","title":"Search Parameters","description":"Information needed to search for a managed object.","properties":{"skip":{"description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},"limit":{"description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},"returnOnlyIDs":{"type":"boolean","description":"When this is not specified, or set to false, a list of keys is returned.\nWhen this is set to true, a list of key IDs is returned.\n"},"name":{"type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},"id":{"type":"string","format":"UUID","description":"Find the key with a matching ID.\n"},"uri":{"type":"string","description":"Filters results to those with matching uris. The '?' and '*' wildcard characters may be used."},"version":{"type":"integer","description":"Deprecated: Use 'versions'. Filters results to those with matching version. If version is specified as -1, only\nlatest version of the keys is returned. All versions are returned when the version is not specified.\n"},"versions":{"type":"array","description":"Filters results to those with matching versions. If versions is specified as [-1], only latest version of the keys are returned. All versions are returned when the version is not specified.","items":{"type":"integer"}},"algorithm":{"type":"string","description":"Deprecated: Use 'algorithms'. Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used."},"algorithms":{"type":"array","description":"Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used if only specifying a single value.","items":{"type":"string"}},"size":{"type":"integer","description":"Deprecated: Use 'sizes'. Filters results to those with matching size.\n"},"sizes":{"type":"array","description":"Filters results to those with a matching size.","items":{"type":"integer"}},"curveIDs":{"type":"array","items":{"type":"string"},"description":"Filters results to those with matching elliptic key curve id. Results will match *any*\nof the values.\n"},"states":{"type":"array","items":{"type":"string"},"description":"Filters results to those with matching key state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},"aliases":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching aliases. The '?' and '*' wildcard characters\nmay be used when a single alias is specified.\n"},"linkTypes":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching link types. The '?' and '*' wildcard characters\nmay be used when a single link type is specified. See the links documentation\nfor the various link types.\n"},"usageMask":{"type":"integer","description":"Deprecated: Use 'usageMasks'.\nFilters results to those with matching Cryptographic usage mask. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"usageMasks":{"type":"array","description":"Filters results to those with matching any of the Cryptographic usage masks. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n","items":{"type":"integer"}},"metaContains":{"type":"string","format":"JSON","description":"A valid JSON value. Only keys whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},"objectTypes":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching KMIP object types. The '?' and '*' wildcard characters\nmay be used when a single object type is specified. Valid object types are:\n\"Certificate\", \"Symmetric Key\", \"Public Key\", \"Private Key\", \"Split Key\", \"Secret Data\", \"Opaque Object\".\n"},"sha1Fingerprint":{"type":"string","description":"Deprecated: Use 'sha1Fingerprints'.\nFilters results to those with matching SHA1 fingerprints. The '?' and '*' wildcard characters may be used.\nThis fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha1Fingerprints":{"type":"array","description":"Filters results to those with matching one of the SHA1 fingerprints. The '?' and '*' wildcard characters may be used\nfor singular values. This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n","items":{"type":"string"}},"sha256Fingerprint":{"type":"string","description":"Deprecated: Use 'sha256Fingerprints'\nFilters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used.\n"},"sha256Fingerprints":{"type":"array","description":"Filters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used\nfor a single value.\n","items":{"type":"string"}},"neverExported":{"type":"boolean","description":"Find keys with the specified value of the `neverExported` attribute."},"neverExportable":{"type":"boolean","description":"Find keys with the specified value of the `neverExportable` attribute (same as the KMIP `Never Extractable` attribute)."},"unexportable":{"type":"boolean","description":"Find keys with the specified value of the `unexportable` attribute (opposite of the KMIP `Extractable` attribute)."},"revocationReason":{"type":"string","description":"Deprecated: Use 'revocationReasons'. Find keys having the specified value of the `revocationReason` attribute."},"revocationReasons":{"type":"array","description":"Find keys having one of the specified values of the `revocationReason` attribute.","items":{"type":"string"}},"createdBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created\nbefore 1 year, 2 months and 5 days ago.\n"},"createdAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created after 1 year, 2 months\nand 5 days ago.\n"},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"updatedBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys updated\nbefore 1 year, 2 months and 5 days ago.\n"},"updatedAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"activationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"activationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"activationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"processStartBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"processStartAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"processStartAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is within 0.5 seconds before or after the specified timestamp. Timestamp\nshould be in RFC3339Nano format.\n"},"protectStopBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"protectStopAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"protectStopAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano format.\n"},"deactivationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"deactivationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"deactivationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"destroyBefore":{"type":"string","format":"date-time","description":"Find keys whose destroy date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"destroyAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose destroy date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"destroyAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose destroy date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"archiveBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"archiveAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"archiveAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"compromiseOccurranceBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseOccurranceAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseOccurranceAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"compromiseBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"rotationDateReached":{"type":"boolean","description":"- If `rotationDateReached` is set to true then it returns latest version of the keys with rotationDate of latest version <= currentTime.\n- If `rotationDateReached` is set to false then it returns latest version of the keys with rotationDate of latest version > currentTime\n"},"compareIDWithUUID":{"type":"string","description":"- If `compareIDWithUUID` is set to `equal`, then it returns keys whose IDs are equal to their UUIDs.\n- If `compareIDWithUUID` is set to `notequal`, then it returns keys whose IDs are not equal to their UUIDs.\n- The supported values are `equal` and `notequal`.\n- These keys are generally ESG keys used by CTE.\n"},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"labels":{"type":"object","additionalProperties":{"type":"array"},"items":{"type":"string"},"x-nullable":true,"description":"Find keys that match label selector expressions. Multiple values are\nlogically ANDed.\n\nLabel selector expressions:\n- Select keys that have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region=noram\" ]\n ```\n OR with a double equals:\n ```\n [ \"region==noram\" ]\n ```\n- Select keys that do not have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region!=noram\" ]\n ```\n- Select keys that have either `{\"region\": \"noram\"}` or `{\"region\": \"emea\"}`\n ```\n [ \"region in (noram,emea)\" ]\n ```\n- Select keys that do not have `{\"region\": \"noram\"}` nor `{\"region\": \"emea\"}`\n ```\n [ \"region notin (noram,emea)\" ]\n ```\n- Select keys that have the label key `region` (the value may be anything)\n ```\n [ \"region\" ]\n ```\n- Select keys that not have the label key `region`\n ```\n [ \"!region\" ]\n ```\n\nMultiple label selector expressions, logically ANDed:\n- Select keys that have the label `{\"region\": \"noram\"}` but do not have\n `{\"team\": \"sales\"}`\n ```\n [ \"region=noram\", \"team!=sales\" ]\n\n ```\n"},"undeletable":{"type":"boolean","description":"Find keys with the specified value of the `undeletable` attribute."},"permissions":{"type":"array","items":{"type":"string"},"description":"The filter returns only those keys on which the user performing the query has the same permissions as given\nin the query. The permissions are given to a group in the key meta and the group must have the `ReadKey`\npermission. The user performing the query must be a member of the group having those permissions.\nAllowed values are \"EncryptWithKey\", \"DecryptWithKey\", \"MACWithKey\", \"MACVerifyWithKey\", \"SignWithKey\",\n\"SignVerifyWithKey\", \"ReadKey\", \"UseKey\", and \"ExportKey\".\n"}},"example":{"name":"oldkeys*","usageMask":12,"metaContains":"{\"info\":{\"color\":\"red\"}}","aliases":["abc1","yellow"],"size":256,"createdAfter":"2018-11-28T15:19:10Z"}},"CertificateFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"DistinguishedNameFields":{"type":"object","title":"Distinguished Name Fields","description":"Information encapsulated by a distinguished name in a certificate.","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"AlternateNameFields":{"type":"object","title":"Alternate Name Fields","description":"Information encapsulated by an alternate name in a certificate.","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"HkdfCreateParameters":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"WrapHKDF":{"type":"object","title":"HKDF Wrap Parameters","description":"Information which is used to wrap a Key using HKDF.","properties":{"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF Wrapping.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"},"okmLen":{"type":"integer","description":"The desired output key material length in integer.\n"}}},"WrapJWE":{"type":"object","title":"JWE Parameters for generating jwe","description":"Information which is used to wrap a Key using JWE. (JWT ID (JTI) provides a unique identifier for the JWT. JTI will be automatically included in JWE if it is available in JWT identity token.)","properties":{"jwtIdentifier":{"type":"string","description":"JWT identifier (JTI) is unique identifier for the JWT used by SFDC for cache key replay detection.\n"},"contentEncryptionAlgorithm":{"type":"string","description":"Content Encryption Algorithm is symmetric encryption algorithm used to encrypt the data , default is AES_256_GCM.\n","enum":["AES_128_CBC_HMAC_SHA_256","AES_192_CBC_HMAC_SHA_384","AES_256_CBC_HMAC_SHA_512","AES_128_GCM","AES_192_GCM","AES_256_GCM"]},"keyEncryptionAlgorithm":{"type":"string","description":"Key Encryption Algorithm is used to encrypt the Content Encryption Key (CEK), default is RSA_OAEP_SHA1.\nAlgorithm should correspond to type of public key provided for wrapping.\n","enum":["RSA1_5","RSA_OAEP_SHA1","RSA_OAEP_SHA256","ECDH_ES","ECDH_ES_AES_128_KEY_WRAP","ECDH_ES_AES_192_KEY_WRAP","ECDH_ES_AES_256_KEY_WRAP"]},"keyIdentifier":{"type":"string","description":"Key identifier to be used as \"kid\" parameter in JWE material and JWE header.\nDefaults to key id.\n"}}},"WrapPBE":{"type":"object","title":"Password based encryption parameters for generating password based derived keys.","description":"WrapPBE produces a derived key from a password and other parameters like salt, iteration count, hashing algorithm and derived key length. PBE is currently only supported to wrap symmetric keys (AES), private Keys and certificates.","properties":{"hashAlgorithm":{"type":"string","description":"Underlying hashing algorithm that acts as a pseudorandom function to generate derive keys.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512","hmac-sha512/224","hmac-sha512/256","hmac-sha3-224","hmac-sha3-256","hmac-sha3-384","hmac-sha3-512"]},"password":{"type":"string","description":"Base password to generate derive keys. It cannot be used in conjunction with passwordidentifier.\npassword must be in range of 8 bytes to 128 bytes.\n"},"passwordIdentifier":{"type":"string","description":"Secret password identifier for password. It cannot be used in conjunction with password.\n"},"passwordIdentifierType":{"type":"string","description":"Type of the Passwordidentifier. If not set then default value is name.\n","enum":["id","name","slug"]},"salt":{"type":"string","description":"A Hex encoded string.\npbeSalt must be in range of 16 bytes to 512 bytes.\n"},"purpose":{"type":"string","description":"User defined purpose. If specified will be prefixed to pbeSalt.\npbePurpose must not be greater than 128 bytes.\n"},"dklen":{"type":"integer","description":"Intended length in octets of the derived key.\ndklen must be in range of 14 bytes to 512 bytes.\n"},"iteration":{"type":"integer","description":"Iteration count increase the cost of producing keys from a password.\nIteration must be in range of 1 to 1,00,00,000.\n"}}},"WrapRSAAES":{"type":"object","title":"RSA AES KWP parameters","description":"Information which is used to wrap/unwrap asymmetric keys using RSA AES KWP method.\nThis method internally requires AES key size to generate a temporary AES key and RSA padding.\nTo use WrapRSAAES, algorithm \"RSA/RSAAESKEYWRAPPADDING\" must be specified in WrappingEncryptionAlgo.\n","properties":{"aesKeySize":{"type":"integer","description":"Size of AES key for RSA AES KWP. Accepted value are 128, 192, 256.\nDefault value is \"256\".\n"},"padding":{"type":"string","description":"Padding specifies the type of padding scheme that needs to be set when exporting\nthe Key using RSA AES wrap. Accepted values are \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nDefault value is \"oaep256\".\n","enum":["oaep","oaep256","oaep384","oaep512"]}}},"KeyParams":{"type":"object","title":"Parameters for generation of key required for CSR creation","description":"Parameters to be used for creating an asymmetric key to be used for CSR creation.","properties":{"keyName":{"type":"string","description":"Name of key to be generated for CSR creation"},"algorithm":{"type":"string","description":"Algorithm of key to be generated for CSR creation. Permitted values are 'RSA' or 'EC' and defaults to 'RSA'.\n"},"size":{"type":"string","description":"Size of key to be generated for CSR creation. Refer create key API for sizes for EC and RSA keys and their default values.\n"},"curveid":{"type":"string","description":"Cryptographic curve id for elliptic key. Values:\n * secp224r1\n * secp384r1\n * secp521r1\n * prime256v1\nThese curves are allowed for CSR creation.\n"}}},"BasicLabels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"},"AddLabels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. APIs that list keys can use\nlabels to filter the set of matching resources.\n\nA label's key has an optional prefix up to 253 characters followed by a\nforward slash and a required name up to 63 characters. For example,\n`sales.widgets.com/region` is a label key with the prefix\n`sales.widgets.com` and the name `region`, while `region` is a label key\nwithout a prefix.\n\nA label's value may be empty and may be up to 63 characters.\n\nEach part of the label (i.e. the prefix, name, and value) must begin\nand end with an alphanumeric character (a-zA-Z0-9). Characters\ninbetween the beginning and end may contain alphanumeric characters,\ndots (.), dashes (-) and underscores (_).\n\nA Label can be a simple tag by specifying a key with no value\n(e.g. `{ \"critical\": \"\" }`).\n\nHere's a full example showing a name/value pair with prefix, a name/value pair, and a simple tag:\n```\n \"labels\": {\n \"sales.widgets.com/region\": \"noram\",\n \"team\": \"sales\",\n \"critical\": \"\"\n }\n```\n","example":{"region":"noram","team":"sales"}},"UpdateLabels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. When labels are provided\nthey are merged with the key's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n\nRefer to the schema under `/v1/vault/keys2 POST` for a full description\nof labels.\n","example":{"region":"noram","team":"sales"}},"QueryLabels":{"type":"object","additionalProperties":{"type":"array"},"items":{"type":"string"},"x-nullable":true,"description":"Find keys that match label selector expressions. Multiple values are\nlogically ANDed.\n\nLabel selector expressions:\n- Select keys that have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region=noram\" ]\n ```\n OR with a double equals:\n ```\n [ \"region==noram\" ]\n ```\n- Select keys that do not have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region!=noram\" ]\n ```\n- Select keys that have either `{\"region\": \"noram\"}` or `{\"region\": \"emea\"}`\n ```\n [ \"region in (noram,emea)\" ]\n ```\n- Select keys that do not have `{\"region\": \"noram\"}` nor `{\"region\": \"emea\"}`\n ```\n [ \"region notin (noram,emea)\" ]\n ```\n- Select keys that have the label key `region` (the value may be anything)\n ```\n [ \"region\" ]\n ```\n- Select keys that not have the label key `region`\n ```\n [ \"!region\" ]\n ```\n\nMultiple label selector expressions, logically ANDed:\n- Select keys that have the label `{\"region\": \"noram\"}` but do not have\n `{\"team\": \"sales\"}`\n ```\n [ \"region=noram\", \"team!=sales\" ]\n\n ```\n"},"KeyPermissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"PatchKeyPolicy":{"type":"object","title":"Parameters for updating key policies.","description":"update parameters for key policies.","properties":{"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"description":"label_selector on which key policies are applied"}}},"CreateKeyPolicy":{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}},"KeyPolicy":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"ResourceBase":{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date","description":"Date/time the application was created"}}},"NamedResourceBase":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},"SecretExtended":{"type":"object","allOf":[{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"data of the secret"},"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"}}}]},"UpdateableBase":{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},"ResourceCollection":{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},"PostSecret":{"required":["material","dataType"],"properties":{"name":{"type":"string","description":"Friendly name"},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n\nDefaults to 12 (Encrypt, Decrypt).\n\nNot applicable to the following:\n * blob\n"},"dataType":{"type":"string","description":"The type of data the secret represents. Each data type corresponds to a KMIP type.\n * blob - KMIP opaque object\n * password - KMIP secret data password\n * seed - KMIP secret data seed\n"},"material":{"type":"string","description":"The data imported as the secret. The encoding of the data is not specified. If the data cannot be set as a JSON string, such as arbitrary binary data, then the caller should encode the data first (e.g. using base64).\n"},"unexportable":{"type":"boolean","description":"Material is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable. Defaults to false."},"meta":{"type":"object","description":"End-user or service data stored with the secret."},"state":{"type":"string","description":"Initial Secret state (Pre-Active) upon creation. Defaults to Active. If set, activationDate can not be specified during state creation.\nNot applicable to the following:\n * blob\n"},"activationDate":{"type":"string","format":"date","description":"Date/time the Secret Data becomes active.\nNot applicable to the following:\n * blob\n"},"deactivationDate":{"type":"string","format":"date","description":"Date/time the Secret Data becomes inactive"},"idSize":{"type":"integer","description":"Size of the ID for the secret"}},"example":{"name":"My Secret","dataType":"seed","material":"DEADBEEF"}},"SecretMetadata":{"properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"},"unexportable":{"type":"boolean","description":"Material is not exportable.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable."},"activationDate":{"type":"string","format":"date","description":"Secret Data activation date."},"deactivationDate":{"type":"string","format":"date","description":"Secret Data deactivation date."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."}},"example":{"revocationReason":"Unspecified","revocationMessage":"My Reason"}},"Secret":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},"Secrets":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usage":{"type":"string","description":"Either FPE or Blob"},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}}}}}]},"Policy":{"description":"Policies are access control rules. They declare a set of\nactions, applied to a set of resources, under an optional set of\nconditions, which are either allowed or not allowed.\n\nPolicies, like other resources, share common properties like `id`,\n`uri`, `name`, etc.\n\n`actions` is a list of permissions.\n\nTBD: link to\ncanonical dictionary of permissions. Operations will require some\nset of the these permissions\n\n`resources` is a list of URI patterns.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"allow":{"type":"boolean"},"effect":{"type":"integer","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"conditions":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsignorescase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"}}}},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, sub-domains will be included while listing domains when this parameter is true.\n"}}}]},"PolicyAttachment":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]},"AuthorizationRequest":{"type":"object","properties":{"operations":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string","format":"string with wildcards"},"resource":{"type":"string","format":"URI or URI mask with wildcards"}}}}},"example":{"operations":[{"action":"*","resource":"ncryptify:gemalto:admin:apps:*"}]}},"AuthorizationResponse":{"type":"object","properties":{"allowed":{"type":"string","format":"yes, no, or maybe"},"operations":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string"},"resource":{"type":"string"},"allowed":{"type":"string","format":"yes, no, or maybe"},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, this parameter should be set to true in order to include sub-domains while listing domains.\n"},"details":{"type":"object","description":"A map. The keys are the jurisdictions (account URIs) involved in the request. The\nvalue is an object describing the details of the verdict in that jurisdiction.\n","additionalProperties":{"type":"object","properties":{"jurisdiction":{"type":"string","format":"account URI"},"allowed":{"type":"string","format":"yes, no, or maybe"},"allowingPolicies":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}},"denyingPolicies":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}}}}}}}}},"example":{"allowed":"maybe","operations":[{"action":"*","resource":"ncryptify:gemalto:admin:apps:ncryptify","allowed":"maybe","details":{"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser":{"jurisdiction":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","allowed":"maybe","allowingPolicies":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["read"],"allow":true,"effect":"allow"},"denyingPolicies":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["read"],"allow":false,"effect":"deny"}}}}]}},"PrivatePostRecord":{"properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied. Optional, defaults to true."},"details":{"type":"object","description":"Any additional information to include the record. Optional."}},"example":{"message":"the quick fox","service":"admin","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1","details":{"color":"red"}}},"Record":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]},"ClientRecord":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"event":{"type":"string","description":"The audit message wished to be recorded on the client."},"client_type":{"type":"string","description":"The type of client, typically `CTE`, ..."},"severity":{"type":"string","description":"the severity field in client records as per standard guidelines eg:critical, warning, error, info"},"client":{"type":"string","description":"indicates the real identifier of the client which triggered the event. It can be the Id, name or hostname of the client"},"details":{"type":"object","description":"Additional data included in the client record."},"time_stamp":{"type":"object","description":"the time stamp when the event occured on the client"}}}]},"AlarmConfigResource":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]},"AlarmConfig":{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]},"GroupmapCreateInput":{"description":"Parameters needed to create a mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Create Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."}}},"GroupmapUpdateInput":{"description":"Parameters needed to update a mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Update Groupmap","required":["group_name"],"properties":{"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."}}},"Groupmap":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}},"Node":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}},"MigrationsPost":{"properties":{"password":{"type":"string","description":"This field is used only while migrating KeySecure Classic backup files, and is mandatory for those files.\nIt specifies the password needed to decrypt the KeySecure Classic backup file.\n"},"usersType":{"type":"string","description":"This field is used only while migrating KeySecure Classic backup files, and is mandatory for those files.\nIt specifies the type of user accounts being migrated - local or ldap.\n"},"ldapConnectionName":{"type":"string","description":"This optional field is used only while migrating KeySecure Classic backup files.\nIt specifies the name for the LDAP connection being migrated.\nIt is required only if usersType is set to 'ldap'.\n"},"privateKey":{"type":"string","description":"It specifies the name or id of the CM key.\nIt is required only for the cckm product.\n"},"domains":{"type":"array","items":{"type":"string"},"description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify an array of domains.\nAll the domains are migrated if this is left empty.\n"},"containers":{"type":"array","items":{"type":"string"},"description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify an array of containers.\n"},"groupName":{"type":"string","description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify the name of a key-sharing group.\nThis group is created in all the domains that are migrated.\nThe keys in the migrated domains will be accessible to all the members of this group.\n"},"autoCTEGroups":{"type":"boolean","description":"This optional parameter used only while migrating DSM backup files.\nIt can be used to control how CTE keys get migrated.\nOn the DSM, if a key has the \"Source\" field set to \"From DSM\" or an\nempty string, and this flag is set to true, the key is migrated so that\nit is fully accessible to members of the \"CTE Clients\" group.\n"},"migrateCCKMSourceKeys":{"type":"boolean","description":"This optional parameter used only while migrating CCKM Enterprise Keys.\nIf this flag is set to true, the key created in DSM from CCKM enterprise\nwill be migrated to CipherTrust Manager.\n"}},"example":{"password":"a133cdfe","usersType":"ldap","privateKey":"12a9758f","ldapConnectionName":"someldapconnection","domains":["domain1","domain2"],"containers":["container1","container2"],"groupName":"key-sharing-group","autoCTEGroups":true,"migrateCCKMSourceKeys":true}},"BackupFilter":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"scp_backup_request_params":{"type":"object","allOf":[{"type":"object","required":["host","username","auth_method","path_to"],"properties":{"host":{"type":"string","description":"Hostname or FQDN of remote machine used for SCP operation."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}},{"type":"object","description":"Sensitive parameters specific to a SCP connection.","required":["public_key"],"properties":{"password":{"type":"string","description":"Password for SCP."},"public_key":{"type":"string","description":"Public key for SCP. It will be used to verify the host's identity by verifying key fingerprint. It can be retrieved from \"/etc/ssh/\" of remote host machine."}}}]},"scp_backup_params":{"type":"object","required":["host","username","auth_method","path_to"],"properties":{"host":{"type":"string","description":"Hostname or FQDN of remote machine used for SCP operation."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}},"scp_backup_credentials":{"type":"object","description":"Sensitive parameters specific to a SCP connection.","required":["public_key"],"properties":{"password":{"type":"string","description":"Password for SCP."},"public_key":{"type":"string","description":"Public key for SCP. It will be used to verify the host's identity by verifying key fingerprint. It can be retrieved from \"/etc/ssh/\" of remote host machine."}}},"MigrationsDownload":{"required":["userName","password","ip","certificate","publicKey"],"properties":{"userName":{"type":"string","description":"This specifies the userName for the cckm enterprise.\n"},"password":{"type":"string","description":"This specifies the password for the cckm enterprise.\n"},"ip":{"type":"string","description":"This is the IP of cckm enterprise.\n"},"certificate":{"type":"string","description":"This specifies the certificate for the cckm enterprise.\n"},"publicKey":{"type":"string","description":"ID of the CipherTrust Manager key to be used for encrypting migration data.\n"}},"example":{"ip":"127.0.0.1","userName":"cckm-username","password":"cckm-password","certificate":"cckm-certificate","publicKey":"key-id"}},"MigrationsEmbeddedDownload":{"required":["publicKey"],"properties":{"publicKey":{"type":"string","description":"ID of the CipherTrust Manager key to be used for encrypting migration data.\n"},"KeySource":{"type":"string","description":"Specifies the key source. Default key source is `dsm`. \n","enum":["dsm","cm"]}},"example":{"publicKey":"key-id","keySource":"dsm"}},"backupkeys":{"properties":{"scope":{"type":"string","description":"Scope of the backup key - system or domain\n"},"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource\n"},"version":{"type":"string","description":"The version of the key\n"},"createdAt":{"type":"string","format":"date-time","description":"Date/time the key was created\n"},"state":{"type":"string","description":"Usability of the key - active or inactive\n"},"isDefault":{"type":"boolean","description":"Is default key of the system; The default backup key cannot be deleted\n"}}},"PostLicense":{"type":"object","required":["license"],"properties":{"license":{"type":"string","description":"License string."},"bind_type":{"type":"string","description":"Binding type for this license. Can be either 'instance' or 'cluster'.\nIf omitted, then CM attempts to bind the license to the cluster. If this step fails with a lock code error,\nit will attempt to bind to the instance.\n"}},"example":{"license":"16 Virtual_KeySecure Ni LONG NORMAL STANDALONE EXCL 5_KEYS INFINITE_KEYS 16 JUN 2017 0 0 16 JUN 2017 19 0 NiL SLM_CODE CL_ND_LCK NiL *16QLW6DGSG8JSRX400 NiL NiL NiL 5_MINS NiL 0 JuuF6Bf5XnSmUEKsRB1D3SKZ:vwndBx1Bvj:EaN,Clf2G5moq,efLcwePrXzXd4tfDvYjtu4LTQwzvhHGwl:LvfV##AID=0d8b304a-435d-4436-82f2-db8994773438"}},"Licenses":{"description":"Licenses object","type":"object","properties":{"id":{"type":"string","description":"ID of the license"},"hash":{"type":"string","description":"Hash of the license"},"type":{"type":"string","description":"License type - Normal or Trial"},"state":{"type":"string","description":"State of the license - active or inactive"},"start":{"type":"string","format":"date","description":"Start date/time of the license"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"feature":{"type":"string","description":"Feature name associated with this license"},"version":{"type":"string","description":"Version of the feature"},"license_count":{"type":"integer","description":"Number of licenses"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"}}},"Features":{"description":"Features object","type":"object","properties":{"name":{"type":"string","description":"Feature name"},"version":{"type":"string","description":"Version of the feature"},"status":{"type":"string","description":"Status of the feature - active or inactive"},"details":{"type":"string","description":"Additional details provided when the feature is inactive (optional)"},"license_count":{"type":"integer","description":"Number of licenses"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"},"total_usage_count":{"type":"number","description":"Total count of used licenses"},"domains_usage":{"type":"array","description":"Array of domains for licenses usage","items":{"type":"object","properties":{"domain_id":{"type":"string","description":"Domain id"},"name":{"type":"string","description":"Domain name"},"parent_domain_id":{"type":"string","description":"Parent domain id"},"usage_count":{"type":"number","description":"Licenses usage"}}}}}},"AbbreviatedTrial":{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},"Trial":{"allOf":[{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},{"type":"object","properties":{"features":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Sentinel RMS feature name"},"friendly_name":{"type":"string","description":"Display friendly name"},"product":{"type":"string","description":"Product name this feature belongs to"},"bind_type":{"type":"string","description":"License bind type, either 'instance' or 'cluster'"}}}}}}]},"PostLink":{"properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. Required for Create.","enum":["privateKey","publicKey","certificate","derivationBaseObject","derivedKey","replacementObject","replacedObject","parent","child","previous","next","pkcs12Password","pkcs12Certificate"]},"source":{"type":"string","description":"The source resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."},"target":{"type":"string","description":"The target resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."}},"example":{"type":"next","source":"key1","target":"key2"}},"ExternalCA":{"type":"object"},"ping":{"type":"object","title":"Test the reachability of a host","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces"},"count":{"type":"integer","description":"Number of packets to send"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for response"}},"example":{"destination":"www.google.com","count":1,"timeout_secs":2}},"traceroute":{"type":"object","title":"Trace the possible routes and measure delays that an IP packet takes to its destination","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"port":{"type":"integer","description":"The destination port to use"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"tcp":{"type":"boolean","description":"Use TCP SYN for tracerouting"},"udp":{"type":"boolean","description":"Use UDP to particular port for tracerouting"},"sendwait":{"type":"integer","description":"Minimum time interval between probes"},"max_ttl":{"type":"integer","description":"The max number of hops"},"first_ttl":{"type":"integer","description":"Start from the first_ttl hop"},"nqueries":{"type":"integer","description":"The number of probes per each hop"}},"example":{"destination":"www.google.com","max_ttl":5}},"checkport":{"type":"object","title":"Connect if a specific TCP port is open or not on the specified remote host","required":["destination","port"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"port":{"type":"integer","description":"Port number"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for the response"}},"example":{"destination":"www.google.com","port":80,"timeout_secs":2}},"interface":{"type":"object","title":"Interface","required":["name"],"properties":{"name":{"type":"string","description":"The network interface name, e.g. \"ens3\"."},"force_gateway":{"type":"boolean","description":"Force system default gateway update, i.e. overwrite system default gateway when this device is brought up. By default a network interface will only set the system default gateway if is not already set. This feature can be used to force a specific network interface to be used for outgoing traffic initiated from the machine itself.\n\ntrue to enable, false to disable, and absent to use the existing\nvalue.\n"},"inet":{"description":"IPv4 specific settings.","type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"description":"IPv6 specific settings.","type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"description":"Bond specific settings.","type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}}},"example":{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]}}},"inet":{"type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}},"kek":{"type":"object","description":"Custom name of the Master KEK","properties":{"name":{"type":"string","description":"Custom name of the Master KEK."}}},"mkek_info":{"type":"object","properties":{"id":{"type":"string","description":"Mkek ID."},"name":{"type":"string","description":"Secret Name"},"is_default":{"type":"boolean","description":"If this is the default Mkek"},"created_at":{"type":"string","format":"date-time","description":"Creation time of the Master KEK"},"sealer_name":{"type":"string","description":"name of the sealer"},"kek_name":{"type":"string","description":"Name of the secret i.e. KEK."}}},"lookup_request":{"type":"object","title":"Query the mapping between domain name and IP address or other dns records","required":["target"],"properties":{"target":{"type":"string","description":"An IP address or host name to lookup.\nThe IP address can be an IPv4 or IPv6 address.\n"}},"example":{"target":"1.1.1.1"}},"lookup_response":{"type":"object","properties":{"hosts":{"type":"array","description":"List of host names mapping to the supplied IP address, or,\nlist of IP addresses mapping to the host name.\n","items":{"type":"string"}}}},"metrics_config":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}},"rotkey_info":{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."},"created_at":{"type":"string","format":"date-time","description":"Creation time of the root of trust key."},"is_active_key":{"type":"boolean","description":"Specifies whether this root of trust key is the active key."}}},"rotkey_id":{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."}}},"client":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on the CipherTrust Manager.","type":"string"},"client_certificate":{"description":"Client certificate issued by the CipherTrust Manager.","type":"string"}}}]},"unified-client-view":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"user friendly name of client"},"connector":{"type":"string","description":"the type of connector in use (CTE, KMIP, ProtectAppJCE)"},"connector_version":{"type":"string","description":"the version of connector in use by the client"},"os_version":{"type":"string","description":"the operating system used by the client"},"hostname":{"type":"string","description":"the hostname of client"},"status":{"type":"string","description":"indicates whether the client is registered with Ciphertrust Manager or not (Valid values are Registered or Unregistered)"}}}]},"instance":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]},"partition":{"allOf":[{"type":"object","properties":{"id":{"description":"ID of ProtectV client partition.","type":"string"},"status":{"type":"string","description":"Status of ProtectV client partition(protected/unprotected)."},"diskName":{"type":"string","description":"Disk name of ProtectV client partition."},"systemName":{"description":"System name of ProtectV client partition.","type":"string"},"friendlyName":{"description":"Friendly name of ProtectV client partition.","type":"string"},"keyId":{"description":"Key ID of ProtectV client partition.","type":"string"},"kskeyId":{"description":"Key ID of ProtectV client partition on keystore.","type":"string"},"decrypt":{"description":"Flag to represent decrypt status of ProtectV client partition.","type":"string"}}}]},"key":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"keystore_keyname":{"description":"Name to identify key on the keystore.","type":"string"}}}]},"clientprofile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the client profile."},"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode. The default value is 'false'."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days. The default value is '7' days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server. The default value is 'false'."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users. The default value is 'false'."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the all the cluster nodes."},"clusterPort":{"type":"integer","description":"Port number on which all nodes in the cluster will run. The default value is '443'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}}}]},"rule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"path":{"description":"Path of the directory or file where to protect. Paths to encrypt or decrypt are referred to as \"encryption paths\" in this document.","type":"string"},"name":{"description":"Optional name for the rule. If name is not provided, a name of the form \"Rule-XXXX\" is automatically generated, where XXXX is a random string 27 characters.","type":"string"},"includeExtensions":{"description":"File extensions (Semi-colon separated list) on which the rule will be applied. This tag is applicable to \"encrypt data\" policies only.","type":"string"},"excludeExtensions":{"description":"File extensions (Semi-colon separated list) on which the rule will not be applied. This tag is applicable to \"encrypt data\" policies only.","type":"string"},"isDirectory":{"description":"Whether the path is a directory.","type":"boolean"},"isRecursive":{"description":"Whether the rule will be applied recursively if path is a directory.","type":"boolean"},"ignoreDirectory":{"description":"(Applicable to Linux clients) Comma-separated list of directories to ignore during encryption.","type":"string"},"encryptData":{"description":"Whether to encrypt data or perform access checks only (no encryption). \"true\" for encryption, \"false\" for no encryption.","type":"boolean"}}}]},"accesspolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]},"accesspolicygroup":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"accesspolicygroupassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"accessPolicyGroupId":{"type":"string","description":"Unique identifier of an access policy group."},"accessPolicyId":{"type":"string","description":"Unique identifier of an access policy."},"type":{"type":"string","description":"Type of the access policy."},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL. Access policy group association will provide additional record for default access.\n"}}}]},"clientruleassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"parentId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"ruleId":{"description":"Unique identifier of the rule.","type":"string"},"ruleSeqNumber":{"description":"Rule sequence number","type":"integer"},"ruleOperation":{"description":"Operation getting performed on the rule.","type":"string"},"ruleState":{"description":"Current state of the rule.","type":"string"},"ruleFailed":{"description":"Whether the operation on rule has failed.","type":"string"},"keyName":{"description":"Name of the key to encrypt data.","type":"string"},"keyVersion":{"description":"Version of keyName.","type":"integer"},"oldKeyName":{"description":"Name of the old key used for encryption. This key will be replaced by a new key to perform key rotation.","type":"string"},"oldKeyVersion":{"description":"Version of oldKeyName.","type":"integer"},"keyRotationType":{"description":"Type of key rotation - shallow or deep.","type":"string"},"accessPolicyGroup":{"description":"Name of the access policy group.","type":"string"},"ruleType":{"description":"Type of the rule - Local, Network, Cluster.","type":"string"},"driveGUID":{"description":"Drive GUID mapped to path on ProtectFile client.","type":"string"}}}]},"protectfileconfig":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"caid":{"description":"ID of the trusted Certificate Authority that will be used to sign client certificate during bootstrap process.","type":"string"}}}]},"share":{"type":"object","description":"A share asociated with the split key.","required":["material"],"properties":{"name":{"type":"string","description":"Unique name of share."},"material":{"type":"string","description":"Share's key material."}}},"clientshareassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clientId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"shareId":{"description":"Unique identifier of the share.","type":"string"}}}]},"cluster":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name of ProtectFile Cluster.","type":"string"},"windowsClusterName":{"description":"Unique Name identifying the Windows cluster. This name is attached to service. For linux cluster, this value is empty.","type":"string"},"encryptorClient":{"description":"Name of the client responsible for migration. Valid only for Linux cluster. For Windows, this value is set to 'None'.","type":"string"},"clusterOsType":{"description":"Operating system type (`windows' or `linux`) of attached clients.","type":"string"}}}]},"clusterclientassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clusterId":{"description":"Unique identifier of the ProtectFile cluster. This value is the yugo `ID`.","type":"string"},"clientId":{"description":"Unique identifier of the client. This value is the yugo `ID`.","type":"string"},"clusterName":{"description":"Name of cluster corresponding to clusterId.","type":"string"},"clientName":{"description":"Name of client corresponding to clientId.","type":"string"}}}]},"ProtectApp-Profiles":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"profiles":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)).","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. Valid values are 1 to 100.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"}}}]},"loggerparams":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"filesettings":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)).","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. Valid values are 1 to 100.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"syslogsettings":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}},"servers":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}},"uploadsettings":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"duplicatesettings":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}},"cachesettings":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}},"qosschedules":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}},"serversettings":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}},"endpointparams":{"type":"object","properties":{"name":{"description":"Name of the configuration.","type":"string"},"hostname":{"description":"Host name of the server. The valid values:\n-\tIP address\n-\tHostname\n-\tHostname_rfc1123\n-\tfqdn\n","type":"string"},"port":{"description":"Port of the server. Valid values are 0 to 65535.","type":"integer"},"schema":{"description":"Schema of the server, HTTP or HTTPS.","type":"string"},"path":{"description":"Path of the configuration.","type":"string"},"credentialsID":{"description":"ID of the server credentials.","type":"string"},"credentialsType":{"description":"Type of the server credentials, NO_AUTH, CERTIFICATE, and USER_PASSWORD.","type":"string"},"serverCertificate":{"description":"Certificate of the server.","type":"string"},"serverCertificateType":{"description":"Type of the server certificate. The valid values are:\n-\tKEYCERT\n-\tSPECIFIC_CA\n-\tSPECIFIC_CERT\n","type":"string"}}},"clientdeletemultistatus":{"allOf":[{"type":"object","properties":{"clients":{"description":"List of successfully deleted clients.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"falied_clients":{"description":"List of clients that failed to delete.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}}}}]},"signatureset":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"signature":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"signatureSet":{"description":"Signature set which owns the signatures.","type":"string"}}}]},"userset":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"usersetdeletemultistatus":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted user.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted user.","type":"integer"},"status_code":{"description":"Status code for deleted user.","type":"integer"}}}},"delete_failed":{"description":"List of users which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted user.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted user.","type":"integer"}}}}}}]},"processset":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"processsetdeletemultistatus":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted process.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted process.","type":"integer"},"status_code":{"description":"Status code for deleted process.","type":"integer"}}}},"delete_failed":{"description":"List of processes which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted process.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted process.","type":"integer"}}}}}}]},"processes":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}},"resourceset":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"resourcesetdeletemultistatus":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted resource.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted resource.","type":"integer"},"status_code":{"description":"Status code for deleted resource.","type":"integer"}}}},"delete_failed":{"description":"List of resources which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted resource.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted resource.","type":"integer"}}}}}}]},"policy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\", and \"CSI\".","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]},"securityrule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"signaturerulemultistatus":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"success_signature_rules":{"description":"List of successful signature sets added to the Signature rule","type":"array","items":{"type":"object","title":"Resource","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}},"failed_signature_rules":{"type":"array","description":"Failed to create signature-rule with signature-set with the reason for failure provided in a Key-Value pair with signature-set-identifier, error and status code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"signaturerule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}]},"guardpoint":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"guardpointscreatemultistatus":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"guardpointsunguardmultistatus":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully unguarded guard_points.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"status_code":{"description":"Status code for success.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to unguard.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"error":{"description":"Error reaon.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"keyrule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"guardpointstatus":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client on which GuardPoint is applied.","type":"string"},"client_name":{"description":"Name of CTE client on which GuardPoint is applied.","type":"string"},"guard_point_id":{"description":"UUID for the Guard Point.","type":"string"},"policy_id":{"description":"UUID for the Policy","type":"string"},"policy_name":{"description":"Policy name.","type":"string"},"attrs":{"description":"Attributes of guard point status","type":"string","format":"JSON"}}}]},"policyauditrecords":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"ID of the policy.","type":"string"},"policy_version":{"description":"Version number of policy.","type":"string"},"performed_by":{"description":"User who has performed operation on policy.","type":"string"},"performed_on":{"description":"Identifier of resource on which action was performed e.g. if Security Rule as created `kylo:kylo:henry:securityrule:1ae9c191-3187-43bb-902d-b17a899bcbf5`.","type":"string"},"action":{"description":"This field will provide information of what action was performed e.g. `Security Rule Created`.","type":"string"}}}]},"tag":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the classification tag.","type":"string"},"attributes":{"description":"List of attributes to be added to the tag.","type":"array","items":{"type":"object","title":"Attributes","properties":{"name":{"type":"string","description":"Name of the attribute."},"data_type":{"type":"string","description":"Data type of the attribute."},"value":{"type":"string","description":"Value of the attribute."},"operator":{"type":"string","description":"Operator to be applied to the attribute. The valid operators are:\n- eq (equal)\n- ne (not equal)\n- lt (less than)\n- le (less than or equal to)\n- gt (greater than)\n- ge (greater than or equal to)\nThe default operator is eq (equal).\n"}}}}}}]},"ldtkeyrule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]},"longpollrequestatus":{"allOf":[{"type":"object","properties":{"status":{"description":"Initial status of LongPoll request.","type":"string"},"reference_id":{"description":"Reference ID where response will be posted.","type":"integer"},"reason":{"description":"Reason of failure.","type":"string"}}}]},"LDTGroupCommService":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]},"LDTGroupCommServiceClientAssociationMultStatus":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-LDTGroupCommService Association","type":"array","items":{"type":"object","title":"Resource","properties":{"ldt_group_comm_service_id":{"type":"string","description":"UUID of CTE LDTGroupCommService."},"client_id":{"type":"string","description":"UUID of CTE Client."},"ldt_group_comm_service_name":{"type":"string","description":"Name of CTE LDTGroupCommService."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"ctepermissions":{"allOf":[{"type":"object","properties":{"cte_permissions":{"description":"List of CTE Permissions.","type":"array","items":{"type":"object","properties":{"type":{"description":"CTE Resource type.","type":"string"},"permissions":{"description":"List of CTE Permissions avaialble for resource type.","type":"array"}}}}}}]},"remediationconfig":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"knox_connection_identifier":{"description":"Knox Identifier which will be used CTE Remediation","type":"string"},"pqs_connection_schema":{"description":"Schema name of PQS which will be used for CTE Remediation","type":"string"},"pqs_connection_status":{"description":"PQS Connection status","type":"string"},"pqs_connection_uri":{"description":"PQS connection URI","type":"string"}}}]},"clientgroup":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"clientgroupclientassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"clientgroupclientassociationmultstatus":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-ClientGroup Association","type":"array","items":{"type":"object","title":"Resource","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"idtkeyrule":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"current_key":{"description":"ID of the key currently linked with the rule.","type":"string"},"transformation_key":{"description":"ID of the transformation key to link with the rule.","type":"string"}}}]},"clienthealthreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of Operation System. Ex. RHEL, Windows 7","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED or UNREGISTERED","type":"string"},"total_gp":{"description":"Number of GuardPoint on client.","type":"integer"},"enabled_gp":{"description":"Number of enabled GuardPoint on client.","type":"integer"}}}]},"clientkeysreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"keys_name":{"description":"Name of configured Key.","type":"string"}}}]},"clientprofilesreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"policieskeysreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"policy_type":{"description":"HostName or IP Address of Client.","type":"string"},"keys_name":{"description":"Name of configured Key.","type":"string"}}}]},"clientpoliciesreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"policy_type":{"description":"HostName or IP Address of Client.","type":"string"}}}]},"guardpointsreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"guard_point_type":{"description":"Type of the GuardPoint, that is, directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"}}}]},"clientguardstatusreport":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"guard_point_state":{"description":"Current state of GuardPoint e.g. UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"rekey_status":{"description":"Status of the rekey operation at CTE.","type":"string"},"est_rekey_time":{"description":"Estimated Rekey time in Day:Hour:Min.","type":"string"},"rekey_start_time":{"description":"Rekey start time.","type":"string"},"rekey_end_time":{"description":"Rekey end time.","type":"string"},"total_file":{"description":"Total files to be Transformed.","type":"integer"},"file_rekeyed":{"description":"Total files Transformed.","type":"integer"},"file_deleted":{"description":"Total Number of Files Deleted.","type":"integer"},"file_skipped":{"description":"Total files skipped.","type":"integer"},"total_size":{"description":"Total bytes to be Transformed.","type":"integer"},"byte_rekeyed":{"description":"Total bytes Transformed.","type":"integer"}}}]},"challengeresponse":{"allOf":[{"type":"object","properties":{"challenge_response":{"description":"When the CipherTrust Manager is unreachable from a protected client, the data stored in GuardPoints on the client cannot be accessed without the challenge-response.","type":"object","items":{"type":"object","properties":{"response_part1":{"description":"challenge response part 1.","type":"string"},"response_part2":{"description":"challenge response part 2.","type":"string"},"response_part3":{"description":"challenge response part 3.","type":"string"},"response_part4":{"description":"challenge response part 4.","type":"string"}}}}}}]},"csistoragegroup":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]},"storagegroupclientassociation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"storage_group_id":{"type":"string","description":"UUID of CTE Storage Group."},"client_id":{"type":"string","description":"UUID of CTE Client."},"storage_group_name":{"type":"string","description":"Name of CTE Storage Group."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"Database":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},"CView":{"type":"object","title":"CreateView","required":["alias","table","viewSqlOnly"],"properties":{"alias":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"table":{"type":"string","description":"Name of the table on which views and trigger are to be created."},"schema":{"type":"string","description":"The owner/schema name who owns the table if its other then used in connection."},"newtable":{"type":"string","description":"Name of the new table that holds the encrypted data. The default value is tablename_new."},"view":{"type":"string","description":"User specified view name. It is recommnded to use the default value which is same as the name of the table."},"insTrigger":{"type":"string","description":"Name of the insert trigger. The default trigger is tablename_ins_trig."},"updTrigger":{"type":"string","description":"Name of the updated trigger. The default value is tablename_upd_trig."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."}},"example":{"alias":"mydbname","table":"myTable","schema":"","newtable":"","view":"","insTrigger":"","updTrigger":"","viewSqlOnly":true}},"CDomainIndex":{"type":"object","title":"CreateDomainIndex","required":["table","column","viewSqlOnly"],"properties":{"table":{"type":"string","description":"Name of the table on which domain Index is to be created."},"schema":{"type":"string","description":"Owner/schema of the table."},"column":{"type":"string","description":"Column name on which domain index is needed."},"indexName":{"type":"string","description":"Name of the index."},"dIXName":{"type":"string","description":"Name of the domain index."},"userspace":{"type":"string","description":"Userspace used for domain index."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."}},"example":{"table":"myTable","schema":"","column":"","indexName":"","dIXName":"","userspace":"","viewSqlOnly":true}},"Table":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}},"Column":{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}},"PatchUser":{"type":"object","title":"PatchUser","required":["dbUser"],"properties":{"dbUser":{"type":"string","description":"Database user to be mapped to NAE user."},"naeUser":{"type":"string","description":"NAE user with whom database user is to be mapped."},"naePassword":{"type":"string","description":"Password for NAE user."}}},"GetAuth":{"type":"object","title":"GetAuth","required":["database_user","database_password"],"properties":{"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."}},"example":{"database_user":"admin","database_password":"asdf1234"}},"Jobs":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization."},"job_config_id":{"type":"string","description":"Associated job configuration id."},"job_config_name":{"type":"string","description":"Associated job configuration name."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"status":{"type":"string","description":"Gives the staus of job(scheduled, in_progress, failed, completed, aborted)\n","enum":["scheduled","in_progress","failed","completed","aborted"]},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive(cannot be set together).\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive (cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\",\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]}}}}]},"View":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}},"PostMigrationServer":{"type":"object","title":"PostMigrationServer","required":["host","port","naeuser","naepassword"],"properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}},"PatchMigrationServer":{"type":"object","title":"PostMigrationServer","properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}},"Encryption":{"type":"object","title":"Perform Encryption","required":["table","viewSqlOnly"],"properties":{"table":{"type":"string","description":"Name of the table to be encrypted"},"schema":{"type":"string","description":"Name of owner/schema of the table."},"newtable":{"type":"string","description":"Name of the new table which will hold encrypted data (default is tablename_new)"},"viewname":{"type":"string","description":"User specified view Name"},"insTrigger":{"type":"string","description":"Name of the insert trigger default will be tablename_ins_trig"},"updTrigger":{"type":"string","description":"Name of the update trigger default will be \"tablename_upd_trig\""},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."},"batchSize":{"type":"integer","description":"Specify the batch size in which encryption is to be deleted."}},"example":{"table":"myTable","newtable":"","viewname":"","insTrigger":"","updTrigger":"","viewSqlOnly":true,"batchsize":1000}},"Decryption":{"type":"object","title":"Perform Decryption","required":["table","columnNames"],"properties":{"table":{"type":"string","description":"Name of the table to be unmigrated."},"schema":{"type":"string","description":"Name of owner/schema of the table."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."},"batchSize":{"type":"integer","description":"Specify the batch size in which decryption is to be performed."},"columnNames":{"type":"array","items":{"type":"string"}}},"example":{"table":"myTable","batchsize":1000,"columnNames":["col1","col2"],"viewSqlOnly":true}},"Databases":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]},"ReportIdTemplate":{"type":"object","required":["reportId"],"properties":{"reportId":{"type":"string"}}},"SummaryReport":{"type":"object","properties":{"scansDataObjectCount":{"type":"integer","format":"int64"},"scansSensitiveDataObjectCount":{"type":"integer","format":"int64"},"scansSensitiveItemsCount":{"type":"integer","format":"int64"},"scansTotalInfotypesCount":{"type":"object","properties":{"detected":{"type":"integer","format":"int64"},"total":{"type":"integer","format":"int64"}}}}},"InfotypesCount":{"type":"object","properties":{"detected":{"type":"integer","format":"int64"},"total":{"type":"integer","format":"int64"}}},"InfotypesSummary":{"type":"object","properties":{"infotypesByCategory":{"type":"array","items":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"infotypesDistribution":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}},"InfotypeByCategory":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}},"Distribution":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}},"DataObjectsSummary":{"type":"object","properties":{"sensitiveDataObjectsByCategory":{"type":"array","items":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"sensitiveDataObjects":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}},"SensitiveDataObjectByCategory":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}},"ScansDetails":{"type":"object","properties":{"name":{"description":"Scan Name.","type":"string"},"execution":{"description":"Timestamp of the execution of the scan","type":"string","format":"date-time","x-nullable":true},"duration":{"description":"Duration of the execution of the scan","type":"integer"},"datastores":{"description":"Names of the datastores included in the scan.","type":"array","items":{"type":"string"}},"classificationProfiles":{"description":"Object classification profiles included in the scan.","type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the classification profile.","type":"string"},"deletedAt":{"description":"timestamp when classification profile was deleted.","type":"string","format":"date-time"}}}},"infotypes":{"description":"Infotypes included in the scan.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the infotype","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the infotype","type":"integer"},"name":{"description":"Name of the infotype","type":"string"},"riskWeight":{"description":"Weight for each match in the risk formula","type":"integer"},"family":{"description":"info type family","type":"object","properties":{"id":{"description":"family id","type":"string","format":"UUIDv4"},"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"id":{"description":"category id","type":"string","format":"UUIDv4"},"name":{"description":"name of the category","type":"string"}}}}}}}},"infotypesFound":{"description":"Number of found infotypes","type":"integer","format":"int64"},"totalDataObjects":{"description":"Total Data Objects included in the scan.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive Data Objects found in the scan.","type":"integer"},"filters":{"description":"Filters used in the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","description":"Type of filter to apply"},"expression":{"description":"Expression for the filter","type":"string"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date"},"days":{"description":"Days to include for the include_recent filter","type":"integer"},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer"}}}}}},"DatastoresDetails":{"type":"object","properties":{"name":{"description":"Name of the datastore.","type":"string"},"risk":{"description":"Value od the risk detected in the datastore.","type":"integer","format":"int64"},"warning":{"description":"True if the risk in high.","type":"boolean"},"sensitivityLevel":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Sentivity Level.","type":"string"},"color":{"description":"Color associated to the Sentivity Level.","type":"string"},"level":{"description":"Level associated to the Sentivity Level.","type":"integer"},"internal":{"description":"Indicates if the Sensivity Level is used only internally by the backend.","type":"boolean"}}}]},"scanName":{"description":"Name of the scan wich includes the datastore.","type":"string"},"lastScan":{"description":"Date of the last scan using the datastore.","type":"integer","format":"date-time"},"branchLocation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"},"country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"state":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]}}}]},"totalDataObject":{"description":"Total of dataobjects of the datastore.","type":"integer","format":"int64"},"sensitiveDataObject":{"description":"Number of sensitive data objects in the datastore.","type":"integer","format":"int64"},"infotypesTotal":{"description":"Names of the infotypes included in the datastore.","type":"array","items":{"type":"string"}},"infotypesTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"extensionsTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"classificationProfileTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}},"DataObjectsDetails":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value od the risk detected in the datastore.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore which includes the data object.","type":"string"},"owner":{"description":"Name of the owner.","type":"string"},"type":{"description":"Type of the data object. File or Table","type":"string"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"modified":{"description":"Date of last modification.","type":"string","format":"date-time"},"infoTypesTotal":{"description":"Number of distinct infotypes found.","type":"integer","format":"int64"},"infotypesDistribution":{"description":"array of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"infotype name"},"category":{"type":"string","description":"infotype category"},"value":{"type":"integer","format":"int64","description":"number of matches"},"searchPrecision":{"type":"string","format":"string","description":"Search precission for the infotype","enum":["HIGH","LOW","N/A"]},"riskWeight":{"type":"integer","description":"weight of each match in the risk formula"}}}},"DatastoreDeletedAt":{"description":"Date of deletion","type":"string","format":"date-time"},"policyId":{"description":"Id of the policy","type":"string"},"policyName":{"description":"Name of the policy","type":"string"},"remediationTimestamp":{"description":"Date of remediation","type":"string","format":"date-time"},"remediationStatus":{"description":"Status of remediation","type":"string"},"classificationProfiles":{"description":"Classification profiles","type":"array","items":{"type":"string"}}}},"ScanTrendDataObjectsDetails":{"type":"object","properties":{"scanId":{"description":"ID of the scan","type":"string"},"scanVersion":{"description":"Scan version","type":"integer","format":"int64"},"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value od the risk detected in the datastore.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreID":{"description":"ID of the datastore.","type":"string"},"datastoreName":{"description":"Name of the datastore","type":"string"},"profiles":{"description":"Profiles.","type":"integer","format":"int64"},"infoTypesTotal":{"description":"Infotypes.","type":"integer","format":"int64"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"remediationTimestamp":{"description":"Date of remediation","type":"string","format":"date-time"},"remediationStatus":{"description":"status of remediation.","type":"boolean"}}},"Agent":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"}}}]},"UpdateAgent":{"required":["localStorageOnly"],"properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels to assign to the agent","type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the label. If it doesn't exist it will be created.","type":"string"}}}}}},"Datastore":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},"DataObjectDetailsParams":{"allOf":[{"type":"object","required":["scanExecutionId","scanId","datastoreId","type","path","name"],"properties":{"scanExecutionId":{"description":"ScanExecutionID of the execution selected for the report.","type":"string"},"scanId":{"description":"scanID of the scan execution selected for the report.","type":"string"},"datastoreId":{"description":"datastoreID of the scan selected for the report.","type":"string"},"type":{"description":"Type of the data object.","type":"string"},"path":{"description":"Path of the data object.","type":"string"},"name":{"description":"name of the data object.","type":"string"}}}]},"ReportTemplate":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}}}}]},"ScanTrendReport":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"type":"object","properties":{"reportTemplateId":{"description":"ID of the report template that generated the report","type":"string","format":"UUIDv4"},"reportTemplateVersion":{"description":"Version of the report template that generated the report","type":"integer"},"status":{"description":"Status of the report","type":"string","enum":["RUNNING","COMPLETED","FAILED"]},"new":{"description":"Marks if the report has been viewed or if it's new","type":"boolean"},"startTimestamp":{"description":"Timestamp when the report generation started","type":"string","format":"date-time"},"endTimestamp":{"description":"Timestamp when the report generation finished","type":"string","format":"date-time"},"error":{"description":"Error of the report generation if it failed","type":"string","format":"json"},"scans":{"description":"Scan executions contained in the report","type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"description":"id of the scan","type":"string","format":"UUIDv4"},"executionDate":{"description":"timestamp for the scan execution","type":"string","format":"date-time"},"scanVersion":{"description":"version of the scan when it was executed","type":"integer"},"scanExecutionId":{"description":"id for the scan execution","type":"string","format":"UUIDv4"},"scanName":{"description":"name of the scan","type":"string"}}}]}}}}]},"DataObjectTrend":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"dataObjectScanned":{"description":"Scanned data objects.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive data objects.","type":"integer"},"remediatedDataObjects":{"description":"Remediated data objects.","type":"integer"},"infoTypesFoundCount":{"description":"Count of the infotypes found.","type":"integer"}}}},"AverageRisk":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanExecutionID":{"description":"Scan Execution ID.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"averageRisk":{"description":"Average risk.","type":"integer"}}}},"InfotypesTrend":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"infoTypesCount":{"description":"Count of the infotypes found.","type":"integer"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"infoTypesFound":{"description":"Array of infotypes found.","type":"array","items":{"type":"object","properties":{"infoTypeFamily":{"description":"Family of the infotype.","type":"string"},"name":{"description":"Name of the infotype.","type":"string"},"count":{"description":"Count of occurencies of this infotype found.","type":"integer"}}}}}}},"RemediationTrend":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"dataObjectScanned":{"description":"Scanned data objects.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive data objects.","type":"integer"},"remediablesDataObjects":{"description":"Remediable data objects.","type":"integer"},"remediatedDataObjects":{"description":"Remediated data objects.","type":"integer"}}}},"Report":{"type":"object","properties":{"reportTemplateName":{"description":"Name of ReportTemplate.","type":"string"},"scans":{"description":"Array of scan names.","type":"array","items":{"type":"object","properties":{"executionDate":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanName":{"description":"Name of the scan.","type":"string"}}}},"report":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"reportTemplateId":{"description":"ID of ReportTemplate.","type":"string"},"reportTemplateVersion":{"description":"version of ReportTemplate.","type":"integer"},"path":{"description":"Path of Report.","type":"string"},"status":{"description":"Status of the Report.","type":"string"},"new":{"description":"Schedule Report Template.","type":"boolean"},"startTimestamp":{"description":"Start of the process report.","type":"string","format":"date-time"},"endTimestamp":{"description":"End of the Report to be ready.","type":"string","format":"date-time"},"error":{"description":"Error of the report.","type":"string"}}}]}}},"ReportTemplateScans":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]},"CreateDynamicQueryParams":{"allOf":[{"type":"object","properties":{"id":{"description":"UUID of the dynamic query to create (optional)","type":"string","format":"uuid"},"filter":{"description":"Generic text filter to search in the name and path columns","type":"string"},"datastores":{"description":"Datastores to include in the query","type":"array","items":{"type":"string","format":"uuid"}},"types":{"description":"Types of data objects to include (File, Table, Inaccessible, Email, Attachment)","type":"array","items":{"type":"string"}},"sort":{"description":"Column to use for sorting (name, -name, risk, -risk, type, -type, path, -path)","type":"string"}}}]},"DynamicQueryDetails":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"type":"object","properties":{"reportId":{"description":"ID of the report for the dynamic query","type":"string","format":"uuid"},"startTimestamp":{"description":"timestamp when the query execution started","type":"string","format":"date-time"},"endTimestamp":{"description":"timestamp when the query execution finished","type":"string","format":"date-time"},"status":{"description":"status of the dynamic query (RUNNING, COMPLETED, FAILED)","type":"string"},"error":{"description":"Error of the dynamic query if it failed","type":"string","format":"json"}}}]},"ClassificationProfile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"classificationUUID":{"type":"string","description":"UUID for remediation and tagging. Classification profiles with same UUID are considered as the same for remediation.","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]},"ClassificationProfileInfoType":{"allOf":[{"type":"object","required":["min","infoTypeId"],"properties":{"min":{"description":"TBD.","type":"integer"},"infoTypeId":{"description":"Info Type ID associated.","type":"string"},"infoType":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"type":{"description":"Info Type type, either BUILTIN or CUSTOM","type":"string"},"key":{"description":"Info Type Key.","type":"string"},"region":{"description":"Info type Region.","type":"string"},"family":{"description":"info type family","type":"object","properties":{"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"name":{"description":"name of the category","type":"string"}}}}},"riskWeight":{"description":"risk weight for the infotype matches","type":"integer"}}}]}}}]},"InfoType":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"type":{"description":"Info Type type, either BUILTIN or CUSTOM","type":"string"},"key":{"description":"Info Type Key.","type":"string"},"region":{"description":"Info type Region.","type":"string"},"family":{"description":"info type family","type":"object","properties":{"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"name":{"description":"name of the category","type":"string"}}}}},"riskWeight":{"description":"risk weight for the infotype matches","type":"integer"}}}]},"CreateCustomInfotype":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"required":["expression"],"properties":{"expression":{"description":"Custom info type expression. The expression is a combination of the following commands.\n- WORD '{FREE TEXT}'\n- RANGE {TYPE} TIMES {FROM}-{TO}\n- REFER '{PREFIX}_{KEYNAME}'\nThe different options for the {TYPE} are SPACE, HSPACE, VSPACE, BYTE, ALNUM, LETTER, DIGIT, PRINTABLE,\nPRINTABLEASCII, PRINTABLENONALPHA, PRINTABLENONALNUM, GRAPHIC, SAMELINE, NONALNUM, NONALPHA and NONDIGIT\nThe {PREFIX}_{KEYNAME} is the Key field of the Infotype. The chosen infotype needs to be a built-in info type.\nFor each {PREFIX} used in the REFER section we need to add a INCLUDE 'DEFINE_{PREFIX}' at the start of the expression.\nThe commands are combined using the THEN clause.\nExample:\n INCLUDE 'DEFINE_BANK'\n INCLUDE 'DEFINE_CHD'\n REFER 'CHD_AMERICANEXPRESS'\n THEN WORD 'Hello world'\n THEN RANGE ALNUM TIMES 0-1\n THEN REFER 'BANK_AUSTRALIA_ABN_STRICT'\n THEN REFER 'CHD_MASTERCARD'\n","type":"string"}}},{"type":"object","required":["region","family"],"properties":{"region":{"description":"Region of the info type. Possible values - Global, Africa, Americas, Asia, Europe, Oceania","type":"string"},"family":{"description":"Info type family. Possible values - Passport Number, License Number, Date Of Birth, Gender,\nTelephone Number, Phone Number, Card Number, Patient Health Data, Email addresses, Login credentials,\nIP Address, Ethnicity, Roll Number, Credit/Debit Cards, Bank Account Info, Personal Identification,\nMailing Address, Name, Religion, MAC Address\n","type":"string"},"riskWeight":{"description":"Defines the value each match of the info type adds to the risk score.\nThis particular section of the risk score works like this: \n(It1Matches * It1Weight + It2Matches * It2Weight + ...) * 0.1\n","type":"integer","default":1}}}]},"UpdateCustomInfotype":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"required":["expression"],"properties":{"expression":{"description":"Custom info type expression. The expression is a combination of the following commands.\n- WORD '{FREE TEXT}'\n- RANGE {TYPE} TIMES {FROM}-{TO}\n- REFER '{PREFIX}_{KEYNAME}'\nThe different options for the {TYPE} are SPACE, HSPACE, VSPACE, BYTE, ALNUM, LETTER, DIGIT, PRINTABLE,\nPRINTABLEASCII, PRINTABLENONALPHA, PRINTABLENONALNUM, GRAPHIC, SAMELINE, NONALNUM, NONALPHA and NONDIGIT\nThe {PREFIX}_{KEYNAME} is the Key field of the Infotype. The chosen infotype needs to be a built-in info type.\nFor each {PREFIX} used in the REFER section we need to add a INCLUDE 'DEFINE_{PREFIX}' at the start of the expression.\nThe commands are combined using the THEN clause.\nExample:\n INCLUDE 'DEFINE_BANK'\n INCLUDE 'DEFINE_CHD'\n REFER 'CHD_AMERICANEXPRESS'\n THEN WORD 'Hello world'\n THEN RANGE ALNUM TIMES 0-1\n THEN REFER 'BANK_AUSTRALIA_ABN_STRICT'\n THEN REFER 'CHD_MASTERCARD'\n","type":"string"}}},{"type":"object","required":["region","family"],"properties":{"region":{"description":"Region of the info type. Possible values - Global, Africa, Americas, Asia, Europe, Oceania","type":"string"},"family":{"description":"Info type family. Possible values - Passport Number, License Number, Date Of Birth, Gender,\nTelephone Number, Phone Number, Card Number, Patient Health Data, Email addresses, Login credentials,\nIP Address, Ethnicity, Roll Number, Credit/Debit Cards, Bank Account Info, Personal Identification,\nMailing Address, Name, Religion, MAC Address\n","type":"string"},"riskWeight":{"description":"Defines the value each match of the info type adds to the risk score.\nThis particular section of the risk score works like this: \n(It1Matches * It1Weight + It2Matches * It2Weight + ...) * 0.1\n","type":"integer","default":1}}}]},"UpdateSearchPrecisionInfotype":{"allOf":[{"type":"object","required":["operations"],"properties":{"operations":{"type":"array","items":{"type":"object","required":["id","searchPrecision"],"properties":{"id":{"description":"BuiltIn Infotype Id","type":"string"},"searchPrecision":{"description":"Search Precision for Infotype. Possible values - LOW, HIGH\n","type":"string"}}}}}}]},"InfotypeExpression":{"required":["expression"],"properties":{"expression":{"description":"Custom info type expression. The expression is a combination of the following commands.\n- WORD '{FREE TEXT}'\n- RANGE {TYPE} TIMES {FROM}-{TO}\n- REFER '{PREFIX}_{KEYNAME}'\nThe different options for the {TYPE} are SPACE, HSPACE, VSPACE, BYTE, ALNUM, LETTER, DIGIT, PRINTABLE,\nPRINTABLEASCII, PRINTABLENONALPHA, PRINTABLENONALNUM, GRAPHIC, SAMELINE, NONALNUM, NONALPHA and NONDIGIT\nThe {PREFIX}_{KEYNAME} is the Key field of the Infotype. The chosen infotype needs to be a built-in info type.\nFor each {PREFIX} used in the REFER section we need to add a INCLUDE 'DEFINE_{PREFIX}' at the start of the expression.\nThe commands are combined using the THEN clause.\nExample:\n INCLUDE 'DEFINE_BANK'\n INCLUDE 'DEFINE_CHD'\n REFER 'CHD_AMERICANEXPRESS'\n THEN WORD 'Hello world'\n THEN RANGE ALNUM TIMES 0-1\n THEN REFER 'BANK_AUSTRALIA_ABN_STRICT'\n THEN REFER 'CHD_MASTERCARD'\n","type":"string"}}},"Regulation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}}]},"SensitivityLevel":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Sentivity Level.","type":"string"},"color":{"description":"Color associated to the Sentivity Level.","type":"string"},"level":{"description":"Level associated to the Sentivity Level.","type":"integer"},"internal":{"description":"Indicates if the Sensivity Level is used only internally by the backend.","type":"boolean"}}}]},"BranchLocation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"},"country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"state":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]}}}]},"CreateBranchLocation":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"}}}]},"HDFS":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"hdfsUri":{"description":"Path to connect to HDFS.","type":"string"},"folder":{"description":"Folder to connect to HDFS","type":"string"}}}]},"UpdateHDFS":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["hdfsUri","folder"],"properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"hdfsUri":{"description":"Path to connect to HDFS.","type":"string"},"folder":{"description":"Folder to connect to HDFS","type":"string"}}}]},"LIVY":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"livyUri":{"description":"URI to connect to LIVY.","type":"string"}}}]},"UpdateLIVY":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["livyUri"],"properties":{"hadoopConnectionId":{"description":"ID of the conection in citrus.","type":"string"},"livyUri":{"description":"URI to connect to LIVY.","type":"string"}}}]},"DataEngine":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"dataEngineUri":{"description":"URI to connect to Data-Engine.","type":"string"}}}]},"UpdateDataEngine":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["dataEngineUri"],"properties":{"hadoopConnectionId":{"description":"ID of the conection in citrus.","type":"string"},"dataEngineUri":{"description":"URI to connect to Data-Engine.","type":"string"}}}]},"ScanSettings":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","required":["agentMemoryMB","cpuPriority","networkThroughputMBPS"],"properties":{"agentMemoryMB":{"description":"Setting for the maximum memory usage that the scanner service can use on the Datastore host, in MB","type":"number","default":1024},"cpuPriority":{"description":"CPU priority set for the agent used in the scan. The possible values are 'low' and 'normal'","enum":["low","high"]},"networkThroughputMBPS":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps","type":"number","default":0}}}]},"UpdateScanSettings":{"allOf":[{"type":"object","properties":{"agentMemoryMB":{"description":"Setting for the maximum memory usage that the scanner service can use on the Datastore host, in MB","type":"number","example":1024},"cpuPriority":{"description":"CPU priority set for the agent used in the scan. The possible values are 'low' and 'normal'","enum":["low","high"]},"networkThroughputMBPS":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"number","example":0}}}]},"Tag":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"namespace":{"description":"Namespace of Tag.","type":"string"},"editable":{"description":"Indicates if the Tag can be edited or not.","type":"boolean"}}}]},"AgentLabel":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}}]},"TagParam":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["id"],"properties":{"id":{"description":"Id of the Tag.","type":"string","format":"uuid"}}}]},"Country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"State":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]},"AvailableScan":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}}]},"Scan":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"deletedAt":{"description":"The date when the scan was deleted","type":"string","format":"date-time"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *"},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"scheduleEnabled":{"description":"Indicates if the scan schedule is enabled","type":"boolean"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean"},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":1024},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (no_info, minimum, balanced, maximum)","type":"string","enum":["no_info","minimum","balanced","maximum"],"default":"no_info"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"voice":{"description":"Enables voice recognition when scanning WAV and MP3 files","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}},"classificationProfiles":{"description":"Classification profiles included in the scan","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"},"name":{"description":"Name of the classification profile","type":"string"},"chainedVersion":{"description":"Version of the classification profile","type":"integer"},"classificationUUID":{"description":"UUID of the classification profile for classification","type":"string","format":"UUIDv4"}}}},"dataStores":{"description":"Datastores included in the scan","type":"array","items":{"type":"object","properties":{"datastore":{"description":"Details of the datastore","type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"name":{"description":"Name of the datastore","type":"string"},"type":{"description":"Type of the datastore","type":"string"},"chainedVersion":{"description":"Version of the datastore","type":"integer"}}},"remediateRootPath":{"description":"Indicates if the remediation is enabled for the root path","type":"boolean","default":false},"targets":{"description":"Targets in the datastore to scan","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the target to scan","type":"string"},"remediate":{"description":"Indicates if the remediation is enabled for the target","type":"boolean"}}}}}}},"lastExecutionId":{"description":"ID of the last execution of the scan","type":"string","format":"UUIDv4"},"lastExecution":{"description":"Status of the last scan execution","type":"object","properties":{"id":{"description":"ID of the execution","type":"string","format":"UUIDv4"},"scanId":{"description":"ID of the scan","type":"string","format":"UUIDv4"},"scanVersion":{"description":"Version of the scan","type":"integer"},"startTimestamp":{"description":"Timestamp when the scan started","type":"string","format":"date"},"endTimestamp":{"description":"Timestamp when the scan ended","type":"string","format":"date"},"duration":{"description":"Duration of the scan in seconds","type":"integer"},"status":{"description":"Current status of the scan execution","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]},"error":{"description":"error of the scan, if it failed","type":"object","format":"JSON"},"totalObjects":{"description":"total data objects found in the execution","type":"integer"},"sensitiveObjects":{"description":"number of sensitive data objects found in the execution","type":"integer"},"ddcVersion":{"description":"ddc version when the scan was executed","type":"string"}}},"actions":{"description":"Actions available for the scan, given the configuration and the current status.","type":"array","items":{"type":"string","enum":["RUN_NOW","DISABLE","PAUSE","STOP","RESUME","ENABLE","RECLASSIFY","EDIT","DELETE","DUPLICATE"]}},"status":{"description":"Current status of the scan","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","UNSCANNED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]}}}]},"ScanReport":{"type":"object","properties":{"partial":{"description":"Partial Data","type":"integer"},"total":{"description":"Total Data","type":"integer"}}},"ScanExecution":{"type":"object","properties":{"timestamp":{"description":"Execution timestamp","type":"string","format":"date-time"},"scanExecutionId":{"description":"Execution ID","type":"string"},"scanId":{"description":"Scan ID","type":"string"},"version":{"description":"Scan Version","type":"integer"}}},"CreateLocalStorageDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"local storage datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"}}}}}]},"UpdateLocalStorageDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"local storage datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"}}}}}]},"CreateIBMDB2DatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateIBMDB2DatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateOracleDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateOracleDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateMicrosoftSQLDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Microsoft SQL db datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateMicrosoftSQLDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Microsoft SQL db datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreatePostgresSQLDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Postgres SQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdatePostgresSQLDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Postgres SQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateSapHanaDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"SAP Hana DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateSapHanaDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"SAP Hana DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateMySQLDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"MySQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateMySQLDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"MySQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateTeradataDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Teradata DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateTeradataDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Teradata DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateMongoDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Mongo DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"authDatabase":{"type":"string","description":"Authorization database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]},"UpdateMongoDBDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Mongo DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"authDatabase":{"type":"string","description":"Authorization database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateWindowsShareDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Windows Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."},"path":{"type":"string","description":"Shared folder name."}}}}}]},"UpdateWindowsShareDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Windows Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"},"path":{"type":"string","description":"Shared folder name."}}}}}]},"CreateUnixFileShareDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Unix File Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"path":{"type":"string","description":"Shared folder path."},"proxyHostname":{"type":"string","description":"hostname of the agent when the shared folder is mounted"},"proxyPath":{"type":"string","description":"mount point in the agent"}}}}}]},"UpdateUnixFileShareDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Unix File Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"path":{"type":"string","description":"Shared folder path."},"proxyHostname":{"type":"string","description":"hostname of the agent when the shared folder is mounted"},"proxyPath":{"type":"string","description":"mount point in the agent"}}}}}]},"CreateHadoopClusterDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Hadoop Cluster datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"hdfs port"}}}}}]},"UpdateHadoopClusterDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Hadoop Cluster datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"hdfs port"}}}}}]},"CreateAmazonS3DatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Amazon s3 datastore connection.","type":"object","properties":{"accessKeyId":{"type":"string","description":"access key ID"},"secretAccessKey":{"type":"string","description":"secret access key"}}}}}]},"UpdateAmazonS3DatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Amazon s3 datastore connection.","type":"object","properties":{"accessKeyId":{"type":"string","description":"access key ID"},"secretAccessKey":{"type":"string","description":"secret access key"},"editSecretAccessKey":{"type":"boolean","description":"set to true to edit the secret access key"}}}}}]},"CreateAzureBlobDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure blob datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore"}}}}}]},"UpdateAzureBlobDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure blob datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateAzureTableDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure table datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore"}}}}}]},"UpdateAzureTableDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure table datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateSharepointOnlineDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure Office365 Sharepoint Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"sharepoint domain"},"clientId":{"type":"string","description":"sharepoint client id"},"tenantId":{"type":"string","description":"sharepoint tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]},"UpdateSharepointOnlineDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure Office365 Sharepoint Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"sharepoint domain"},"clientId":{"type":"string","description":"sharepoint client id"},"tenantId":{"type":"string","description":"sharepoint tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]},"CreateExchangeOnlineDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 Exchange Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"exchange domain"},"clientId":{"type":"string","description":"exchange client id"},"tenantId":{"type":"string","description":"exchange tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]},"UpdateExchangeOnlineDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 Exchange Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"exchange domain"},"clientId":{"type":"string","description":"exchange client id"},"tenantId":{"type":"string","description":"exchange tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]},"CreateOneDriveBusinessDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 OneDrive Business datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"OneDrive Business domain"},"clientId":{"type":"string","description":"OneDrive Business client id"},"tenantId":{"type":"string","description":"OneDrive Business tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]},"UpdateOneDriveBusinessDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 OneDrive Business datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"OneDrive Business domain"},"clientId":{"type":"string","description":"OneDrive Business client id"},"tenantId":{"type":"string","description":"OneDrive Business tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]},"CreateExchangeServerDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Exchange Server datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"Exchange Server domain"},"username":{"type":"string","description":"Exchange Server username"},"password":{"type":"string","description":"Exchange Server password."}}}}}]},"UpdateExchangeServerDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Exchange Server datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"Exchange Server domain"},"username":{"type":"string","description":"Exchange Server username"},"password":{"type":"string","description":"password for exchange server. Only fill with editPassword=true"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]},"CreateGoogleMailDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Mail datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id."},"privateKey":{"type":"string","description":"private key."},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]},"UpdateGoogleMailDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Mail datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id. Only set with editServiceAccountID=true"},"editServiceAccountID":{"type":"boolean","description":"set to true to edit the service account id"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]},"CreateGoogleDriveDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id."},"privateKey":{"type":"string","description":"private key."},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]},"UpdateGoogleDriveDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id. Only set with editServiceAccountID=true"},"editServiceAccountID":{"type":"boolean","description":"set to true to edit the service account id"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]},"CreateSharepointServerDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"share point server hostname"},"username":{"type":"string","description":"username"},"password":{"type":"string","description":"password"},"apiPassword":{"type":"string","description":"api password."},"apiPasswordsFilename":{"type":"string","description":"api password file name."}}}}}]},"UpdateSharepointServerDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"share point server hostname"},"username":{"type":"string","description":"username"},"password":{"type":"string","description":"password. Only set with editPassword=true"},"editPassword":{"type":"boolean","description":"set to true to edit the password"},"apiPassword":{"type":"string","description":"api password. Only set with editAPIPasswords=true"},"editApiPassword":{"type":"boolean","description":"set to true to edit the api password"},"apiPasswordsFilename":{"type":"string","description":"api password file name."}}}}}]},"CreateSalesforceDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Salesforce datastore connection.","type":"object","properties":{"salesforceAccount":{"type":"string","description":"salesforce account"},"consumerKey":{"type":"string","description":"consumer key"},"privateKey":{"type":"string","description":"private key"},"privateKeyFilename":{"type":"string","description":"filename private key"}}}}}]},"UpdateSalesforceDatastoreParams":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Salesforce datastore connection.","type":"object","properties":{"salesforceAccount":{"type":"string","description":"salesforce account"},"consumerKey":{"type":"string","description":"consumer key. Only set with editConsumerKey=true"},"editConsumerKey":{"type":"string","description":"set to true to edit the consumer key"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"filename private key"}}}}}]},"CommonCreateDatastoreParams":{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},"AgentsDatastoreParams":{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},"AgentLabelsDatastoreParams":{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},"CreateDatastore":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","properties":{"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"}}}]},"CommonUpdateDatastoreParams":{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object"},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},"UpdateDatastore":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object"},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","properties":{"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n - editSecretAccessKey:\n - type: boolean\n - description: set to true to edit the secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n-EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password. Only fill with editPassword=true\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password. Only set with editPassword=true \n - editPassword:\n - type: string\n - description: set to true to edit the passowrd\n - apiPassword:\n - type: string\n - description: api password. Only set with editAPIPasswords=true\n - editAPIPasswords:\n - type: string\n - description: set to true to edit the api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"}}}]},"AgentLabelParam":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}},"UpdateStatusDatastore":{"type":"object","properties":{"status":{"description":"Status of Datastore.","type":"boolean"}}},"CreateReportTemplateAggregated":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["source","analysis","scans"],"properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"source":{"description":"Source of ReportTemplate.","type":"string"},"analysis":{"description":"Analysis of ReportTemplate.","type":"string"},"scans":{"description":"Array Scans of the reportTemplate","type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the scan selected for the report.","type":"string"},"scanExecutionId":{"description":"ScanExecutionID is the execution ID of the scan (Set to empty to use latest).","type":"string"},"scanName":{"description":"ScanName of the scan selected for the report.","type":"string"},"latest":{"description":"True for last execution.","type":"boolean"},"executionDate":{"description":"ExecutionDate of the scan selected for the report.","format":"date-time"}}}]}}}}]},"CreateReportTemplateTrend":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"scanId":{"description":"Scan Id of the desired scan","type":"string"},"scanExecutionId":{"description":"Scan Execution Id of the desired scan","type":"string"},"scanExecutions":{"description":"Number of scan executions desired for the report","type":"integer"}}}]},"CreateScanTemplateParams":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the scan selected for the report.","type":"string"},"scanExecutionId":{"description":"ScanExecutionID is the execution ID of the scan (Set to empty to use latest).","type":"string"},"scanName":{"description":"ScanName of the scan selected for the report.","type":"string"},"latest":{"description":"True for last execution.","type":"boolean"},"executionDate":{"description":"ExecutionDate of the scan selected for the report.","format":"date-time"}}}]},"CreateClassificationProfile":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["sensitivityLevelId","infoTypes"],"properties":{"id":{"description":"ID of the new classification profile. If not supplied a random UUID will be used","type":"string","format":"UUIDv4"},"classificationUUID":{"description":"UUID for remediation and tagging. Classification profiles with same UUID are considered as the same for remediation.\nIf not supplied a random UUID will be used\n","type":"string","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Classification Profile.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}},"infoTypes":{"type":"array","items":{"type":"object","properties":{"infoTypeId":{"description":"ID of the info type","type":"string","format":"UUIDv4"},"infoTypeMin":{"description":"Min matches of the infotype","type":"integer"}}}}}}]},"UpdateClassificationProfile":{"allOf":[{"type":"object","required":["name","sensitivityLevelId","infoTypes"],"properties":{"name":{"description":"name of Classification Profile.","type":"string"},"description":{"description":"Description of Classification Profile.","type":"string"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Classification Profile.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}},"infoTypes":{"type":"array","items":{"type":"object","properties":{"infoTypeId":{"description":"ID of the info type","type":"string","format":"UUIDv4"},"infoTypeMin":{"description":"Min matches of the infotype","type":"integer"}}}}}}]},"DatastoreType":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"DatastoreGroup":{"type":"object","properties":{"type":{"description":"Datastores group type.","type":"string"},"dataStores":{"description":"datastores of previous type.","type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}}}},"ScannedDatastores":{"type":"object","properties":{"totalDatastores":{"description":"Total number of datastores.","type":"integer"},"scannedDatastores":{"description":"Total number of scanned datastores.","type":"integer"},"sensitiveDatastores":{"description":"number of datastores with sensitive data.","type":"integer"}}},"ScanFilter":{"type":"object","required":["filter"],"properties":{"filter":{"description":"type of the filter","type":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"]},"expression":{"description":"expression for exlcude_prefix, exclude_suffix or exclude_expresion filters.","type":"string"},"toDate":{"description":"include locations modified in a given range of the date","type":"string"},"fromDate":{"description":"include locations modified in a given range of the date","type":"string"},"days":{"description":"include locations modified recently within a given number of days from the current day","type":"integer"},"size":{"description":"exclude locations greater than file size (MB)","type":"integer"}}},"CreateScan":{"allOf":[{"type":"object","required":["name","classificationProfiles","dataStores"],"properties":{"id":{"description":"id to use when creating the scan","type":"string","format":"UUIDv4","default":"random UUID"},"name":{"description":"name of the scan","type":"string"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *","default":null},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean","default":false},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":1024},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (no_info, minimum, balanced, maximum)","type":"string","enum":["no_info","minimum","balanced","maximum"],"default":"no_info"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"voice":{"description":"Enables voice recognition when scanning WAV and MP3 files","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"classificationProfiles":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"}}}},"dataStores":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"remediateRootPath":{"description":"Enable or disable remediation for root path. This cannot be true if there are targets.","type":"boolean","default":false},"targets":{"description":"targets to scan inside the datastore","type":"array","items":{"type":"object","properties":{"path":{"description":"Target path to scan in the datastore","type":"string"},"remediate":{"description":"Enable or disable remediation for the target path","type":"boolean","default":false}}}}}}},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}}}}]},"UpdateScan":{"allOf":[{"type":"object","required":["name","classificationProfiles","dataStores"],"properties":{"id":{"description":"id of the scan to update","type":"string","format":"UUIDv4"},"name":{"description":"name of the scan","type":"string"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *","default":null},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean","default":false},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":1024},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (no_info, minimum, balanced, maximum)","type":"string","enum":["no_info","minimum","balanced","maximum"],"default":"no_info"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"voice":{"description":"Enables voice recognition when scanning WAV and MP3 files","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"classificationProfiles":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"}}}},"dataStores":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"remediateRootPath":{"description":"Enable or disable remediation for root path. This cannot be true if there are targets.","type":"boolean","default":false},"targets":{"description":"targets to scan inside the datastore","type":"array","items":{"type":"object","properties":{"path":{"description":"Target path to scan in the datastore","type":"string"},"remediate":{"description":"Enable or disable remediation for the target path","type":"boolean","default":false}}}}}}},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}}}}]},"RegisterActiveNode":{"allOf":[{"type":"object","properties":{"id":{"description":"ID of the node to register as active","type":"string"}}}]},"ResourceIDParam":{"type":"object","properties":{"id":{"description":"Id of the Tag.","type":"string","format":"uuid"}}},"ConnectivityResponse":{"type":"object","properties":{"status":{"description":"Connection status.","type":"string","enum":["RUNNING","COMPLETED"]},"processID":{"description":"Process ID","type":"string","format":"uuid"}}},"NodeInfo":{"type":"object","properties":{"publicAddress":{"description":"Public Address of the node","type":"string"},"host":{"description":"Private Address of the node","type":"string"}}},"RecommendedRam":{"type":"object","properties":{"recommendedRam":{"description":"Recommended RAM to deploy DDC","type":"integer","format":"int64"}}},"AvailableRam":{"type":"object","properties":{"totalRam":{"description":"Available RAM in the system","type":"integer","format":"int64"}}},"DataAllowance":{"type":"object","properties":{"dataUsage":{"description":"Data allowance consumed","type":"integer","format":"int"},"totalDataAllowance":{"description":"Total data allowance available","type":"integer","format":"int"}}},"DDCResource":{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},"Versioned":{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},"UpdateDatastoreConnection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n - editSecretAccessKey:\n - type: boolean\n - description: set to true to edit the secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n-EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password. Only fill with editPassword=true\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password. Only set with editPassword=true \n - editPassword:\n - type: string\n - description: set to true to edit the passowrd\n - apiPassword:\n - type: string\n - description: api password. Only set with editAPIPasswords=true\n - editAPIPasswords:\n - type: string\n - description: set to true to edit the api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"DatastoreConnection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"pollResponse":{"type":"object","properties":{"message":{"description":"Message","type":"string"},"result":{"description":"Result Code","type":"string"},"data":{"description":"Actual Data","type":"object","properties":{"directory":{"description":"Directory Listing","type":"array","items":{"type":"string"}},"signing_status":{"description":"Signing Status","type":"string"}}}}},"remediationStatusResponse":{"type":"object","properties":{"process_id":{"description":"Process Id.","type":"string"},"data_store_status_request":{"type":"array","items":{"type":"object","properties":{"host_name":{"type":"string","description":"Hostname."},"data_store_type":{"type":"string","description":"Data store type."},"share_path":{"type":"string","description":"Network share path."},"data_store_path":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","description":"Path name."},"remediation_progress":{"type":"integer","description":"Data store type."},"remediation_status":{"type":"string","description":"Network share path."}}}}}}}}},"remediationStatusResetResponse":{"type":"object","properties":{"process_id":{"description":"Name of the Process Id.","type":"string"},"data_store_status_reset_request":{"type":"array","items":{"type":"object","properties":{"host_name":{"type":"string","description":"name of the host."},"data_store_type":{"type":"string","description":"Data store type."},"share_path":{"type":"string","description":"Network share path."},"data_store_elem_path":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","description":"Path name"}}}}}}}}},"k8sNodesCountResponse":{"type":"object","properties":{"k8s_nodes_count":{"description":"K8s nodes count","type":"integer"}}},"Domain":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"deletedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain was deleted"},"meta":{"type":"object","description":"Optional end-user or service data stored with the domain"},"parent_domain_id":{"type":"string","readOnly":true,"description":"ID of the parent domain"},"allow_user_management":{"type":"boolean","description":"To allow user creation and management in the domain"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection. Required for HSM-anchored domains."},"hsm_domain_kek_label":{"type":"string","description":"Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label."}}}]},"Domains":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"deletedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain was deleted"},"meta":{"type":"object","description":"Optional end-user or service data stored with the domain"},"parent_domain_id":{"type":"string","readOnly":true,"description":"ID of the parent domain"},"allow_user_management":{"type":"boolean","description":"To allow user creation and management in the domain"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection. Required for HSM-anchored domains."},"hsm_domain_kek_label":{"type":"string","description":"Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label."}}}]}}}}]},"SyslogRedirectionResponse":{"type":"object","properties":{"enable_syslog_redirection":{"type":"boolean"}}},"DomainKEKRotationStatus":{"type":"object","properties":{"ID":{"type":"string","description":"ID of rotation job"},"startedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was started"},"finishedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was completed"},"status":{"type":"string","readOnly":true,"description":"Status of KEK rotation"},"meta":{"type":"object","description":"Additional status information associated with the KEK rotation"}}},"DomainKEK":{"type":"object","properties":{"ID":{"type":"string","description":"ID of domain KEK"},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain KEK was created"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection."},"hsm_kek_label":{"type":"string","description":"Label of the domain KEK on the HSM."},"is_current":{"type":"boolean","readOnly":true,"description":"Flag to indicate if this is the current domain KEK"},"rotation_jobs":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of rotation job"},"startedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was started"},"finishedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was completed"},"status":{"type":"string","readOnly":true,"description":"Status of KEK rotation"},"meta":{"type":"object","description":"Additional status information associated with the KEK rotation"}}},"description":"Rotation jobs of the domain KEK"}}},"DomainKEKs":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of domain KEK"},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain KEK was created"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection."},"hsm_kek_label":{"type":"string","description":"Label of the domain KEK on the HSM."},"is_current":{"type":"boolean","readOnly":true,"description":"Flag to indicate if this is the current domain KEK"},"rotation_jobs":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of rotation job"},"startedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was started"},"finishedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was completed"},"status":{"type":"string","readOnly":true,"description":"Status of KEK rotation"},"meta":{"type":"object","description":"Additional status information associated with the KEK rotation"}}},"description":"Rotation jobs of the domain KEK"}}}}}}]},"requestMetadata":{"allOf":[{"type":"object","properties":{"awsPrincipalArn":{"description":"AWS Principal ARN","type":"string"},"awsSourceVpc":{"description":"AWS Source VPC","type":"string"},"awsSourceVpce":{"description":"AWS Source VPCE","type":"string"},"kmsKeyArn":{"description":"KMS Key ARN","type":"string"},"kmsOperation":{"description":"KMS Operation","type":"string"},"kmsRequestId":{"description":"KMS Request ID","type":"string"},"kmsViaService":{"description":"KMS via Service","type":"string"}},"required":["kmsRequestId"]}]},"auth":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a cloud","type":"string"},"user":{"description":"User","type":"string"},"secret":{"description":"Secret","type":"string"},"tenant":{"description":"Tenant","type":"string"}}}]},"EkmEndpoint":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"EKM Endpoint name.","type":"string"},"kekURI":{"description":"URI of KEK created by EKM Endpoint.","type":"string"},"kekURIHostname":{"description":"URI Hostname of KEK created by EKM Endpoint.","type":"string"},"kekName":{"description":"Name of KEK created by EKM Endpoint.","type":"string"},"kekID":{"description":"ID of KEK created by EKM Endpoint.","type":"string"},"meta":{"description":"Additional information associated with EKM Endpoint.","type":"object"},"enabled":{"description":"Status to allow wrap or unwrap operation using this EKM Endpoint.","type":"boolean"}}}]},"ServiceNowEndpoint":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"ServiceNow endpoint name.","type":"string"},"instanceID":{"description":"Instance ID of the ServiceNow endpoint (must be unique across domains).","type":"string"},"blocked":{"description":"Blocked status of endpoint.","type":"boolean"},"description":{"description":"Description of the ServiceNow endpoint.","type":"string"},"sourceKeyID":{"description":"ID of the endpoint source key.","type":"object"}}}]},"ServiceNowRootCertificate":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"certificate":{"type":"string","description":"ServiceNow root certificate"}}}]},"endpoint":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"Endpoint name.","type":"string"},"endpoint_url_hostname":{"description":"KACLS baseURL hostname for endpoint Url.","type":"string"},"endpoint_url":{"description":"KACLS endpoint Url.","type":"string"},"kekName":{"description":"Name of KEK created by endpoint.","type":"string"},"kekID":{"description":"ID of KEK created by endpoint.","type":"string"},"kekVersion":{"description":"Version of KEK created by endpoint.","type":"string"},"status":{"description":"An endpoint can have any one of the three possible status {\"active\", \"disabled\", \"archived\"}.","type":"string"},"issuer":{"description":"List of valid issuers for endpoint.","type":"array","items":{"type":"string"}},"cors":{"description":"List of Cross-Origin Resource Sharing.","type":"array","items":{"type":"string"}},"authorizationAud":{"description":"List of audience valid for authorization jwt.","type":"array","items":{"type":"string"}},"authenticationAud":{"description":"List of audience valid for authentication jwt.","type":"array","items":{"type":"string"}},"meta":{"description":"Additional information associated with endpoint.","type":"object"}}}]},"issuer":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated."},"name":{"description":"Issuer name.","type":"string"},"iss":{"description":"Issuer claim in IDP JWT.","type":"string"},"openidConfigurationURL":{"description":"Open Id configuration URL.","type":"string"},"jwksURL":{"description":"Open Id JWKS URL.","type":"string"},"meta":{"description":"Additional information associated with issuer.","type":"object"}}}]},"ExternalKeyAlgorithm":{"type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_SIGN_PSS_2048_SHA256","ALGORITHM_RSA_SIGN_PSS_3072_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA512","ALGORITHM_RSA_SIGN_PKCS1_2048_SHA256","ALGORITHM_RSA_SIGN_PKCS1_3072_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA512","ALGORITHM_EC_SIGN_P256_SHA256","ALGORITHM_EC_SIGN_P384_SHA384"],"default":"ALGORITHM_UNSPECIFIED"},"v0ExternalKeyAlgorithm":{"type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_SIGN_PSS_2048_SHA256","ALGORITHM_RSA_SIGN_PSS_3072_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA512","ALGORITHM_RSA_SIGN_PKCS1_2048_SHA256","ALGORITHM_RSA_SIGN_PKCS1_3072_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA512","ALGORITHM_EC_SIGN_P256_SHA256","ALGORITHM_EC_SIGN_P384_SHA384"],"default":"ALGORITHM_UNSPECIFIED"}}},"AccessReasonContextReason":{"type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"},"v0AccessReasonContext":{"type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"v0EKMRequestContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"v0RequestMetadata":{"type":"object","properties":{"keyPath":{"type":"string"},"additionalContext":{"description":"Skip the wrapped_blob field, maintaining compatibility with the [Un]wrap\nrequest buffers for encoding/decoding.","type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}}}},"description":"Identical to the fields in [Un]wrapRequest, minus the payload itself."},"v0BeginSessionRequest":{"type":"object","properties":{"tlsRecords":{"type":"string","format":"byte","description":"TLS records containing the initial handshake message from client to server. Required."}}},"v0BeginSessionResponse":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"tlsRecords":{"type":"string","format":"byte","description":"TLS records containing the initial handshake response from server to client. Required."}}},"v0HandshakeRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"tlsRecords":{"type":"string","format":"byte","description":"TLS records containing the initial handshake response from server to client. Required."}}},"v0HandshakeResponse":{"type":"object","properties":{"tlsRecords":{"type":"string","format":"byte","description":"TLS records containing the handshake response from server to client. Required."}}},"v0NegotiateAttestationRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"offered_evidence_types_records":{"type":"string","format":"byte","description":"TLS records containing the offered attestation types. Required."}}},"v0NegotiateAttestationResponse":{"type":"object","properties":{"required_evidence_types_records":{"type":"string","format":"byte","description":"TLS records containing the required attestation types. Required."}}},"v0FinalizeRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"attestation_evidence_records":{"type":"string","format":"byte","description":"TLS records containing the offered attestation evidence. Required."}}},"v0FinalizeResponse":{"type":"object","properties":{}},"v0EndSessionRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Opaque context that identifies a client/server session. Required."},"tls_records":{"type":"string","format":"byte","description":"TLS records containing the fixed termination string. Required."}}},"v0EndSessionResponse":{"type":"object","properties":{}},"v0ConfidentialWrapRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Previously-negotiated session context, defined by the EKM and opaque to Google. Required."},"tlsRecords":{"type":"string","format":"byte","description":"A serialized and TLS session-encrypted (via |session_context|) WrapRequest. Required."},"requestMetadata":{"description":"Relevant subset of metadata from the serialized |records|. Optional.","type":"object","properties":{"keyPath":{"type":"string"},"additionalContext":{"description":"Skip the wrapped_blob field, maintaining compatibility with the [Un]wrap\nrequest buffers for encoding/decoding.","type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}}}}}}},"v0ConfidentialWrapResponse":{"type":"object","properties":{"tls_records":{"type":"string","format":"byte","description":"A serialized and TLS session-encrypted WrapResponse. Required."}}},"v0ConfidentialUnwrapRequest":{"type":"object","properties":{"sessionContext":{"type":"string","format":"byte","description":"Previously-negotiated session context, defined by the EKM and opaque to Google. Required."},"tlsRecords":{"type":"string","format":"byte","description":"A serialized and TLS session-encrypted (via |session_context|) UnwrapRequest. Required."},"requestMetadata":{"description":"Relevant subset of metadata from the serialized |records|. Optional.","type":"object","properties":{"keyPath":{"type":"string"},"additionalContext":{"description":"Skip the wrapped_blob field, maintaining compatibility with the [Un]wrap\nrequest buffers for encoding/decoding.","type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}}}}}}},"v0ConfidentialUnwrapResponse":{"type":"object","properties":{"tls_records":{"type":"string","format":"byte","description":"A serialized and TLS session-encrypted UnwrapResponse. Required."}}},"v0EKMUnwrapRequest":{"type":"object","properties":{"wrappedBlob":{"type":"string","format":"byte","description":"Required. The wrapped data originally returned in\n[WrapResponse.wrapped_blob][]."},"additionalContext":{"description":"More context provided during Unwrap operation.\nRequired if Key Access Justification is enabled for GCP project.","type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}}},"additionalAuthenticatedData":{"type":"string","format":"byte","description":"Optional data that must match the data originally supplied in\n[WrapRequest.additional_authenticated_data][]."}},"description":"Unwrap a blob that was previously returned in the WrapResponse."},"v0EKMUnwrapResponse":{"type":"object","required":["plaintext"],"properties":{"plaintext":{"type":"string","format":"byte","description":"The decrypted data originally supplied in [WrapRequest.plaintext][]."},"allowedCacheDuration":{"type":"string","description":"A maximum duration the unwrapped key is allowed to be cached by the\nA maximum duration the unwrapped key is allowed to be cached by the\ncaller.\nMust be positive."}},"description":"Response message for [GCPExternalKeyManagementService.Unwrap][]."},"v0EKMWrapRequest":{"type":"object","required":["plaintext"],"properties":{"plaintext":{"type":"string","format":"byte","description":"Required. The data to be wrapped (base64 encoded). Must be no larger than 64KiB."},"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"additionalAuthenticatedData":{"type":"string","format":"byte","description":"Optional data that, if specified, must also be provided during\ndecryption through [UnwrapRequest.additional_authenticated_data][].\nThe AAD must be no larger than 64KiB."}},"description":"Wrap a key with an External-KMS-defined AEAD scheme."},"v0EKMWrapResponse":{"type":"object","properties":{"wrappedBlob":{"type":"string","format":"byte","description":"The wrapped blob."}},"description":"Response message for [GCPExternalKeyManagementService.Wrap][]."},"v0EKMAsymmetricSignRequest":{"type":"object","required":["data"],"properties":{"data":{"type":"string","format":"byte","description":"Required. The data to be signed (base64 encoded). Must be no larger than 64KiB."},"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"key_uri_prefix":{"type":"string","description":"Optional data that, if specified, defines the full key URI."}},"description":"Signs data with the asymmetric key named in the Request."},"v0EKMAsymmetricSignResponse":{"type":"object","properties":{"signature":{"type":"string","format":"byte","description":"The signed data."}},"description":"Response message for [GCPExternalKeyManagementService.AsymmetricSign][]."},"v0EKMGetInfoResponse":{"type":"object","properties":{"ekm_software_id":{"type":"string","description":"EKM Software ID."}},"description":"Response message for [GCPExternalKeyManagementService.GetInfo][]."},"v0EKMGetPublicKeyRequest":{"type":"object","properties":{"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"key_uri_prefix":{"type":"string","description":"Optional data that, if specified, defines the full key URI."}},"description":"Gets the public key of the asymmetric key named in the Request.."},"v0EKMGetPublicKeyResponse":{"type":"object","properties":{"pem":{"type":"string","description":"The public key, SubjectPublicKeyInfo encoded in PEM format."},"key_algorithm":{"description":"The key algorithm associated with the Asymmetric Key.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_SIGN_PSS_2048_SHA256","ALGORITHM_RSA_SIGN_PSS_3072_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA512","ALGORITHM_RSA_SIGN_PKCS1_2048_SHA256","ALGORITHM_RSA_SIGN_PKCS1_3072_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA512","ALGORITHM_EC_SIGN_P256_SHA256","ALGORITHM_EC_SIGN_P384_SHA384"],"default":"ALGORITHM_UNSPECIFIED"}}}},"description":"Response message for [GCPExternalKeyManagementService.GetPublicKey][]."},"v0EKMAsymmetricVerifyRequest":{"type":"object","required":["data","signature"],"properties":{"data":{"type":"string","format":"byte","description":"Required. The data to be signed (base64 encoded). Must be no larger than 64KiB."},"signature":{"type":"string","format":"byte","description":"Required. The data signature (base64 encoded)."},"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"key_uri_prefix":{"type":"string","description":"Optional data that, if specified, defines the full key URI."}},"description":"Verify data with the asymmetric key named in the Request."},"v0EKMAsymmetricVerifyResponse":{"type":"object","properties":{"status":{"type":"boolean","format":"boolean","description":"Verification status."}},"description":"Response message for [GCPExternalKeyManagementService.AsymmetricVerify][]."},"protobufAny":{"type":"object","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized potocol buffer message. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\nNote: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics."},"value":{"type":"string","format":"byte","description":"Must be a valid serialized protocol buffer of the above specified type."}},"description":"`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++.\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(&foo)) {\n ...\n }\nExample 2: Pack and unpack a message in Java.\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n Example 3: Pack and unpack a message in Python.\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n Example 4: Pack and unpack a message in Go\n foo := &pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := &pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\nThe pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example:\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": ,\n \"lastName\": \n }\nIf the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]):\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"},"runtimeEKMError":{"type":"object","properties":{"error":{"type":"string"},"code":{"type":"integer","format":"int32"},"message":{"type":"string"},"details":{"type":"array","items":{"type":"object","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized potocol buffer message. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\nNote: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics."},"value":{"type":"string","format":"byte","description":"Must be a valid serialized protocol buffer of the above specified type."}},"description":"`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++.\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(&foo)) {\n ...\n }\nExample 2: Pack and unpack a message in Java.\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n Example 3: Pack and unpack a message in Python.\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n Example 4: Pack and unpack a message in Go\n foo := &pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := &pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\nThe pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example:\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": ,\n \"lastName\": \n }\nIf the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]):\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"}}}},"xksPolicyAttributes":{"allOf":[{"type":"object","description":"Policy parameters (applicable only to encrypt and decrypt data plane API's for AWS XKS Key).\nXKS Key usage would be allowed only if attribute values specifed in policy here would match the \nrequest data received in encrypt/decrypt API request against value specified here).\n","required":["aws_principal_arn","kms_key_arn","kms_operation"],"properties":{"aws_principal_arn":{"type":"string","description":"ARN of the principal that invoked KMS Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlainText \nor ReEncrypt API. Default value is '*' where all values of aws_principal_arn would be allowed.\n"},"aws_source_vpc":{"type":"string","description":"AWS Source VPC indicates the VPC where request originated from. \nIt is present only if the KMS API request was made against a VPC endpoint.\n"},"aws_source_vpce":{"type":"string","description":"AWS Source VPC indicates the VPC endpoint where request originated from. \nIt is present only if the KMS API request was made against a VPC endpoint.\n"},"kms_key_arn":{"type":"string","description":"ARN of the KMS Key on which the Encrypt, ReEncrypt, GenerateDataKey or \nGenerateDataKeyWithoutPlainText API was invoked. Default value is '*' where all values of kms_key_arn\nwould be allowed.\n"},"kms_operation":{"type":"string","description":"Indicates KMS API call that resulted in the XKS Proxy API request, \neg any one of the four KMS API's (Encrypt, ReEncrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext) \ncan result in Encrypt call. Default value is '*' where all values of kms_operation would be allowed.\n","enum":["Encrypt (applicable only for Encrypt API requests)","ReEncrypt (applicable for Encrypt as well as Decrypt API requests)","GenerateDataKey (applicable only for Encrypt API requests)","GenerateDataKeyWithoutPlaintext (applicable only for Encrypt API requests)","Decrypt (applicable only for Decrypt API requests)"]},"kms_via_service":{"type":"string","description":"Indicates the AWS service that called the KMS API on behalf of a customer."}}}]},"NamedCredential":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"Named credential name.","type":"string"},"url_hostname":{"type":"string","description":"Base hostname of url"},"password_authentication":{"type":"object","description":"named credential password Authentication details.","properties":{"username":{"type":"string","description":"Username for named credential."},"password":{"type":"string","description":"Password for named credential."}}},"organization_id":{"type":"string","description":"Organization ID to which this named credential should belong to."},"sfdc_name_credential_id":{"type":"string","description":"sfdc Name credential ID."},"synced_at":{"type":"string","format":"date-time","description":"Date/time when named credential was last synced"}}}]},"sfdcCertificate":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application to which this resource belongs."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated."},"name":{"description":"Certificate name.","type":"string"},"organization_id":{"type":"string","description":"Organization ID to which this named credential should belong to."},"ca_signed":{"description":"Flag to denote if self-signed.","type":"boolean"},"key_size":{"description":"Size","type":"integer"},"version":{"description":"version","type":"integer"},"signature_algorithm_name":{"description":"Subject","type":"string"},"serial_number":{"description":"Subject","type":"string"},"subject_key_identifier":{"description":"Subject","type":"string"},"authority_key_identifier":{"description":"Subject","type":"string"},"path_len_constraint":{"description":"Subject","type":"string"},"valid_to":{"description":"Subject","type":"string","format":"date-time"},"valid_from":{"description":"Subject","type":"string","format":"date-time"},"issuer":{"description":"Subject","type":"string"},"public_key_name":{"description":"Subject","type":"string"},"signature":{"description":"Subject","type":"string"},"public_key":{"description":"Subject","type":"string"}}}]},"sfdcKey":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"Tenant secret name.","type":"string"},"sfdcOrganizationId":{"type":"string","description":"SFDC Organization ID this resource should belong to."},"cloudName":{"description":"Cloud Name","type":"string"},"organizationId":{"type":"string","description":"Organization ID this resource should belong to."},"certificateId":{"type":"string","description":"Certificate ID whose public key to be used to encrypt tenant secret."},"keyType":{"description":"Type of Tenant Secret. Options are byok and cache-only. Default is byok.","type":"string"},"source_key_tier":{"description":"Source key tier. Options are local and dsm. Default is local.","type":"string"},"errorMsg":{"description":"Error Message.","type":"string"},"sfdcParams":{"description":"SFDC related params","type":"object","properties":{"createdById":{"description":"ID of the created User","type":"string"},"lastModifiedDate":{"description":"Last Modified Date","type":"string","format":"date-time"},"systemModStamp":{"description":"System Modified TIme stamp","type":"string","format":"date-time"},"version":{"description":"version","type":"integer"},"status":{"description":"Status of the Tenant secret","type":"string"},"source":{"description":"Source of the Tenant secret","type":"string"},"type":{"description":"Data Type of Tenant secret","type":"string"},"remoteKeyCertificate":{"description":"Certificate whose public key to be used to encrypt tenant secret","type":"string"},"remoteKeyServiceId":{"description":"SFDC Named credential ID for this tenant secret","type":"string"},"remoteKeyIdentifier":{"description":"cache-only key identifier.","type":"string"}}},"tenantSecretBackup":{"description":"Backup params details","type":"object","properties":{"backupKeyName":{"description":"Backup Key Name.","type":"string"},"backupKeyTier":{"description":"Backup Key Source.","type":"string"}}},"keyUploadParams":{"description":"Upload params details","type":"object","properties":{"sourceKeyTier":{"description":"Source key tier. Options are local and dsm. Default is local.","type":"string"},"sourceKeyId":{"description":"Source key ID.","type":"string"},"sourceKeyName":{"description":"Source Key Name.","type":"string"}}}}}]},"Email":{"description":"Email ID object","type":"object","properties":{"email_id":{"type":"string","description":"The email address to be notified."},"meta":{"type":"object","description":"Additional data included for the email address for information purposes only, e.g., notes/descriptions about the email address, to help manage email notification."}}},"SMTPServer":{"description":"SMTP Server object","type":"object","properties":{"server":{"type":"string","description":"SMTP server address"},"port":{"type":"integer","description":"SMTP server port"},"username":{"type":"string","description":"SMTP server username"},"email_from":{"type":"string","description":"address to put in the email's \"from\" field"},"password":{"type":"string","description":"SMTP server password"},"meta":{"type":"object","description":"Additional data included for the SMTP server."}}},"passwordcredentials":{"properties":{"name":{"description":"Name to identify the credentails.","type":"string"},"username":{"description":"Name of username.","type":"string"},"password":{"description":"Password of user.","type":"string"}}},"certificatecredentials":{"properties":{"name":{"description":"Name to identify the credentails.","type":"string"},"certificate":{"description":"Client certificate.","type":"string"},"ca-certificate":{"description":"CA certificate of server for verification.","type":"string"}}},"externalservers":{"properties":{"name":{"description":"Name to identify the credentails.","type":"string"},"ipaddress":{"description":"Name of username.","type":"string"},"port":{"description":"Password of user.","type":"string"},"purpose":{"description":"Purpose of the server","type":"string"},"credentail-id":{"description":"The identifier of credentail used for authorization on server.","type":"string"}}},"KeyRotationParams":{"title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"DatabaseBackupParams":{"title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"CCKMConnectionParams":{"title":"CipherTrust Cloud Key Manager Synchronization connection Parameters","properties":{"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or names of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"CCKMSyncParams":{"title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"CCKMKeyRotationParams":{"title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}},"CCKMKeyRotationAwsParams":{"title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"CCKMKeyRotationSFDCParams":{"title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"CCKMKeyRotationUpdateParams":{"title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name \"gcp\".\n","enum":["Xd for x days","Yh for y hours"]},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date.\nFor example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]},"aws_param":{"type":"object","description":"Aws param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}}}},"JobConfig":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"description":{"type":"string","description":"Description for the job configuration."},"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization.","enum":["key_rotation","database_backup","cckm_synchronization","cckm_key_rotation"]},"run_at":{"type":"string","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, job configuration starts in active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together)\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" ,\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually\nexclusive(cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]},"JobConfigs":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"description":{"type":"string","description":"Description for the job configuration."},"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization.","enum":["key_rotation","database_backup","cckm_synchronization","cckm_key_rotation"]},"run_at":{"type":"string","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, job configuration starts in active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together)\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" ,\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually\nexclusive(cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]}}}}]},"Job":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization."},"job_config_id":{"type":"string","description":"Associated job configuration id."},"job_config_name":{"type":"string","description":"Associated job configuration name."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"status":{"type":"string","description":"Gives the staus of job(scheduled, in_progress, failed, completed, aborted)\n","enum":["scheduled","in_progress","failed","completed","aborted"]},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive(cannot be set together).\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive (cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\",\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]},"JobConfigRunNowResponse":{"title":"Run Job Config Response","properties":{"job_config_id":{"type":"string","description":"ID of the job configuration whose job was placed on the run queue."},"job_id":{"type":"string","description":"ID of the job that was placed on the run queue."}}},"DPGPolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Description of the DPG policy."},"description":{"type":"string","description":"Description of the DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}}]},"DPGPolicyCreate":{"type":"object","properties":{"name":{"type":"string","description":"Description of the DPG policy."},"description":{"type":"string","description":"Description of the DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}},"DPGPolicyUpdate":{"type":"object","properties":{"description":{"type":"string","description":"Unique name for DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}},"ProxyConfig":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}},"ApiUrl":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}},"TokenConfig":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"ClientProfile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Client profile name."},"nae_iface_port":{"type":"integer","description":"nae interface name."},"app_connector_type":{"type":"string","description":"App connector type.\nOptions:\n- DPG\n- CADP For Java\n"},"policy_id":{"type":"string","description":"Policy identifier."},"generic_client_profile_id":{"type":"string","description":"Generic client profile identifier."},"client_configuration_id":{"type":"string","description":"Client configuration identifier."},"reg_token":{"type":"string","description":"Registration token."},"ca_id":{"type":"string","description":"Local CA."},"configurations":{"type":"object","description":"Configurations to be used by the client"},"csr_configuraions":{"type":"object","description":"CSR parameters to be used to created the signed certificate."},"meta":{"type":"object","description":"Meta information of the client profile."}}}]},"ClientProfileTemplate":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client profile name."},"nae_iface_port":{"type":"integer","description":"nae interface name."},"app_connector_type":{"type":"string","description":"App connector type.\nOptions:\n- DPG\n- CADP For Java\n"},"policy_id":{"type":"string","description":"Policy identifier."},"generic_client_profile_id":{"type":"string","description":"Generic client profile identifier."},"client_configuration_id":{"type":"string","description":"Client configuration identifier."},"reg_token":{"type":"string","description":"Registration token."},"ca_id":{"type":"string","description":"Local CA."},"configurations":{"type":"object","description":"Configurations to be used by the client"},"csr_configuraions":{"type":"object","description":"CSR parameters to be used to created the signed certificate."},"meta":{"type":"object","description":"Meta information of the client profile."}}}]},"UserSet":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"User set name."},"description":{"type":"string","description":"Description of the User Set"},"users":{"type":"array","items":{"type":"string"},"description":"List of users"}}}]},"MaskingFormat":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Masking format name."},"starting_characters":{"type":"integer","description":"Number of starting characters."},"ending_characters":{"type":"integer","description":"Number of ending characters."},"mask_char":{"type":"string","description":"Masking character"},"show":{"type":"boolean","description":"Flag to show/hide the starting/ending characters while revealing the data."},"predefined":{"type":"boolean","description":"Whether it is a predefined masking format."}}}]},"ProtectionFormat":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection format name."},"starting_characters":{"type":"integer","description":"Number of starting characters."},"ending_characters":{"type":"integer","description":"Number of ending characters."},"predefined":{"type":"boolean","description":"Whether it is a predefined protection format."}}}]},"AccessPolicy":{"type":"object","properties":{"name":{"type":"string","description":"Access Policy name."},"default_reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"default_error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'."},"default_masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."},"description":{"type":"string","description":"Description of the Access Policy"},"user_set_policy":{"type":"array","description":"List of policies to be added to the access policy.","items":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}}}},"UserSetPolicy":{"type":"array","description":"List of policies to be added to the access policy.","items":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}},"CreateUserSetPolicyObject":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}},"UpdateUserSetPolicyObject":{"type":"object","properties":{"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}},"ClientConfiguration":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"type":"string","description":"Policy identifier."},"configurations":{"type":"string","description":"Configurations to be used by the client."},"ip":{"type":"string","description":"IP of all the nodes in cluster."},"nae_iface_port":{"type":"integer","description":"Port of the nae_iface configured in the client profile."},"nae_iface_mode":{"type":"string","description":"Mode of the nae_iface configured in the client profile."}}}]},"BDTPolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"BDT policy name."},"description":{"type":"string","description":"BDT policy description."},"in_place_update":{"type":"string","description":"True, if the transformation is done in the same container."},"create_bad_record_file":{"type":"string"},"fpemode":{"type":"string"},"case_sensitive":{"type":"boolean","description":"True, if the database name is case sensitive"},"source":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"destination":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"tables":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}}}}]},"BDTTable":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]},"BDTColumn":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]},"ProtectionProfile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"ProtectionPolicy":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection policy name."},"version":{"type":"integer","description":"The version of the protection policy."},"latest_version":{"type":"boolean"},"key":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection policy IV."},"tweak":{"type":"string","description":"Protection policy tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection policy algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"allow_single_char_input":{"type":"boolean","description":"If set to true or null, the single-character inputs are passed untransformed. If set to false, row transformation fails"},"use_external_versioning":{"type":"boolean","description":"If set to true, external versioning is enabled for the protection policy. The version details are stored in a separate external parameter. The default value is false."},"disable_versioning":{"type":"boolean","description":"If set to true, versioning is not maintained for the protection policies. The default value is false."}}}]},"CharacterSet":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Character Set name."},"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string","description":"Character Set encoding."}}}]},"Container":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}}]},"Resource2":{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},"Count":{"properties":{"total":{"type":"integer"},"healthy":{"type":"integer"},"warning":{"type":"integer"},"error":{"type":"integer"}}},"connection_name":{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},"cloud_name":{"type":"object","description":"Name of cloud.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. The cloud name depends on the cloud provider.\n"}}},"service_name":{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},"category":{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},"connection_url":{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},"create_connection_request_common":{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},"update_connection_request_common":{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},"connection_response_common":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},"connection_test_common":{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}},"last_connection_ok":{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},"last_connection_error":{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},"last_connection_at":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"},"aws_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},"aws_connection_params":{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}},"aws_sts_endpoints_params":{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}},"aws_create_connection_params":{"type":"object","required":["access_key_id","secret_access_key"],"allOf":[{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}},{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}}]},"aws_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}},{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}}]},"azure_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}},"azure_connection_non_test_params":{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}},"azure_connection_params":{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},"azure_create_connection_params":{"type":"object","required":["client_id","tenant_id"],"allOf":[{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]},"azure_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]},"gcp_connection_params":{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}},"gcp_connection_key_params":{"type":"object","description":"Parameters to uniquely identify private key and user email.","properties":{"client_email":{"type":"string","description":"Client email ID."},"private_key_id":{"type":"string","description":"Private key ID is a unique ID corresponding to a private key."}}},"gcp_connection_response_params":{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}},{"type":"object","description":"Parameters to uniquely identify private key and user email.","properties":{"client_email":{"type":"string","description":"Client email ID."},"private_key_id":{"type":"string","description":"Private key ID is a unique ID corresponding to a private key."}}}]},"gcp_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}},"gcp_create_connection_params":{"type":"object","required":["key_file"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}},{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}}]},"gcp_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}},{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}}]},"salesforce_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"}}},"salesforce_common_connection_params":{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}},"salesforce_connection_certificate_params":{"properties":{"certificate":{"type":"string","description":"Salesforce server certificate."},"certificate_subject":{"type":"string","description":"Subject field of the certificate."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."}}},"salesforce_create_certificate_params":{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Credentials (password and client_secret)\nAuthentication for Salesforce Cloud connection. In order to use the Certificate, set this field to true.\nOnce the connection is created, in the response user will get a certificate.\n"},"cert_duration":{"type":"integer","description":"Duration in days for which the salesforce server certificate is valid, default (730 i.e. 2 Years)."},"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}}},"salesforce_update_certificate_params":{"type":"object","description":".","properties":{"regenerate_certificate":{"type":"boolean","description":"To update the certificate, set the regenerate_certificate to true. This will update the certificate, corresponding private key and certificate subject.\n"},"cert_duration":{"type":"integer","description":"Duration in days for which the salesforce server certificate is valid, default (730 i.e. 2 Years)."},"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}}},"salesforce_create_connection_params":{"type":"object","required":["client_id","username","cloud_name"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}}]},"salesforce_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}},{"type":"object","description":".","properties":{"regenerate_certificate":{"type":"boolean","description":"To update the certificate, set the regenerate_certificate to true. This will update the certificate, corresponding private key and certificate subject.\n"},"cert_duration":{"type":"integer","description":"Duration in days for which the salesforce server certificate is valid, default (730 i.e. 2 Years)."},"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}}}]},"salesforce_test_connection_params":{"type":"object","required":["client_id","username","cloud_name"],"properties":{"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection.This option cannot be used with option client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}},"allOf":[{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}}]},"sap_data_custodian_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","required":["tenant","user","secret"],"description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},"sap_data_custodian_connection_technical_user_credentials":{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian technical user connection.","properties":{"technical_user_credentials":{"type":"object","required":["api_key","secret"],"description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},"sap_data_custodian_connection_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"}}}}},"sap_data_custodian_connection_technical_user_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."}}}}},"sap_data_custodian_connection_update_credentials":{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},"sap_data_custodian_connection_technical_user_update_credentials":{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian Technical User connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API Key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},"sap_data_custodian_common_connection_params":{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}},"sap_data_custodian_create_connection_params":{"type":"object","required":["api_endpoint"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","required":["tenant","user","secret"],"description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian technical user connection.","properties":{"technical_user_credentials":{"type":"object","required":["api_key","secret"],"description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}}]},"sap_data_custodian_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian Technical User connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API Key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}}]},"sap_data_custodian_test_connection_params":{"type":"object","required":["api_endpoint"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","required":["tenant","user","secret"],"description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian technical user connection.","properties":{"technical_user_credentials":{"type":"object","required":["api_key","secret"],"description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}}]},"oci_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},"oci_connection_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}},"oci_connection_update_credentials":{"type":"object","description":"parameters specific to an OCI connection.","properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint for the public key that was added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."},"credentials":{"type":"object","description":"Sensitive parameters specific to an OCI connection. Cannot update individual field.","properties":{"key_file":{"type":"string","description":"Private key file for OCI connection(PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase used for the key, if it is encrypted."}}}}},"oci_create_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]},"oci_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"parameters specific to an OCI connection.","properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint for the public key that was added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."},"credentials":{"type":"object","description":"Sensitive parameters specific to an OCI connection. Cannot update individual field.","properties":{"key_file":{"type":"string","description":"Private key file for OCI connection(PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase used for the key, if it is encrypted."}}}}}]},"oci_test_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]},"serverDelete":{"description":"Parameters required for deleting an in-use server.","type":"object","properties":{"force":{"type":"boolean","description":"If set to true, the in-use server will be deleted forcefully."}}},"luna_network_hsm_client_info_response":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","required":["hostname","certificate"],"description":"Sensitive parameters specific to a Luna Network HSM Client.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Client."},"certificate":{"type":"string","description":"Luna Network HSM Client certificate."}}}]},"luna_network_hsm_server_params":{"type":"object","description":"Sensitive parameters specific to a Luna Network HSM Server.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"hsm_certificate":{"type":"string","description":"Luna Network HSM Server Certificate."}}},"luna_network_add_hsm_server_params":{"type":"object","required":["hostname","hsm_certificate"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a Luna Network HSM Server.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"hsm_certificate":{"type":"string","description":"Luna Network HSM Server Certificate."}}}]},"luna_network_hsm_stc_partition_params":{"type":"object","description":"Parameters specific to a Luna Network HSM STC Partition.","properties":{"label":{"type":"string","description":"Label of the Luna Network HSM STC Partition."},"name":{"type":"string","description":"Name of the Luna Network HSM STC Partition."},"serial_number":{"type":"string","description":"Serial Number of Luna Network HSM STC Partition."},"partition_identity":{"type":"string","description":"Contents of Luna Network HSM STC Partition Identity(pid) file in base64 form."}}},"luna_network_add_hsm_stc_partition_params":{"type":"object","required":["name","label","serial_number","partition_identity"],"allOf":[{"type":"object","description":"Parameters specific to a Luna Network HSM STC Partition.","properties":{"label":{"type":"string","description":"Label of the Luna Network HSM STC Partition."},"name":{"type":"string","description":"Name of the Luna Network HSM STC Partition."},"serial_number":{"type":"string","description":"Serial Number of Luna Network HSM STC Partition."},"partition_identity":{"type":"string","description":"Contents of Luna Network HSM STC Partition Identity(pid) file in base64 form."}}}]},"luna_network_hsm_client_params":{"type":"object","required":["hostname","certificate"],"description":"Sensitive parameters specific to a Luna Network HSM Client.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Client."},"certificate":{"type":"string","description":"Luna Network HSM Client certificate."}}},"luna_network_connection_credentials":{"properties":{"password":{"type":"string","description":"Password associated with the Partition of the Luna Network HSM."}}},"luna_network_partition_params":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}},"luna_network_connection_params":{"type":"object","required":["partitions"],"properties":{"partitions":{"type":"array","description":"One partition for a Non HA connection or a list for an HA group.","items":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}}}},"luna_network_connection_ha_param":{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."}}},"luna_network_create_connection_params":{"type":"object","required":["password"],"allOf":[{"type":"object","required":["partitions"],"properties":{"partitions":{"type":"array","description":"One partition for a Non HA connection or a list for an HA group.","items":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}}}},{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."}}},{"properties":{"password":{"type":"string","description":"Password associated with the Partition of the Luna Network HSM."}}}]},"luna_network_update_connection_params":{"type":"object","allOf":[{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."}}},{"properties":{"password":{"type":"string","description":"Password associated with the Partition of the Luna Network HSM."}}}]},"luna_network_hsm_partitions_info_response":{"type":"object","description":"HSM Partitions specific information","properties":{"operation_status":{"type":"string","description":"Operation status of the Partition"},"operation_error":{"type":"string","description":"Operation error of the Partition"},"label":{"type":"string","description":"Label of the Partition"},"manufacturer_id":{"type":"string","description":"Manufacturer ID of the Partition"},"models":{"type":"string","description":"Model of the Partition"},"flags":{"type":"integer","description":"Flags of the Partition"},"max_session_count":{"type":"integer","description":"Maximum session count of the Partition"},"session_count":{"type":"integer","description":"Session count of the Partition"},"max_rw_session_count":{"type":"integer","description":"Maximum read-write session count of the Partition"},"rw_session_count":{"type":"integer","description":"Read-Write session count of the Partition"},"max_pin_len":{"type":"integer","description":"Maximum pin length of the partition"},"min_pin_len":{"type":"integer","description":"Minimum pin length of the Partition"},"total_public_memory":{"type":"integer","description":"Total public memory of the Partition"},"free_public_memory":{"type":"integer","description":"Available free memory of the Partition"},"total_private_memory":{"type":"integer","description":"Total private memory of the Partition"},"free_private_memory":{"type":"integer","description":"Free private memory of the Partition"},"hardware_version":{"type":"string","description":"Hardware version of the Partition"},"firmware_version":{"type":"string","description":"Firmware version of the Partition"},"ha_enabled":{"type":"boolean","description":"Is partition HA enabled"}}},"dsm_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a DSM connection.","properties":{"password":{"type":"string","description":"Password of DSM server\n"}}},"dsm_connection_params":{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}},"dsm_update_node_params":{"type":"object","description":"Update parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]},"dsm_create_node_params":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]},"dsm_node_params":{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}},"dsm_create_nodes_params":{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}}}},"dsm_create_connection_params":{"type":"object","required":["username","password","nodes"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a DSM connection.","properties":{"password":{"type":"string","description":"Password of DSM server\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}}}}]},"dsm_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a DSM connection.","properties":{"password":{"type":"string","description":"Password of DSM server\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}}]},"log_forwarder_common_params":{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},"log_forwarder_update_common_params":{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},"elasticsearch_create_connection_params":{"type":"object","properties":{"elasticsearch_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}},"elasticsearch_test_connection_params":{"type":"object","required":["elasticsearch_params"],"properties":{"elasticsearch_params":{"type":"object","required":["transport"],"properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}},"loki_create_connection_params":{"type":"object","properties":{"loki_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}},"loki_test_connection_params":{"type":"object","required":["loki_params"],"properties":{"loki_params":{"type":"object","required":["transport"],"properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}},"syslog_update_connection_params":{"type":"object","properties":{"syslog_params":{"type":"object","properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}},"syslog_create_connection_params":{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"The port to use for the connection. Defaults to 514 for udp, 601 for tcp and 6514 for tls"},"syslog_params":{"type":"object","required":["transport"],"properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}},"syslog_test_connection_params":{"type":"object","required":["syslog_params"],"properties":{"syslog_params":{"type":"object","required":["transport"],"properties":{"transport":{"type":"string","description":"Test connection for UDP protocol is not supported. Valid values are tcp and tls only","enum":["tcp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}},"smb_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a SMB connection.","properties":{"password":{"type":"string","description":"Password for SMB share.\n"}}},"smb_connection_params":{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}},"smb_share_path":{"type":"object","description":"Path of the SMB share against whom the credentials to test","properties":{"path":{"type":"string","description":"Path of SMB share on the host\n"}}},"smb_create_connection_params":{"type":"object","required":["username","password"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a SMB connection.","properties":{"password":{"type":"string","description":"Password for SMB share.\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]},"smb_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a SMB connection.","properties":{"password":{"type":"string","description":"Password for SMB share.\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]},"scp_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a SCP connection.","properties":{"password":{"type":"string","description":"Password for SCP.\n"},"public_key":{"type":"string","description":"Public key of destination host machine. It will be used to verify the host's identity by verifying key fingerprint. You can find it in /etc/ssh/ at host machine.\n"}}},"scp_connection_params":{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}},"scp_create_connection_params":{"type":"object","required":["host","username","auth_method","path_to","public_key"],"allOf":[{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}},{"type":"object","description":"Sensitive parameters specific to a SCP connection.","properties":{"password":{"type":"string","description":"Password for SCP.\n"},"public_key":{"type":"string","description":"Public key of destination host machine. It will be used to verify the host's identity by verifying key fingerprint. You can find it in /etc/ssh/ at host machine.\n"}}}]},"scp_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a SCP connection.","properties":{"password":{"type":"string","description":"Password for SCP.\n"},"public_key":{"type":"string","description":"Public key of destination host machine. It will be used to verify the host's identity by verifying key fingerprint. You can find it in /etc/ssh/ at host machine.\n"}}},{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}}]},"oidc_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an OIDC connection.","required":["client_secret"],"properties":{"client_secret":{"type":"string","description":"Client Secret of the OIDC connection."}}},"oidc_connection_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}},"oidc_connection_update_credentials":{"type":"object","description":"parameters specific to an OIDC connection.","properties":{"url":{"type":"string","description":"url for the connection."},"client_secret":{"type":"string","description":"client secret for the connection."}}},"oidc_connection_response":{"type":"object","description":"Checksum generated from OIDC credentials.","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}}],"properties":{"checksum":{"type":"string","description":"A SHA256 checksum value generated from clientSecret and URL. Will get updated if any of these two values change."}}},"oidc_create_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OIDC connection.","required":["client_secret"],"properties":{"client_secret":{"type":"string","description":"Client Secret of the OIDC connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}}]},"oidc_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"parameters specific to an OIDC connection.","properties":{"url":{"type":"string","description":"url for the connection."},"client_secret":{"type":"string","description":"client secret for the connection."}}}]},"ldap_connection_credentials":{"type":"object","description":"Sensitive parameters specific to an LDAP connection.","properties":{"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."}}},"ldap_connection_trimmed_credentials":{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}},"ldap_connection_update_credentials":{"type":"object","description":"parameters specific to an LDAP connection.","properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"bind_password":{"type":"string","description":"Password for the Bind DN object."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}},"ldap_test_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a LDAP test connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"User Credentials for testing a LDAP connection.","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username."}}}}},"ldap_create_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an LDAP connection.","properties":{"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}}]},"ldap_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"parameters specific to an LDAP connection.","properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"bind_password":{"type":"string","description":"Password for the Bind DN object."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}}]},"ldap_connection_response":{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}}]},"ldap_test_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an LDAP connection.","properties":{"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}},{"type":"object","description":"Sensitive parameters specific to a LDAP test connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"User Credentials for testing a LDAP connection.","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username."}}}}}]},"hadoop_connection_credentials":{"type":"object","description":"Sensitive parameters specific to a Hadoop connection.","properties":{"password":{"type":"string","description":"Password for Hadoop server (required for Knox)\n"}}},"hadoop_connection_params":{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}},"hadoop_node_params":{"required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}},"hadoop_nodes_params":{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}}}},"hadoop_create_connection_params":{"type":"object","required":["service","username","password","nodes"],"allOf":[{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"Sensitive parameters specific to a Hadoop connection.","properties":{"password":{"type":"string","description":"Password for Hadoop server (required for Knox)\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}}}}]},"hadoop_update_connection_params":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a Hadoop connection.","properties":{"password":{"type":"string","description":"Password for Hadoop server (required for Knox)\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}}]},"name":{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},"threshold":{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},"digest":{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},"usable":{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}},"material":{"type":"object","description":"A key material asociated with the split key share.","required":["material"],"properties":{"material":{"type":"string","description":"Share's key material."}}},"shares":{"type":"object","description":"Array of shares asociated with the split key.","properties":{"shares":{"type":"array","description":"Array of shares asociated with the split key.","items":{"type":"object","allOf":[{"type":"object","description":"A share asociated with the split key.","required":["material"],"properties":{"name":{"type":"string","description":"Unique name of share."},"material":{"type":"string","description":"Share's key material."}}}]}}}},"share_response":{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}},"shares_response":{"type":"object","description":"Array of split key share parameters present in the API response.","properties":{"shares":{"type":"array","description":"Array of split key share parameters present in the API response.","items":{"type":"object","allOf":[{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}}]}}}},"migration_split_key_response":{"type":"object","allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}},{"type":"object","description":"Array of split key share parameters present in the API response.","properties":{"shares":{"type":"array","description":"Array of split key share parameters present in the API response.","items":{"type":"object","allOf":[{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}}]}}}}]},"migration_split_key_list_response":{"type":"object","allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}}]},"QuorumVotes":{"description":"Quorum votes tracks the votes of a quorum.\n","type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the vote was cast."},"approver_id":{"type":"string","description":"The identity of the user who voted."},"note":{"type":"string","description":"Any description of vote."},"vote":{"type":"string","description":"Vote can be either deny or approve."}}}]},"Quorum":{"description":"Quorum model represents a quorum.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"requester_id":{"type":"string","description":"The user ID of the requester of the quorum."},"operation_fingerprint":{"type":"string","readOnly":true,"description":"Fingerprint of the operation."},"resource_uri":{"type":"string","format":"uri","description":"URI of the resource on which the operation is being performed."},"state":{"type":"string","description":"State of the quorum [pre-active, active, denied, expired, executed]."},"description":{"type":"string","description":"Description of the quorum."},"votes":{"type":"array","description":"Votes of the quorum.","items":[{"description":"Quorum votes tracks the votes of a quorum.\n","type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the vote was cast."},"approver_id":{"type":"string","description":"The identity of the user who voted."},"note":{"type":"string","description":"Any description of vote."},"vote":{"type":"string","description":"Vote can be either deny or approve."}}}]}]}}}]},"QuorumProfile":{"description":"Represents a quorum profile.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"Name":{"type":"string","description":"Name of the profile."},"voter-groups":{"type":"array","description":"Voters allowed to vote for this profile.","items":{"type":"string"}},"ExpirationPeriod":{"type":"string","format":"date-time","description":"Expiration of Quorum after it is activated (in minutes)."},"RequiredApprovals":{"type":"integer","description":"Required number of approvals for a quorum."},"Description":{"type":"string","description":"Description of the profile."}}}]},"QuorumPolicyStatus":{"description":"Represents status of a quorum policy\n","type":"object","properties":{"operation":{"type":"string","description":"Operation for the policy."},"active":{"type":"boolean","description":"Status of the policy."},"profile":{"type":"boolean","description":"Quorum profile used by this policy."}}},"PostTemplate":{"title":"Create Template","properties":{"name":{"type":"string","description":"Optional friendly name. The template name should not contain special characters such as angular brackets (<,>) and backslash (\\)."},"usageMask":{"type":"integer","description":"Filters results based on matching Cryptographic usage mask. Add the usage mask values to allow the usages. \nThe associated values are - Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), \nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), \nTranslate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). To set all usage mask bits, \nuse 4194303 (all usage masks including Export). Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728), 'blob' (Encrypt + Decrypt = 12), \n'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"algorithm":{"type":"string","description":"The Cryptographic algorithm of the template that is used to create the specific key.","enum":["aes","tdes","rsa","ec","hmac-sha1","hmac-sha256","hmac-sha384","hmac-sha512","seed","aria"]},"curveid":{"type":"string","description":"The Cryptographic curve id of a template used for the elliptic key. The template algorithm must be 'EC'. Values:\n * secp224k1\n * secp224r1\n * secp256k1\n * secp384r1\n * secp521r1\n * prime256v1\n * brainpoolP224r1\n * brainpoolP224t1\n * brainpoolP256r1\n * brainpoolP256t1\n * brainpoolP384r1\n * brainpoolP384t1\n * brainpoolP512r1\n * brainpoolP512t1\n"},"size":{"type":"integer","description":"The Bit length of the key using this template."},"unexportable":{"type":"boolean","description":"The key created using this template will not be exportable. The default value is false."},"undeletable":{"type":"boolean","description":"The key created using this template will not be deleted. The default value is false."},"meta":{"type":"object","description":"Optional end-user or service data stored with the template.","properties":{"ownerId":{"type":"string","description":"Optional owner information for the template, required for non-admin. The value should be the user_id."}}},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object may begin to be used to process\ncryptographically protected information (for example, decryption or unwrapping).\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Template Object will not be used for\napplying cryptographic protection (for example, encryption or wrapping).\n"}},"example":{"name":"Template1","usageMask":12,"algorithm":"aes","deactivationDate":"2018-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z"}},"Templates":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usageMask":{"type":"integer","description":"Cryptographic usage mask."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was updated."},"objectType":{"type":"string","description":"Type of the object. It will be Template.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping).\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Template Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping).\n"}}}}}}]},"PatchTemplate":{"title":"Update Template","properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the template"},"unexportable":{"type":"boolean","description":"Key created using this template will not be exportable.\n"},"undeletable":{"type":"boolean","description":"Key created using this template will not be deleted."},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object activation date."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object deactivation date."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Template Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"usageMask":{"type":"integer","description":"Filters results based on matching Cryptographic usage mask. Add the usage mask values to allow the usages. \nThe associated values are - Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), \nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), \nTranslate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). To set all usage mask bits, \nuse 4194303 (all usage masks including Export).Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),'blob' (Encrypt + Decrypt = 12), \n'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"}},"example":{"meta":"Sample Metadata","activationDate":"2017-10-02T14:24:37.436073Z","deactivationDate":"2018-10-02T14:24:37.436073Z","processStartDate":"2017-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z","usageMask":3}}},"parameters":{"user_id":{"name":"user_id","in":"path","required":true,"description":"the user_id of the user","type":"string"},"client_id":{"name":"client_id","in":"path","required":true,"description":"the client_id of the client","type":"string"},"name":{"name":"name","in":"query","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},"keyNameOptional":{"name":"keyName","in":"query","required":false,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. An empty string is assumed if this parameter is absent. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},"keyNameRequired":{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},"macAlgorithm":{"name":"algorithm","in":"query","required":false,"type":"string","description":"This string specifies the MAC Algorithm used for MAC/MACV operations. The supported values for this are hmac and cmac."},"version":{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified."},"keyVersion":{"name":"keyVersion","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified."},"hint":{"name":"hint","in":"query","required":true,"type":"string","enum":["digit","alphabet","alphanumeric","printable","unicode"],"description":"This string identifies the type of input. It can be one of following printable strings - 'digit', 'alphabet', 'alphanumeric', 'printable' and 'unicode'. This hint needs to be passed."},"charset":{"name":"charset","in":"query","required":false,"type":"string","description":"This string identifies the charset name or id. It is required when hint is 'unicode'."},"tweakAlg":{"name":"tweakAlg","in":"query","required":false,"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm. Allowed values are \"sha1\", \"sha256\", \"sha512\" and \"none\". Defaults to \"none\"."},"tweak":{"name":"tweak","in":"query","required":false,"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data. If tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes. It can be any arbitrary string if the tweakAlg is not \"none\". If provided, it must be the same for both hide and unhide operations for a given data. Tweak is not allowed if tweakAlg is empty."},"iv":{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},"defaultiv":{"name":"defaultiv","in":"query","required":false,"type":"string","description":"This boolean identifies if the user wants to use the default IV along with the cryptographic key for encrypting/decrypting data. False is 0 and True is 1. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request."},"hash":{"name":"hash","in":"query","required":true,"type":"string","description":"This string identifies the hex encoded mac to be verified for the given data."},"hashAlgo":{"name":"hashAlgo","in":"query","required":true,"type":"string","description":"This string specifies the hash algorithm used for generating signature. For ECDSA the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\", \"SHA3-224\", \"SHA3-256\", \"SHA3-384\", \"SHA3-512\" and \"none\". For RSA, the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\" and \"none\"."},"signAlgo":{"name":"signAlgo","in":"query","required":false,"type":"string","description":"This string specifies the signing algorithm used for generating signature. Allowed values are \"RSA\" and \"ECDSA\"."},"signature":{"name":"signature","in":"query","required":true,"type":"string","description":"This string identifies the hex encoded signature to be verified for the given data."},"mode":{"name":"mode","in":"query","required":false,"type":"string","description":"This string identifies the cryptographic mode to use for symmetric operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM', and the only allowed value for TDES is 'CBC'. Defaults to 'cbc'."},"pad":{"name":"pad","in":"query","required":false,"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES, allowed values are 'none', 'PKCS5', and 'PKCS7'. The default is 'PKCS7'. For asymmetric algorithms the allowed values 'PKCS1', and 'OAEP' defaulting to 'PKCS1'."},"authData":{"name":"AAD","in":"formData","required":false,"type":"string","description":"The authentication data for AES-GCM cipher operations. It is included in the multipart/form-data of the body under the label 'AAD'."},"data":{"name":"Data","in":"formData","required":false,"type":"string","description":"The data to encrypt or decrypt. If the content type is multipart/form-data then it is included in the multipart under the label 'Data'."},"tag":{"name":"tag","in":"query","required":false,"type":"string","description":"This string is a hex encoded AES-GCM authentication tag for decryption operations."},"tagLen":{"name":"taglen","in":"query","required":false,"type":"integer","description":"This integer is the requested length of the authentication tag. This parameter is only used for AES-GCM, must be between 4 and 16 inclusive and defaults to 16."},"encryptiv":{"name":"iv","in":"query","required":false,"type":"string","description":"This is the Initialization Vector (IV). It is used while encrypting and decrypting data using a symmetric key (AES or TDES). An IV is generated if it is not provided. If an IV is supplied, it should be in hexadecimal format. It should be 16 bytes long (hex string is 32 characters long) for AES-CBC, 8 bytes for TDES-CBC, and between 1 and 16 bytes for AES-GCM."},"cryptomode":{"name":"mode","in":"query","required":false,"type":"string","description":"This string identifies the cryptographic mode to use for symmetric key operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM' (default is 'GCM'), and the only allowed value for TDES is 'CBC'."},"cryptopad":{"name":"pad","in":"query","required":false,"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES and TDES, allowed values are 'none', 'PKCS5' and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms the allowed values 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384' and 'OAEP512', defaulting to 'OAEP'."},"signPad":{"name":"pad","in":"query","required":false,"type":"string","description":"This string specifies the padding used for generating signature and is only applicable for the RSA signing algorithm. Allowed values are 'PKCS1', 'PSS', and 'PSSWithPrecomputedHash'. Default value is 'PKCS1'."},"saltLength":{"name":"saltLength","in":"query","required":false,"type":"integer","description":"This integer specifies the saltLength for PSS padding. This is only applicable for the RSA signing algorithm. The SaltLength varies from -1 to a positive integer upto the maximum length.\n-1 is for HASH-EQUAL-LENGTH and 0 is for MAX-LENGTH.\nMaximum supported value of salt length = (Key length in bytes - HASH length in byte - 2)\n"},"KeyIdentifier":{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},"KeyIdentifierType":{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},"KeyVersion":{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},"applicationSearch":{"name":"application","in":"query","description":"Search by application. Supports * and ? wildcards.","type":"string","format":"URI"},"Authorization":{"name":"Authorization","in":"header","description":"A JWT of the form `Bearer `.","required":true,"type":"string"},"ResourceIdentifier":{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},"skip":{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":10},"limit":{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":0},"sourceType":{"name":"source_type","in":"query","type":"string","description":"Filter on alarm configuration source type. Valid values are 'server_record' and 'client_record'"},"scpIdentifierParam":{"name":"scp_id","in":"path","description":"SCP id is used to determine the status of\nasynchronous SCP process.\n","required":true,"type":"string"},"scpConnectionParam":{"name":"connection_id","in":"path","description":"Name or ID of the SCP connection which stores the details for SCP server.\n","required":true,"type":"string"},"scope_query":{"name":"scope","required":false,"in":"query","type":"string","description":"Scope of the backup or backup key - system (default) or domain. Scope must be specified for a domain scoped backup.\n"},"upload_chunked":{"name":"chunked","required":false,"in":"query","description":"When set to `true`, indicates that the file is uploaded in multiple chunks.\n","type":"boolean","default":false},"upload_start":{"name":"start","required":false,"in":"query","description":"Set to `true` for the first chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},"upload_done":{"name":"done","required":false,"in":"query","description":"Set to `true` for the last chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},"upload_id":{"name":"uploadID","required":false,"in":"query","description":"This parameter is used when the file is uploaded in multiple chunks.\nFor the first chunk request, when upload_start is `true`, you can set an upload ID via this parameter.\nIf an upload ID is not set in the first chunk request, an upload ID is assigned and returned in the response.\nThe upload ID is required as a query parameter for the remaining chunk requests.\n","type":"string"},"IncludeFields":{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"},"client_group_id":{"name":"client_group_id","in":"query","required":false,"type":"string","description":"Filter the results by clientgroup id of GuardPoint. MUST be a UUID value."},"client_group_name":{"name":"client_group_name","in":"query","required":false,"type":"string","description":"Filter the results by clientgroup name of GuardPoint."},"policy_id":{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter the results by policy id of GuardPoint. MUST be a UUID value."},"policy_name":{"name":"policy_name","in":"path","required":true,"description":"the name of the policy","type":"string"},"pending_operation":{"name":"pending_operation","in":"query","required":false,"type":"string","description":"Filter the results by pending operation of GuardPoint. Valid value is DELETE."},"guard_enabled":{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guard enabled values of GuardPoint. Valid values are Yes/No and True/False."},"guard_path":{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by GuardPath of GuardPoint."},"type":{"name":"type","in":"query","required":false,"type":"string","description":"Filter the results by type of GuardPoint. Valid values are CLIENT and CLIENTGROUP."},"guard_point_state":{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of GuardPoint. Valid values are UNKNOWN, ENABLED, DISABLED, and ERROR."},"native_domain":{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},"enable_domain_sharing":{"name":"enable_domain_sharing","description":"Filter resources based on whether cross-domain sharing is enabled.","in":"query","required":false,"type":"boolean"},"fetch_current_domain_resources_only":{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"},"mfa_enabled":{"name":"mfa_enabled","description":"Filter GuardPoints based on MFA status - enabled or not.","in":"query","required":false,"type":"boolean"},"gp_network_path":{"name":"gp_network_path","in":"query","required":false,"type":"string","description":"Filter the results by network path for NFS and CIFS."},"uri_list":{"name":"uri_list","in":"query","required":false,"type":"string","description":"Filter the results by uri. To fetch multiple resources provide comma-delimited list of uri."},"id":{"name":"id","in":"path","required":true,"description":"the id of the object","type":"string"},"sort":{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nCurrently, sorting on a name field is only supported. \nFor example:\n -name\n\n...will sort the results first by `name`, descending.\n"},"kekID":{"name":"kekID","in":"path","required":true,"description":"the ID of the domain KEK","type":"string"},"IdentifierType":{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"},"Version":{"name":"version","in":"query","description":"The version of the object to be returned. If no version is specified, the latest version is returned.","type":"number"},"Name":{"name":"name","in":"path","description":"The name of the resource.","type":"string","required":true},"AppConnectorType":{"name":"app_connector_type","in":"path","description":"app_connector_type.","type":"string","required":true},"idParam":{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},"nameParam":{"name":"name","in":"query","type":"string","description":"Filter the result based on split key name. Supports * and ? wildcards."},"serviceParam":{"name":"service","in":"query","type":"string","description":"Filter the result based on the external services associated with the connections. (e.g. aws, azure, gcp, hadoop-knox, luna network).","enum":["aws","azure","gcp","luna network","hadoop-knox"]},"categoryParam":{"name":"category","in":"query","type":"string","description":"Filter the result based on category.","enum":["cloud","hsm"]},"productParam":{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},"cloudNameParam":{"name":"cloud_name","in":"query","type":"string","description":"Filter the result based on cloud name."},"fieldsParam":{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},"lastConnectionOKParam":{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},"externalCertificateUsed":{"name":"external_certificate_used","in":"query","type":"string","description":"Filter the result based on if external certificate is used for connection.\n"},"metaContainsParam":{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},"lastConnectionBeforeParam":{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"lastConnectionAfterParam":{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"connectionIdentifierParam":{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},"connectionIdentifierTypeParam":{"name":"type","in":"query","description":"The type of the identifier specified in the {id} path parameter.\nMust be one of: name, id, or uri.\nIf type is not specified, it is inferred.\n","type":"string","enum":["name","id","uri"]},"operationStatusParam":{"name":"operation_status","in":"query","type":"string","description":"Filter the result based on operation_status result.\n"},"connectionPartitionIdentifierParam":{"name":"partition_id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},"channel":{"name":"channel","in":"query","type":"string","description":"Filter the result based on channel of communication."},"labelParam":{"name":"label","in":"query","type":"string","description":"Filter the result based on label."},"serialNumberParam":{"name":"serial_number","in":"query","type":"string","description":"Filter the result based on serial number."},"hostParam":{"name":"host","in":"query","type":"string","description":"Filter the result based on hostname."},"connectionNodeIdentifierParam":{"name":"node_id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},"serverURL":{"name":"server_url","in":"query","type":"string","description":"Filter the result based on server URL."},"baseDN":{"name":"base_dn","in":"query","type":"string","description":"Filter the result based on base DN."},"userLoginAttribute":{"name":"user_login_attribute","in":"query","type":"string","description":"Filter the result based on user login attribute."},"groupBaseDN":{"name":"group_base_dn","in":"query","type":"string","description":"Filter the result based on group base DN."},"digestParam":{"name":"digest","in":"query","type":"string","description":"Filter the result based on split key digest."},"splitKeyNamePathIdentifier":{"name":"name","in":"path","description":"The split key's name.\n","required":true,"type":"string"},"splitKeyShareNamePathIdentifier":{"name":"share_name","in":"path","description":"The split key share's name.\n","required":true,"type":"string"}},"paths":{"/v1/auth/self/permissions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Query","tags":["Permissions"],"parameters":[{"name":"body","in":"body","description":"Query for user functional permissions","schema":{"type":"object","title":"Permissions Request","required":["operations"],"properties":{"operations":{"type":"array","description":"all of the operations to query","items":{"type":"object","required":["action"],"properties":{"action":{"type":"string","description":"A predefined action (e.g. `ReadKey` or `StatusBackup`)."},"resource":{"type":"string","description":"A resource URI. It only applies when a policy relies on the resource URI value to grant permission."},"context":{"type":"object","description":"optional properties","properties":{"resource":{"type":"object","description":"Optional JSON object specifying a resource or a subset of a resource. Supplying a value may may help to give an absolute answer instead of \"maybe\". It only applies when a policy relies on a resource or any of its parts to grant permission.\n\nFor example, the \"Key owners\" policy is granted for an applicable action when a key resource has the property meta.ownerId equal to that of the user. This is a sample of the JSON object to supply for the ReadKey action:\n```\n{\n \"meta\": {\n \"ownerId\": \"local|f11157c8-9040-4793-9a1b-f2d410f4877b\"\n }\n}\n```\n"}}}}}}},"example":{"application/json":{"operations":[{"action":"CreateKey","context":{"resource":{"meta":{"ownerId":"local|f11157c8-9040-4793-9a1b-f2d410f4877b"}}}},{"action":"ReadKey"}]}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string","description":"The action whose permission was requested"},"context":{"type":"string","description":"Always blank"},"allowed":{"type":"string","description":"Is the action allowed? (yes, no, maybe)"}}}}}}]},"examples":{"application/json":[{"action":"CreateKey","context":{},"allowed":"maybe"},{"action":"ReadKey","context":{},"allowed":"yes"}]}}}}},"/v1/usermgmt/users/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all user resources. The results can be\nfiltered, using the query parameters.\n\nResults are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\n","tags":["Users"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter by the user's name"},{"name":"username","in":"query","required":false,"type":"string","description":"Filter by the user's username"},{"name":"email","in":"query","required":false,"type":"string","description":"Filter by the user's email"},{"name":"groups","in":"query","type":"string","required":false,"description":"Filter by users in the given group name. Using 'nil' as the group name will return users that are not part of any group."},{"name":"auth_domain_name","in":"query","required":false,"type":"string","description":"Filter by the user's auth domain"},{"name":"allowed_auth_methods","in":"query","required":false,"type":"array","description":"Filter by the login authentication method allowed to the users. \nIt is a comma seperated list of values. \nA special value `empty` can be specified to get users to whom no authentication method is allowed.\n","items":{"type":"string"}},{"name":"allowed_client_types","in":"query","required":false,"type":"array","description":"Filter by the client types that can authenticate the user.\nIt is a comma separated list of values.\n","items":{"type":"string"}},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","nickname":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"last_failed_login_at":null,"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"]}]}}},"400":{"description":"Bad Request | User already exists.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"post":{"summary":"Create","description":"Create a new user in a domain(including root), or add an existing domain user to a sub-domain.\nUsers are always created in the local, internal user database, but might\nhave references to external identity providers.\n\nThe `connection` property is optional. If this property is specified\nwhen creating new users, it can be the name of a connection or\n`local_account` for a local user.\n\nThe `connection` property is only used in the body of the create-user\nrequest. It is not present in either request or response bodies of\nthe other user endpoints.\n\nTo create a user -\n`username` is mandatory. And\n`password` is required in most cases except when certificate authentication is used and certificate subject dn \nis provided.\n\nTo enable certificate based authentication for a user, it is required to set\n`certificate_subject_dn` and add \"user_certificate\" authentication method in `allowed_auth_methods`.\nThis functionality is available only for local users.\n\nTo assign a root domain user to a sub-domain -\nthe users are added to the domain of the user who is logging in, and the `connection`\nproperty should be left empty. The `user_id` or `username` fields are\nthe only ones that are used while adding existing users to sub-domains;\nall other fields are ignored.\n","tags":["Users"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Create User","properties":{"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n\nThis attribute may also be used (instead of the user_id) when\nadding an existing root domain user to a different domain.\n"},"password":{"type":"string","description":"The password used to secure the users account. Allowed\npasswords are defined by the password policy.\n\nPassword is optional when \"certificate_subject_dn\" is set and \"user_certificate\" is in \nallowed_auth_methods.In all other cases, password is required\n\nIt is not included in user resource responses.\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not\nincluded in user resource responses. Can be the name of a\nconnection or \"local_account\" for a local user, defaults to\n\"local_account\".\n"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"is_domain_user":{"type":"boolean","description":"This flag can be used to create the user in a non-root domain where user management is allowed.\n"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nIf both `enable_cert_auth` and `allowed_auth_methods` are provided in the request, `enable_cert_auth` is ignored. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"password_change_required":{"type":"boolean","description":"Password change required flag.\nIf set to true, user will be required to change their password on next successful login.\n"},"user_id":{"type":"string","description":"The user_id is the ID of an existing root domain user.\nThis field is used only when adding an existing root domain user to a different domain.\n"},"login_flags":{"type":"object","description":"Flags for controlling user's login behavior.","properties":{"prevent_ui_login":{"type":"boolean","description":"If true, user is not allowed to login from Web UI. Default - false"}}},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user. \nDefault value - [\"password\"] i.e. Password Authentication is allowed by default. \nSetting it to empty, i.e `[]`, means no authentication method is allowed to the user. \nIf both `enable_cert_auth` and `allowed_auth_methods` are provided in the request, `enable_cert_auth` is ignored. \n\nValid values in the array are:\n- password\n- user_certificate\n"},"expires_at":{"type":"string","format":"timestamp","description":"expires_at is applicable only for local user account. admin or a user which is part of admin group can add expiration to an existing local user account or modify the expiration date.\nOnce the \"expires_at\" date is reached, the user account will be disabled and user will not be able to perform any actions.\n"},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types that can authenticate using the user's credentials. \nDefault value - [\"unregistered\", \"public\", \"confidential\"] i.e. all clients can authenticate the user using user's credentials. \nSetting it to empty, i.e `[]`, means no client can authenticate this user, which effectively means no one can login into this user. \n\nValid values in the array are:\n- unregistered\n- public\n- confidential\n"}},"example":{"application/json":{"app_metadata":{},"email":"frank@local","name":"frank","username":"frank","password":"password","user_metadata":{}}}}}],"responses":{"201":{"description":"Successful user creation.","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","nickname":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"failed_logins_count":0,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"]}}}}}},"/v1/usermgmt/users/{user_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"user_id","in":"path","required":true,"description":"the user_id of the user","type":"string"}],"get":{"summary":"Get","description":"Returns a single user resource. If the user_id \"self\" is provided, it will return the current user's information.\n","tags":["Users"],"responses":{"200":{"description":"OK","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-10-26T21:48:45.516264+00:00","email":"john@local","last_login":"2016-10-27T16:40:41.753756+00:00","logins_count":6,"name":"john","username":"john","nickname":"john","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-10-27T16:40:41.730918+00:00","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c","user_metadata":{},"last_failed_login_at":null,"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a user given the user's user-id.\nIf the current user is logged into a sub-domain, the user is deleted from that sub-domain.\nIf the current user is logged into the root domain, the user is deleted from all domains it belongs to.\n","tags":["Users"],"responses":{"204":{"description":"No Content | Successful deletion of user."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Change the properties of a user. For instance the name, the password, or metadata. Permissions would normally\nrestrict this route to users with admin privileges. Non admin users wishing to change their own passwords\nshould use the change password route. The user will not be able to change their password to the same password.\n","tags":["Users"],"parameters":[{"name":"body","in":"body","description":"The user properties to change. The properties will be merged\ninto the user resource. The `app_metadata` and `user_metadata`\nproperties will be recursively merged. To remove a property\ninside the metadata objects, set it to nil.\n","schema":{"type":"object","title":"Update User","properties":{"username":{"type":"string","description":"The login name of the user."},"password":{"type":"string","description":"The password used to secure the users account."},"email":{"type":"string","format":"email","description":"The email of the user"},"name":{"type":"string","description":"The user's full name"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate.\ne.g.OU=organization unit,O=organization,L=location,ST=state,C=country\n"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nIf both `enable_cert_auth` and `allowed_auth_methods` are provided in the request, `enable_cert_auth` is ignored. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"failed_logins_count":{"type":"integer","description":"Set it to 0 to unlock a locked user account."},"password_change_required":{"type":"boolean","description":"Password change required flag.\nIf set to true, user will be required to change their password on next successful login.\n"},"login_flags":{"type":"object","description":"Flags for controlling user's login behavior.","properties":{"prevent_ui_login":{"type":"boolean","description":"If true, user is not allowed to login from Web UI. Set it to true or false."}}},"expires_at":{"type":"string","format":"timestamp","description":"expires_at is applicable only for local user account. admin or a user which is part of admin group can add expiration to an existing local user account or modify the expiration date. \nOnce the \"expires_at\" date is reached, the user account will be disabled and user will not be able to perform any actions.\n"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user. \nSetting it to empty, i.e `[]`, means no authentication method is allowed to the user. \nIf both `enable_cert_auth` and `allowed_auth_methods` are provided in the request, `enable_cert_auth` is ignored. \n\nValid values in the array are:\n- password\n- user_certificate\n"},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types that can authenticate using the user's credentials. \nSetting it to empty, i.e `[]`, means no client can authenticate this user, which effectively means no one can login into this user. \n\nValid values in the array are:\n- unregistered\n- public\n- confidential\n"}},"example":{"email":"john@local","name":"john","username":"john","password":"password","user_metadata":{},"password_change_required":true,"certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":true}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-10-26T21:48:45.516264+00:00","email":"john@local","last_login":"2016-10-27T16:40:41.753756+00:00","logins_count":6,"name":"john","username":"john","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":true,"updated_at":"2016-10-27T16:40:41.730918+00:00","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c","user_metadata":{},"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/auth/self/user":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns a single user resource. It will return the current user's information.\n","tags":["Users"],"responses":{"200":{"description":"OK","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-10-26T21:48:45.516264+00:00","email":"john@local","last_login":"2016-10-27T16:40:41.753756+00:00","logins_count":6,"name":"john","username":"john","nickname":"john","updated_at":"2016-10-27T16:40:41.730918+00:00","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c","user_metadata":{},"last_failed_login_at":null,"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_auth_methods":["password"],"allowed_client_types":["unregistered","public","confidential"]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Change the properties of a user. For instance the email, or metadata.\n","tags":["Users"],"parameters":[{"name":"body","in":"body","description":"The user properties to change. The properties will be merged\ninto the user resource. The `app_metadata` and `user_metadata`\nproperties will be recursively merged. To remove a property\ninside the metadata objects, set it to nil.\n","schema":{"type":"object","title":"Update User(Self)","properties":{"name":{"type":"string","description":"Name can be full name or a user friendly name."},"email":{"type":"string","format":"email","description":"The email of the user"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"}},"example":{"name":"john","email":"john@local","user_metadata":{}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-10-26T21:48:45.516264+00:00","email":"john@local","last_login":"2016-10-27T16:40:41.753756+00:00","logins_count":6,"name":"john","username":"john","updated_at":"2016-10-27T16:40:41.730918+00:00","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c","user_metadata":{},"failed_logins_count":0,"failed_logins_initial_attempt_at":null,"account_lockout_at":null,"allowed_client_types":["unregistered","public","confidential"]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/auth/changepw":{"patch":{"summary":"Change password","description":"Change the current user's password. Can only be used to change the password\nof the currently authenticated user. The user will not be able to change their password to the same password.\n","tags":["Users"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Change Password","required":["username","password","new_password"],"properties":{"username":{"type":"string","description":"The login name of the current user."},"password":{"type":"string","description":"The own user's current password"},"new_password":{"type":"string","description":"The new password"},"auth_domain":{"type":"string","description":"The domain where user needs to be authenticated. This is the domain where user is created. Defaults to the root domain.\n"}},"example":{"username":"john","password":"currentpassword","new_password":"newpassword"}}}],"responses":{"204":{"description":"No Content | Successful password change."}}}},"/v1/usermgmt/pwdpolicies/global":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Change password policy","description":"Change the current password policy for all users. Can only be used to by a member of the admin group. Currently, a single policy named 'global' is applied to all users.","tags":["Users"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Change Password Policy","properties":{"inclusive_min_upper_case":{"type":"integer","description":"The minimum number of upper cases"},"inclusive_min_lower_case":{"type":"integer","description":"The minimum number of lower cases"},"inclusive_min_digits":{"type":"integer","description":"The minimum number of digits"},"inclusive_min_other":{"type":"integer","description":"The minimum number of other characters"},"inclusive_min_total_length":{"type":"integer","description":"The minimum length of the password. Value 0 is ignored."},"inclusive_max_total_length":{"type":"integer","description":"The maximum length of the password. Value 0 is ignored."},"password_history_threshold":{"type":"integer","description":"Determines the number of past passwords a user cannot reuse. Even with value 0, the user will not be able to change their password to the same password."},"password_lifetime":{"type":"integer","description":"The maximum lifetime of the password in days. Value 0 is ignored."},"password_change_min_days":{"type":"integer","description":"The minimum period in days between password changes. Value 0 is ignored."},"failed_logins_lockout_thresholds":{"type":"array","items":{"type":"integer"},"description":"List of lockout durations in minutes for failed login attempts.\nFor example, with input of [0, 5, 30], the first failed login attempt with duration of zero will not lockout the user account,\nthe second failed login attempt will lockout the account for 5 minutes,\nthe third and subsequent failed login attempts will lockout for 30 minutes.\nSet an empty array '[]' to disable the user account lockout.\n"}},"example":{"inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":0,"inclusive_min_total_length":8,"inclusive_max_total_length":30,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30,"password_change_min_days":1}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}},"examples":{"application/json":{"inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":1,"inclusive_min_total_length":5,"inclusive_max_total_length":10,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30}}}}},"get":{"summary":"Get password policy","description":"Get the current password policy for all users.","tags":["Users"],"responses":{"200":{"description":"OK","schema":{"description":"A User represents a unique, actual person or system.\n\nUsers and their credentials currently reside in an internal user database.\nSupport will be added in the future for users residing in external\nauthentication services as well.\n\nUsers must be created explicitly through the API.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user. This is the identifier used to login.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"password":{"type":"string","description":"The password used to secure the users account. There are currently\nno restrictions around the type or length of password that is required.\nThis attribute is required to create a user, but is not included\nin user resource responses.\n"},"connection":{"type":"string","description":"This attribute is required to create a user, but is not included\nin user resource responses. Can be the name of a connection or\n\"local_account\" for a local user, defaults to \"local_account\".\n"},"email":{"type":"string","format":"email","description":"E-mail of the user"},"name":{"type":"string","description":"Full name of the user"},"certificate_subject_dn":{"type":"string","description":"The Distinguished Name of the user in certificate"},"enable_cert_auth":{"type":"boolean","description":"**Deprecated**: Use `allowed_auth_methods` instead. \nEnable certificate based authentication flag.\nIf set to true, the user will be able to login using certificate.\n"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"logins_count":{"type":"integer","readOnly":true,"description":"Count for the number of logins"},"last_login":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last login"},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of when user was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"Timestamp of last update of the user"},"allowed_auth_methods":{"type":"array","items":{"type":"string"},"description":"List of login authentication methods allowed to the user."},"expires_at":{"type":"string","format":"timestamp","description":"The expires_at is applicable only for local user accounts. The admin or a user who is part of the admin group can add expiration to an existing local user account or modify the expiration date. Once the expires_at date is reached, the user account gets disabled and the user is not able to perform any actions."},"allowed_client_types":{"type":"array","items":{"type":"string"},"description":"List of client types allowed to the user."}},"example":{"app_metadata":{},"created_at":"2016-12-02T22:34:24.222Z","email":"frank@local","last_login":"2016-12-02T22:34:24.222Z","expires_at":"2050-12-02T22:34:24.222Z","logins_count":0,"name":"frank","username":"frank","certificate_subject_dn":"OU=organization unit,O=organization,L=location,ST=state,C=country","enable_cert_auth":false,"updated_at":"2016-12-02T22:34:24.222Z","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","user_metadata":{},"allowed_auth_methods":["password"]}}}}}},"/v1/usermgmt/groups/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of group resources. Query parameters can be\nused to filter the results. Results are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\nGroups can be filtered for user or client membership. Connection\nfilter applies only to user group membership and NOT to clients.\n","tags":["Groups"],"parameters":[{"name":"name","in":"query","description":"Filter by group name.\n","required":false,"type":"string"},{"name":"users","in":"query","description":"Filter by user membership. Using the username 'nil' will return\ngroups with no members.\n","required":false,"type":"string"},{"name":"connection","in":"query","description":"Filter by connection name or ID.\n","required":false,"type":"string"},{"name":"clients","in":"query","description":"Filter by client membership. Using the client name 'nil' will return\ngroups with no members.\n","required":false,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A group object","type":"object","required":["name"],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}]}}}}},"post":{"summary":"Create","tags":["Groups"],"parameters":[{"name":"body","in":"body","schema":{"title":"Create Group","description":"A group object","type":"object","required":["name"],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{}}}}],"responses":{"201":{"description":"Successful group creation.","schema":{"description":"A group object","type":"object","required":["name"],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{}}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}}}}},"/v1/usermgmt/groups/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","type":"string","required":true,"description":"the name of the group"}],"get":{"summary":"Get","tags":["Groups"],"responses":{"200":{"description":"Success resource retrieval.","schema":{"description":"A group object","type":"object","required":["name"],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{}}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","tags":["Groups"],"parameters":[{"name":"body","in":"body","description":"Delete group parameters","schema":{"type":"object","title":"Delete group Request","properties":{"force":{"type":"boolean","description":"When set to true, groupmaps within this group will be deleted\n"}},"example":{"force":false}}}],"responses":{"204":{"description":"No Content | Successful deletion of group."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"The only things you can update on a group are the name, and the\n`app_metadata`.\n","tags":["Groups"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Update Group","description":"A group object","type":"object","required":["name"],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A group object","type":"object","required":["name"],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{}}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/usermgmt/groups/{name}/users/{user_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"user_id","in":"path","required":true,"description":"the user_id of the user","type":"string"},{"name":"name","in":"path","type":"string","required":true,"description":"the name of the group"}],"post":{"summary":"Add user","description":"Add a user to a group. This call is idempotent: calls to add a user\nto a group in which they already belong with return an identical, OK\nresponse.\n","tags":["Groups"],"responses":{"200":{"description":"Successful resource addition.","schema":{"description":"A group object","type":"object","required":["name"],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{}}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}},"400":{"description":"Bad Request | User not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Remove user","description":"Removes a user from a group from a group. Will return a 404 if the\ngroup is not found, and a 400 if the user is not a member of the\ngroup.\n","tags":["Groups"],"responses":{"204":{"description":"No Content | Successful deletion of user."},"400":{"description":"Bad Request | User is not a member of the group","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/groups/{name}/clients/{client_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"client_id","in":"path","required":true,"description":"the client_id of the client","type":"string"},{"name":"name","in":"path","type":"string","required":true,"description":"the name of the group"}],"post":{"summary":"Add client","description":"Add a client to a group. This call is idempotent: calls to add a client\nto a group in which they already belong with return an identical, OK\nresponse.\n","tags":["Groups"],"responses":{"200":{"description":"Successful resource addition.","schema":{"description":"A group object","type":"object","required":["name"],"properties":{"name":{"type":"string","description":"name of the group"},"user_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nuser_metadata is typically used by applications to store information about\nthe resource which the end-users are allowed to modify, such as\nuser preferences.\n"},"app_metadata":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the resource.\napp_metadata is typically used by applications to store information\nwhich the end-users are not themselves allowed to change,\nlike group membership or security roles.\n"},"client_metadata":{"type":"object","description":"A schema-less object, which can be used by applications\nto store information about the resource.\nclient_metadata is typically used by applications to store information about\nthe resource, such as client preferences.\n"}},"example":{"app_metadata":{},"name":"drivers","user_metadata":{},"client_metadata":{}}},"examples":{"application/json":{"app_metadata":{},"created_at":"2016-12-05T15:13:49.543Z","name":"drivers","updated_at":"2016-12-05T15:13:49.543Z","user_metadata":{},"client_metadata":{}}}},"400":{"description":"Bad Request | Client not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Remove client","description":"Removes a client from a group from a group. Will return a 404 if the\ngroup is not found, and a 400 if the client is not a member of the\ngroup.\n","tags":["Groups"],"responses":{"204":{"description":"No Content | Successful deletion of client."},"400":{"description":"Bad Request | Client is not a member of the group.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/auth/tokens/":{"get":{"summary":"List","description":"Returns a list of refresh tokens.\n","tags":["Tokens"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"user_id","in":"query","type":"string","description":"the id of the user"},{"name":"labels","in":"query","type":"string","description":"the label(s) tagged with the refresh token. Use query format labels=label1,label2 or labels=label1&labels=label2.\n"},{"name":"expired","in":"query","type":"boolean","description":"Token expiry flag. If set to false or not specified, expired tokens will not be returned.\n"},{"name":"revoked","in":"query","type":"boolean","description":"Token revocation flag. If set to false or not specified, revoked tokens will not be returned.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"description":"An authentication token.","type":"object","properties":{"jwt":{"type":"string","format":"jwt","description":"The authentication token. This is the value which needs to be\nplaced in the API request headers.\n"},"duration":{"type":"integer","description":"the expiration duration of the token"}},"example":{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2MiOiJreWxvIiwiYXVkIjoiMDNlNGE5M2ItODZhMy00YTViLWIzZTgtOGM4OWFiZmQzMDg4IiwiY3VzdCI6eyJncm91cHMiOlsiYWRtaW4iXX0sImV4cCI6MTQ3NDY0NTg1MSwiaWF0IjoxNDc0NjQ1NTUxLCJpc3MiOiJreWxvIiwic3ViIjoiYWRtaW4ifQ.iD5FGSwzDvGv5leRzULMnEfqls1_4tiR067J9cbV_4Q","duration":300}},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","labels":["web"],"userId":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","expiresIn":0,"expired":false,"revokeNotRefreshedIn":0,"revoked":false,"refreshedAt":"2017-05-03T05:32:57.617418-04:00","createdAt":"2017-05-02T05:32:57.61742-04:00","updatedAt":"2017-05-03T05:32:57.656492-04:00"}]}}}}},"post":{"summary":"Create","description":"This route is for exchanging a credential for\nan API authentication token (access token), which can be used to make API calls.\nThe credential can be a username/password, a refresh token, or a certificate\n\nThe username and password or refresh token is passed in the body of the request, and \nthe certificate must be presented during SSL negotion, and issued by a CA trusted by the \nweb interface.\n\nThe response contains the `jwt`, which is the API authentication token (access token),\n`duration`, which is the length of time until the token expires, refresh token\nthat can be used to get a new or additional API authentication token, and the\nclient id of the refresh token.\n","tags":["Tokens"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","title":"Create Token","properties":{"grant_type":{"type":"string","description":"The authorization grant type. It is optional and valid values are `password`,\n`refresh_token`, `user_certificate`, and `client_credential`. \n\n* `password`: Authenticate using a password (which is the default), but returns both a JWT and a refresh token.\n* `refresh_token`: Authenicate using a refresh token. Returns a JWT, and a refresh token if `renew_refresh_token` is set to true.\n* `user_certificate`: Authenticate using a client certificate presented during SSL negotiaion. The DN of the certificate\nwill be matched to a user's `certificate_subject_dn`. Returns both a JWT and a refresh token.\n* `client_credential`: Authenticate using a client certificate presented during SSL negotiation. The certifcate will be used to\nidentify a client and an appropriate token returned. Returns only a JWT.\n"},"username":{"type":"string","description":"The user's username. Required when the grant_type is not specified or `password`.\nYou can specify an LDAP user with the format |.\nConnection names specified this way override the value specified in the connection field.\nNot valid with `refresh_token` grant type.\n"},"password":{"type":"string","description":"The user's password. Required when the grant_type is not specified or `password`.\nNot valid with `refresh_token` grant type.\n"},"labels":{"type":"array","items":{"type":"string"},"description":"The labels are for tagging. Valid with `password` grant type and optional."},"refresh_token":{"type":"string","description":"The refresh token used to obtain an API authentication token without the user credential.\nThis refresh token will be revoked if token is requested for a different domain the user belongs to.\nValid with `refresh_token` grant type.\n"},"refresh_token_lifetime":{"type":"integer","description":"Lifetime of a refresh token in minutes. By default, refresh tokens have no expiry.\nValid with `password` grant type.\n"},"refresh_token_revoke_unused_in":{"type":"integer","description":"Refresh token inactivity timeout period in minutes. The refresh token will be revoked if not used\nwithin the specified time to refresh an access token. Each usage resets refresh token lease.\nValid with `password` grant type.\n"},"renew_refresh_token":{"type":"boolean","description":"Get a new refresh token along with the API authentication token and invalidate the current\nrefresh token. Valid with `refresh_token` grant type.\n"},"connection":{"type":"string","description":"The friendly name of the server you want to authenticate against. If nothing is provided,\nit will default to local_account.\n"},"domain":{"type":"string","description":"The domain name or ID to issue the token for. For grant type of 'password' it defaults to the root domain.\nWith 'refresh_token' grant type, refresh token used will be revoked if it was not issued for this domain.\nNot currently supported for 'client_credential' grant type.\n"},"auth_domain":{"type":"string","description":"The domain where user needs to be authenticated. This is the domain where user is created. Defaults to the root domain.\n"},"client_id":{"type":"string","default":"837c840d-75dd-4b4f-a318-79cb16ca248d","description":"Client id of the pre-registered api playground client.\n"},"cookies":{"type":"boolean","description":"Any JWT and refresh token will be returned as cookies rather than in the response body.\n"}},"example":{"grant_type":"password","username":"steve","password":"mysecretword","client_id":"837c840d-75dd-4b4f-a318-79cb16ca248d","labels":["myapp","cli"]}}}],"responses":{"200":{"description":"Successful refresh token creation.","schema":{"description":"An authentication token.","type":"object","properties":{"jwt":{"type":"string","format":"jwt","description":"The authentication token. This is the value which needs to be\nplaced in the API request headers.\n"},"duration":{"type":"integer","description":"the expiration duration of the token"}},"example":{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2MiOiJreWxvIiwiYXVkIjoiMDNlNGE5M2ItODZhMy00YTViLWIzZTgtOGM4OWFiZmQzMDg4IiwiY3VzdCI6eyJncm91cHMiOlsiYWRtaW4iXX0sImV4cCI6MTQ3NDY0NTg1MSwiaWF0IjoxNDc0NjQ1NTUxLCJpc3MiOiJreWxvIiwic3ViIjoiYWRtaW4ifQ.iD5FGSwzDvGv5leRzULMnEfqls1_4tiR067J9cbV_4Q","duration":300}},"examples":{"application/json":{"jwt":"mF_9.B5f-4.1JqM","duration":300,"token_type":"Bearer","client_id":"1-2-3-4","refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA"}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/auth/tokens/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return information about the refresh token. Does not return the token.\n","tags":["Tokens"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"description":"An authentication token.","type":"object","properties":{"jwt":{"type":"string","format":"jwt","description":"The authentication token. This is the value which needs to be\nplaced in the API request headers.\n"},"duration":{"type":"integer","description":"the expiration duration of the token"}},"example":{"jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2MiOiJreWxvIiwiYXVkIjoiMDNlNGE5M2ItODZhMy00YTViLWIzZTgtOGM4OWFiZmQzMDg4IiwiY3VzdCI6eyJncm91cHMiOlsiYWRtaW4iXX0sImV4cCI6MTQ3NDY0NTg1MSwiaWF0IjoxNDc0NjQ1NTUxLCJpc3MiOiJreWxvIiwic3ViIjoiYWRtaW4ifQ.iD5FGSwzDvGv5leRzULMnEfqls1_4tiR067J9cbV_4Q","duration":300}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","labels":["web"],"userId":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538","expiresIn":0,"expired":false,"revokeNotRefreshedIn":0,"revoked":false,"refreshedAt":"2017-05-03T05:32:57.617418-04:00","createdAt":"2017-05-02T05:32:57.61742-04:00","updatedAt":"2017-05-03T05:32:57.656492-04:00"}}}}},"delete":{"summary":"Delete","description":"Delete a refresh token.","tags":["Tokens"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of refresh token."}}}},"/v1/auth/revoke":{"post":{"summary":"Revoke","description":"Revoke a refresh token.\n","tags":["Tokens"],"parameters":[{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the token's owner or client id and the refresh token to be revoked.\n","schema":{"type":"object","title":"Revoke Token","required":["token"],"properties":{"username":{"type":"string","description":"The user's username. Not required if client id is specified.\nYou can specify an LDAP user with the format |.\nConnection names specified this way override the value specified in the connection field.\n"},"password":{"type":"string","description":"The user's password. Not required if client id is specified."},"connection":{"type":"string","description":"The active directory the user is a part of. Defaults to local_account if not provided."},"client_id":{"type":"string","description":"The client id of the refresh token. Not required if username and password\nis specified.\n"},"token":{"type":"string","description":"The refresh token to be revoked."}},"example":{"client_id":"1-2-3-4","token":"tGzv3JOkF0XG5Qx2TlKWIA"}}}],"responses":{"204":{"description":"No Content | Successful revocation of refresh token."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/auth/self/domains":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns a list of domains that the current user is member of. The result can be filtered using the query parameters.\n","tags":["Tokens"],"parameters":[{"in":"query","type":"string","name":"name","description":"Filter the result based on domain names. The '?' and '*' wildcard characters may be used."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","examples":{"application/json":{"skip":0,"limit":10,"total":2,"current_domain":{"id":"00000000-0000-0000-0000-000000000000","name":"root"},"resources":[{"id":"00000000-0000-0000-0000-000000000000","name":"root"},{"id":"2c9785a7-4bac-46ae-a67c-74141766c85d","name":"domain2"}]}}},"404":{"description":"Resource not found."}}}},"/v1/auth/rotate-auth-key":{"post":{"summary":"Rotate","description":"Rotate the token auth key, new key is effective after restart of CM services.","tags":["Tokens"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"responses":{"204":{"description":"No Content | Successful rotating token auth key."}}}},"/v1/usermgmt/connection-test/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test","description":"Tests an LDAP server connection.\n","tags":["Connections/Connections"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Test Connection","example":{"connection":{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"}},"credentials":{"username":"fry","password":"fry"}},"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["connection","credentials"],"properties":{"connection":{"description":"Parameters required for testing a connection to an LDAP server.","type":"object","required":["strategy","options"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (ldap)"},"options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}}}},"credentials":{"title":"credentials","description":"User Credentials for testing a connection.","type":"object","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username"}}}}}}],"responses":{"200":{"description":"Successful LDAP server test."}}}},"/v1/usermgmt/connections/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of connection resources. Query parameters can be\nused to filter the results. Results are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\n","tags":["Connections/Connections"],"parameters":[{"name":"strategy","in":"query","required":false,"type":"string","description":"Filter by strategy"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\n\nSupported fields to sort by: name\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["name","strategy"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (`ldap` or `oidc`)"},"options":{"description":"Deprecated, replaced by 'ldap_options'.","type":"object","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended to use, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended to use, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."}}}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}]}}}}},"post":{"summary":"Create","description":"Creates a new connection, such as an LDAP server used for authentication.\n\nFor LDAP, If `bind_dn` and `bind_pass` aren't provided, the LDAP search\nwill be performed using the 'end user provided' user id and password.\n\nStrategies have their own specific \"options\" attributes, such as\n`ldap_options` and `oidc_options` during creation and update.\nConnection objects still returns the generic `option` attribute in\nreponses, for example from create or during list.\n\nLDAP connections also accepts `options` for backwards compatibility but\nthis attribute is deprecated.\n","tags":["Connections/Connections","Enterprise"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Create Connection","example":{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"}},"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["name","strategy"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (`ldap` or `oidc`)"},"options":{"description":"Deprecated, replaced by 'ldap_options'.","type":"object","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended to use, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended to use, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."}}}}}}],"responses":{"201":{"description":"Successful LDAP server creation","schema":{"type":"object"},"examples":{"application/json":{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}}},"/v1/usermgmt/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"}],"get":{"summary":"Get","description":"Gets information about the specified bound connection.\n","tags":["Connections/Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}},"delete":{"summary":"Delete","description":"Deletes the specified connection to a bound LDAP server.\n","tags":["Connections/Connections"],"responses":{"204":{"description":"No Content | Successful deletion of LDAP connection."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection's properties.\n\n* These properties are only updated when their value is non-empty:\n * `server_url`\n * `root_dn`\n * `uid_field`\n\n* If `guid_field` is specified as the empty string, then it is set to the value of `uid_field.\n\nStrategies have their own specific \"options\" attributes, such as\n`ldap_options` and `oidc_options` during creation and update.\nConnection objects still returns the generic `option` attribute in\nreponses, for example from create or during list.\n\nLDAP connections also accepts `options` for backwards compatibility but\nthis attribute is deprecated.\n","tags":["Connections/Connections"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Update Connection","example":{"strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=example,dc=com","uid_field":"uid","bind_dn":"cn=admin,dc=planetexpress,dc=com"}},"description":"Parameters required for updating a connection to an LDAP server.","type":"object","required":["strategy"],"properties":{"strategy":{"type":"string","description":"Strategy of connection (ldap)"},"options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended to use, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended to use, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."}}}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=example,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}}},"/v1/usermgmt/connections/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"}],"post":{"summary":"Delete connection with optional parameters","description":"Deletes the specified connection to a bound LDAP server.\nIf the force flag is specified, delete sub-domain groupmaps and users associated with the LDAP connection.\n","tags":["Connections/Connections"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"title":"Delete Connection Parameters","example":{"force":true},"description":"Parameters required for deleting a connection to an LDAP server.","type":"object","properties":{"force":{"type":"boolean","description":"If true, sub-domain groupmaps and users associated with the LDAP connection are silently deleted."}}}}],"responses":{"204":{"description":"No Content | Successful deletion of LDAP connection."},"404":{"description":"Resource not found."}}}},"/v1/usermgmt/connections/{id}/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"}],"post":{"summary":"Refresh OIDC connection","description":"Update authorization_uri and jwks from issuer's well-known configuration\n","tags":["Connections/Connections"],"responses":{"200":{"description":"Successful refreshing connection from OIDC well-known configuration.","schema":{"type":"object"},"examples":{"application/json":{"name":"oidc","strategy":"odic","options":{"authorization_uri":"https://spedemo-sasidp.stademo.com/auth/realms/IHA6N4NUDA-STA/protocol/openid-connect/auth","client_id":"575df82d-5edd-4808-a2ce-2c0df415a014","redirect_uris":["https://localhost/api/v1/auth/oidc-callback"],"jwks":[{"kid":"7pFWILCTgJ1wYDzRtQE0ErOczk_EHg7JLjNTG5-Lh80","alg":"RS256","kty":"RSA","use":"sig","n":"iblPgNtlVOE521J1zOjmOgijCSPmj1IgfXMaoUH4G5ceCswOyjjaiKOJhT1e8b8JQzsddoTZK-fdE_QOSxfTHKQTiCOKcASc3ztBqi_nQNUZtjSeIwzrEtLLSKORgq_x0juF9sm6tLTJg9RmbhalBfudC9bvkqbgaZZxkC1-Yya_aMMUWnmXvPh8MmkRGKeiHB76NYWtgWL5K_5yeuBb6gdr5-BFR9ol7JHlGDS8BmIP7j60SoQIsDlONABTrPf3cSmnBbYJKrg6nH-C-2qh3woebyaEG4RzwAkeFawiIAllg-ssJZRhRaizWsyUPi4fM8_KaKQVf8HsFG9gKer5kw","e":"AQAB"}],"discovery_uri":"https://spedemo-sasidp.stademo.com/auth/realms/IHA6N4NUDA-STA/.well-known/openid-configuration"},"inherited_from":{},"id":"d1394903-4472-475e-8d6b-6a61b0c0cf88","created_at":"2021-08-16T00:50:35.489277+00:00","updated_at":"2021-08-16T01:58:07.599628+00:00"}}},"404":{"description":"Resource not found."}}}},"/v1/usermgmt/connections/{id}/users/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"}],"get":{"summary":"List","description":"Returns a list of users belonging to the connection.\n_Currently only supporting 'zone' connections._\nResults are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\n","tags":["Connections/Connections"],"parameters":[{"name":"username","in":"query","required":false,"type":"string","description":"Filter by the user's username"},{"name":"email","in":"query","required":false,"type":"string","description":"Filter by the user's email"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A ConnectionUser is an abridged User. It is only used in the /connections/{id}/users/ routes.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user.\n\nThe user enters the username and the password to log in.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"email":{"type":"string","format":"email","description":"the email of the user"},"name":{"type":"string","description":"the users full name"}},"example":{"email":"frank@local","name":"frank","username":"frank","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538"}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"email":"frank@local","name":"frank","username":"frank"}]}}}}}},"/v1/usermgmt/connections/{id}/users/{user_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the connection"},{"name":"user_id","in":"path","type":"string","required":true,"description":"the id of the user"}],"get":{"summary":"Get","description":"Retrieves a specific user belonging to the connection.\n _Currently only supporting 'zone' connections._\n","tags":["Connections/Connections"],"responses":{"200":{"description":"OK","schema":{"description":"A ConnectionUser is an abridged User. It is only used in the /connections/{id}/users/ routes.\n","type":"object","properties":{"userid":{"type":"string","description":"A unique identifier for API call usage.","readOnly":true},"username":{"type":"string","description":"The login name of the user.\n\nThe user enters the username and the password to log in.\n\nThis attribute is required to create a user, but is omitted\nwhen getting or listing user resources. It cannot be updated.\n"},"email":{"type":"string","format":"email","description":"the email of the user"},"name":{"type":"string","description":"the users full name"}},"example":{"email":"frank@local","name":"frank","username":"frank","user_id":"local|9cd4196b-b4b3-42d7-837f-d4fdeff36538"}},"examples":{"application/json":{"email":"john@local","username":"john","user_id":"local|e732ef3b-8edb-4394-90a3-262980eac55c"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/auth/id-providers":{"get":{"summary":"Get","description":"Return the list of Identity Providers associated with this CipherTrust Manager server.\nThis is an unauthenticated route.\n","tags":["Identity Providers"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Parameters required for creating a connection to an LDAP server.","type":"object","required":["name","strategy"],"properties":{"name":{"type":"string","description":"A friendly name for your connection which users will see when they login. It is ignored during a connection test."},"strategy":{"type":"string","description":"Strategy of connection (`ldap` or `oidc`)"},"options":{"description":"Deprecated, replaced by 'ldap_options'.","type":"object","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"ldap_options":{"type":"object","description":"Options for connecting to an LDAP server.","required":["server_url","uid_field","root_dn"],"properties":{"server_url":{"type":"string","description":"LDAP only, LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"root_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for users"},"uid_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user id"},"bind_dn":{"type":"string","description":"LDAP only, Object which has permission to search under the root DN for users. This value can be left empty to disable group support for this connection."},"bind_password":{"type":"string","description":"LDAP only, Password for the Bind DN object. This value can be left empty to disable group support for this connection."},"user_dn_field":{"type":"string","description":"LDAP only, Attribute inside the user object which contains the user distingushed name. If user_dn_field is not provided, an attempt is made to determine default value based on uid_field. If uid_field is provided as sAMAccountName, Active Directory configuration is assumed and 'distingushedName' is used as default for user_dn_field. Otherwise, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_field`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"search_filter":{"type":"string","description":"LDAP only, LDAP search filter which can further restrict the set of users who will be allowed to log in"},"guid_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the globally unique identifier of the group. On bind, if guid_field is not provided, it will default to whatever is in uid_field. However, on uid_field update, guid_field will not update automatically."},"group_base_dn":{"type":"string","description":"LDAP only, Starting point to use when searching for groups. This value can be left empty to disable group support for this connection"},"group_filter":{"type":"string","description":"LDAP only, Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_id_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains the group identifier (name). This value can be left empty to disable group support for this connection."},"group_member_field":{"type":"string","description":"LDAP only, Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."},"root_cas":{"type":"array","items":{"type":"string"},"description":"LDAP only, optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"insecure_skip_verify":{"type":"boolean","description":"LDAP only, optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"}}},"oidc_options":{"type":"object","description":"Options for connecting to an external OpenID Connect server","required":["client_id","redirect_uris"],"properties":{"authorization_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the authorization endpoint of the external identity provider. Intended for test and not recommended to use, see discovery URI."},"client_id":{"type":"string","description":"OpenID Connect only, required, the public identifier of CipherTrust Manager on the the external identity provider (authorization server). This value is typically generated by and retrieved from the external identity provider."},"redirect_uri":{"type":"string","description":"(Deprecated) Use redirect URIs instead.\n\nOpenID Connect only, required, URI to redirect to after finished authentication to the external identity provider (authorization server).\n\nThis URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n"},"redirect_uris":{"type":"array","items":{"type":"string"},"description":"OpenID Connect only, required, set of allowed URIs to redirect to after finished authentication to the external identity provider (authorization server).\n\nThese URIs should match the Redirection URIs values for the client pre-registered at the OpenID Provider. The Redirection URI MUST NOT use the `http` scheme.\n\nTypically https://ciphertrust-manager-host/api/v1/auth/oidc-callback where 'ciphertrust-manager-host' should be updated to the hostname of your server.\n"},"discovery_uri":{"type":"string","description":"OpenID Connect only, optional, URI to the well-known configuration endpoint of the external identity provider. External ID Provider settings such as authorization URI and public signing keys will be auto-downloaded from this URI."},"jwks":{"type":"array","description":"OpenID Connect only, optional, array of JWKS containing the public keys for ID Token validation. Intended for test and not recommended to use, see discovery URI.","items":{"type":"object","properties":{"kid":{"type":"string","description":"Key identifier"},"alg":{"type":"string","description":"Key algorithm"},"kty":{"type":"string","description":"Key type"},"use":{"type":"string","description":"Key use"},"n":{"type":"string","description":"Key modulus"},"e":{"type":"string","description":"Key exponent"}}}},"groups_claim":{"type":"string","description":"The claim field name to extract group membership from in the OIDC ID Token. Works in conjunction with Group Maps. If unspecified it default to 'groups'."}}}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"usspe","strategy":"ldap","options":{"server_url":"ldap://172.27.0.6:389","root_dn":"dc=planetexpress,dc=com","uid_field":"uid","user_dn_field":"dn","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_member_field":"member","group_id_field":"cn","group_filter":"(objectclass=Group)"},"id":"c42f3816-eb95-4ddb-95ec-b516aa32cb38","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}]}}}}}},"/v1/auth/id-providers/{id}/login":{"post":{"summary":"Login","description":"Login initiates an ID Provider login flow. It basically returns a\n\"login URI\" to where the user should perform the login to the external\nID Provider. The connection should contain a redirect URI and the user\nshould be redirected back after successful login to finish the login\nflow and get local credentials, typically an access token and a refresh\ntoken.\n\nCurrently it supports OpenID Connect (OIDC) connections using the\nimplicit flow with form post.\n\nThe OpenID Connect implementation is currently limited to:\n\n- `scope=openid email profile`\n- `response_type=id_token`\n- `response_mode=form_post`\n\nThe following standard claims are required to be returned by the external identity provider:\n\n- `sub`: used as the user ID\n\nThe following standard claims are optional and will be used if returned by the external identity provider:\n\n- `name`: used as the \"name\" property of a user, if missing it will fall back to user ID (which effectively means `sub`)\n- `email`: used as the \"email\" property of a user, if missing it will be empty\n\nTo read more about standard scopes: \n\n[https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims](https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)\n\nTo read mroe about standard claims: \n\n[https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims)\n\nThis API supports both HTML form POST data payload with\n\"Content-Type: application/x-www-form-urlencoded\" and JSON data payload\nwith \"Content-Type: application/json\".\n\nThis is an unauthenticated route.\n","tags":["Identity Providers"],"parameters":[{"name":"id","in":"path","description":"The ID of the connection to login via.\n","required":true,"type":"string"},{"name":"body","in":"body","description":"Landing page URI","schema":{"type":"object","title":"Landing page URI","required":["landing_page"],"properties":{"landing_page":{"type":"string","description":"Landing page URI where the user will redirect back to after successful authentication"}},"example":{"landing_page":"https://localhost"}}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"text/html":{"html":{"summary":"HTML meta refresh redirect","value":""}}}}}},"get":{"summary":"Login","description":"Login initiates an ID Provider login flow. It basically returns a\n\"login URI\" to where the user should perform the login to the external\nID Provider. The connection should contain a redirect URI and the user\nshould be redirected back after successful login to finish the login\nflow and get local credentials, typically an access token and a refresh\ntoken.\n\nCurrently it supports OpenID Connect (oidc) connections using the\nimplicit flow with form post.\n\nThe OpenID Connect implementation is currently limited to:\n\n- `scope=openid email profile`\n- `response_type=id_token`\n- `response_mode=form_post`\n\nThis is an unauthenticated route.\n","tags":["Identity Providers"],"parameters":[{"name":"id","in":"path","description":"The ID of the connection to login via.\n","required":true,"type":"string"},{"name":"landing_page","in":"query","type":"string","description":"Landing page URI where the user will redirect back to after successful authentication","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"text/html":{"html":{"summary":"HTML meta refresh redirect","value":""}}}}}}},"/v1/auth/oidc-callback":{"post":{"summary":"Post","description":"Supporting callback for implementing OpenID Connect. Designed to be\ncalled from external Identity Providers and not from users.\n\nIn OpenID Connect this is referred to as the \"redirect URI\". This API\nis meant to be used as the target redirect URI for an OpenID Connect\n(oidc) Connection using a form POST.\n\nIt currently assumes the following OpenID Connect configuration:\n\n- `scope=openid email profile`\n- `response_type=id_token`\n- `response_mode=form_post`\n\nThis API supports both HTML form POST data payload with\n\"Content-Type: application/x-www-form-urlencoded\" and JSON data payload\nwith \"Content-Type: application/json\".\n","tags":["Identity Providers"],"parameters":[{"name":"body","in":"body","description":"Body","schema":{"type":"object","title":"Body","required":["id_token"],"properties":{"id_token":{"type":"string","description":"A signed ID Token from the external identity provider\ncontaining user information\n"},"state":{"type":"string","description":"State which generally is used after successful authentication\nto retain information from before the external authenticaton\n"},"session_state":{"type":"string","description":"Session state from the external identity provider"}},"example":{"id_token":"ey...","state":"connection%3D98a08549-173c-4caf-b21d-3c66fbe1e49a%26landing_page%3Dhttps%3A%2F%2Flocalhost","session_state":"38c53f48-4209-4efa-9dd6-f1e1b6f9ab8a"}}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"text/html":{"html":{"summary":"HTML meta refresh redirect","value":""}}}}}}},"/v1/usermgmt/ldap-browse/{id}/users":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the ldap connection"}],"post":{"summary":"List","description":"Returns a list of users that belong to the LDAP connection based on the query filters set.\n","tags":["Connections/LDAP"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"username","in":"query","type":"string","description":"Username of ldap user, with wildcards such as \"joe*\""},{"name":"groupname","in":"query","type":"string","description":"Groupname of ldap group, with wildcards such as \"admin*\""},{"name":"body","in":"body","description":"All POST body parameter are optional in this API and will be taken from the Connection Manager LDAP connection by default.\n","schema":{"type":"object","title":"Browse LDAP Users","properties":{"server_url":{"type":"string","description":"LDAP URL for your server."},"insecure_skip_verify":{"type":"boolean","description":"Used to disable the verification of the server's certificate."},"root_cas":{"type":"array","items":{"type":"string"},"description":"List of certificates that are used to determine if the server is trusted. Only applicable if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts PEM encoded certificates. Here's an example showing an abbreviated (see [...]) list of root CAs.\n\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n"},"bind_dn":{"type":"string","description":"An object that has permission to search under the root DN for users."},"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."},"base_dn":{"type":"string","description":"Starting point an LDAP server uses when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter that can further restrict the set of users."},"group_base_dn":{"type":"string","description":"Starting point an LDAP server uses when searching for groups."},"group_filter":{"type":"string","description":"Group Filter is only used when Groupname filter is provided. LDAP search filter to list objects of type group."},"group_name_attribute":{"type":"string","description":"Attribute of the group object which contains the friendly name of the group."},"group_id_attribute":{"type":"string","description":"Attribute of the group object that contains the group identifier (name). This value should be unique."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"users":{"type":"array","items":{"type":"object","properties":{"DN":{"type":"string"},"attributes":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"values":{"type":"array","items":{"type":"string"}}}}}}}}}},"examples":{"application/json":{"users":[{"DN":"cn=admin,dc=planetexpress,dc=com","attributes":[{"name":"cn","values":["admin"]}]},{"DN":"cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com","attributes":[{"name":"cn","values":["Amy Wong"]}]},{"DN":"cn=ship_crew,ou=people,dc=planetexpress,dc=com","attributes":[{"name":"cn","values":["ship_crew"]}]}]}}},"400":{"description":"Bad request."}}}},"/v1/usermgmt/ldap-browse/{id}/groups":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the id of the ldap connection"}],"post":{"summary":"List","description":"Returns a list of groups that belong to the LDAP connection based on query filters set.\n","tags":["Connections/LDAP"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"groupname","in":"query","type":"string","description":"groupname of ldap group, with wildcards such as \"admin*\""},{"name":"user_id","in":"query","type":"string","description":"User id to filter the groups wherein the given user is a member of the group."},{"name":"body","in":"body","description":"All POST body parameter are optional in this API and will be taken from the Connection Manager LDAP connection by default.\n","schema":{"type":"object","title":"Browse LDAP Groups","properties":{"server_url":{"type":"string","description":"LDAP URL for your server."},"insecure_skip_verify":{"type":"boolean","description":"Used to disable the verification of the server's certificate."},"root_cas":{"type":"array","items":{"type":"string"},"description":"List of certificates that are used to determine if the server is trusted. Only applicable if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts PEM encoded certificates. Here's an example showing an abbreviated (see [...]) list of root CAs.\n\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the group base DN for the groups."},"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."},"base_dn":{"type":"string","description":"Starting point an LDAP server uses when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter that can further restrict the set of users."},"group_base_dn":{"type":"string","description":"Starting point an LDAP server uses when searching for groups."},"group_filter":{"type":"string","description":"Group Filter is only used when Groupname filter is provided. LDAP search filter to list objects of type group."},"group_name_attribute":{"type":"string","description":"Attribute of the group object which contains the friendly name of the group."},"group_id_attribute":{"type":"string","description":"Attribute of the group object that contains the group identifier (name). This value should be unique."},"user_dn_attribute":{"type":"string","description":"Attribute of the user object that contains the user distinguished name."},"group_member_field":{"type":"string","description":"Attribute of the group object which contains group membership information, basically which users are members of the group."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"users":{"type":"array","items":{"type":"object","properties":{"DN":{"type":"string"},"attributes":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"values":{"type":"array","items":{"type":"string"}}}}}}}}}},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"groups":["admin_staff","ship_crew"]}}},"400":{"description":"Bad request."}}}},"/v1/auth/banners/pre-auth":{"get":{"summary":"Get","description":"Return the pre-authentication banner of this CipherTrust Manager server.\n","tags":["Banners"],"responses":{"200":{"description":"OK","schema":{"properties":{"value":{"type":"string"}}},"examples":{"application/json":{"value":"Welcome to **CipherTrust Manager k170v Server**. You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored."}}}}},"patch":{"summary":"Set","description":"Set the pre-authentication banner of this CipherTrust Manager server.\n","tags":["Banners"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"body","in":"body","description":"Set pre-authentication banner","schema":{"type":"object","title":"Set Pre-authentication Banner Request","required":["value"],"properties":{"value":{"type":"string","description":"New user friendly banner for this CipherTrust Manager server. Banner text supports unicode and markdown. Will be returned by subsequent calls to GET."}}}}],"responses":{"200":{"description":"OK","schema":{"properties":{"value":{"type":"string"}}},"examples":{"application/json":{"value":"Welcome to **CipherTrust Manager k170v Server**. You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored."}}},"401":{"description":"Login failed."}}}},"/v1/auth/banners/post-auth":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the post-authentication banner of this CipherTrust Manager server.\n","tags":["Banners"],"responses":{"200":{"description":"OK","schema":{"properties":{"value":{"type":"string"}}},"examples":{"application/json":{"value":"Welcome to **CipherTrust Manager k170v Server**. You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored."}}},"401":{"description":"Login failed."}}},"patch":{"summary":"Set","description":"Set the post-authentication banner of this CipherTrust Manager server.\n","tags":["Banners"],"parameters":[{"name":"body","in":"body","description":"Set post-authentication banner","schema":{"type":"object","title":"Set Post-authentication Banner Request","required":["value"],"properties":{"value":{"type":"string","description":"New user friendly banner for this CipherTrust Manager server. Banner text supports unicode and markdown. Will be returned by subsequent calls to GET."}}}}],"responses":{"200":{"description":"OK","schema":{"properties":{"value":{"type":"string"}}},"examples":{"application/json":{"value":"Welcome to **CipherTrust Manager k170v Server**. You must have explicit, authorized permission to access or configure this device. Unauthorized attempts and actions to access or use this system may result in civil and/or criminal penalties. All activities performed on this device are logged and monitored."}}},"401":{"description":"Login failed."}}}},"/v1/system/alarms":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Alarms","description":"Lists alarms. Results can be refined with query params.","tags":["Alarms"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"state","in":"query","type":"string","description":"Returns alarms whose state matches the supplied state (e.g. on, off).\n"},{"name":"name","in":"query","type":"string","description":"Returns the alarm having the supplied name.\n"},{"name":"severity","in":"query","type":"string","description":"Returns alarms having the supplied severity (emergency, alert, critical, error, warning, notice, info).\n"},{"name":"source","in":"query","type":"string","description":"Clustered node system name or host name set in the alarm"},{"name":"source_type","in":"query","type":"string","description":"Filter on alarm configuration source type. Valid values are 'server_record' and 'client_record'"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"id":"70d667b4-7284-4a56-ba7e-75e4bdea2b46","uri":"kylo:kylo:audit:alarms:70d667b4-7284-4a56-ba7e-75e4bdea2b46","account":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system","devAccount":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-08-29T08:42:58.988847Z","clearedBy":{},"acknowledgedBy":{},"name":"NAE TLS Disabled","triggeredAt":"2019-08-29T08:42:58.988846Z","state":"off","description":"TLS is disabled on the NAE interface","severity":"critical","service":"NAE","details":{},"source_type":"server_record"}}}}}}},"/v1/system/alarms/{id}/clear":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Clear alarm","description":"Clears an alarm by setting `clearedAt` to the current date,\n`clearedBy` to this user and alarm state to `off`. The intention\nbehind clear is that when a user clears an alarm it means that the\nalarm is no longer applicable, was determined not be an issue, etc.\n","tags":["Alarms"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"0d3c6f62-206a-4745-afe5-6112dfe2d4b2","uri":"kylo:kylo:audit:alarms:0d3c6f62-206a-4745-afe5-6112dfe2d4b2","account":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system","devAccount":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-08-23T19:15:27.484578Z","clearedAt":"2019-08-23T19:45:52.985088185Z","clearedBy":{"username":"admin","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4"},"acknowledgedAt":"0001-01-01T00:00:00Z","acknowledgedBy":{"username":"admin","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4"},"name":"Weak RSA Key","triggeredAt":"2019-08-23T19:15:27.484553Z","state":"off","description":"Size must be >= 2048","severity":"critical","service":"kylo","source":"tmeyers-ubuntu","details":{"id":"e2df5244-1be2-49cd-be4b-b42b6a20ed44","uri":"kylo:kylo:audit:records:e2df5244-1be2-49cd-be4b-b42b6a20ed44","source":"tmeyers-ubuntu","account":"kylo:kylo:admin:accounts:kylo","details":{"domain":"","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4","username":"admin","client_id":"eb533cb3-3606-4365-ad01-dd261ae629af","connection":"local_account","grant_type":"password","refresh_token_id":"75c29b9c-18a0-424a-b639-eed150993e02"},"lineage":"","message":"Create Token","service":"kylo","success":true,"severity":"info","username":"","createdAt":"2019-08-23T19:15:27.474841Z","principal":{"acct":"kylo:kylo:admin:accounts:kylo"},"requestId":"e46a19c1-f3cd-40a6-849f-5b2e532fb8a7","devAccount":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system"},"source_type":"server_record"}}}}}},"/v1/system/alarms/{id}/acknowledge":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Acknowledge alarm","description":"Acknowledges an alarm by setting `acknowledgedAt` to the current date\nand `acknowledgedBy` to this user. The intention behind acknowledge\nis that when a user acknowledges an alarm it means that they are\ninvestigating the root cause.\n","tags":["Alarms"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"0d3c6f62-206a-4745-afe5-6112dfe2d4b2","uri":"kylo:kylo:audit:alarms:0d3c6f62-206a-4745-afe5-6112dfe2d4b2","account":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system","devAccount":"kylo:kylo:admin:accounts:kylo","createdAt":"2019-08-23T19:15:27.484578Z","acknowledgedAt":"2019-08-23T19:35:52.985088185Z","acknowledgedBy":{"username":"admin","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4"},"name":"Weak RSA Key","triggeredAt":"2019-08-23T19:15:27.484553Z","state":"off","description":"Size must be >= 2048","severity":"critical","service":"kylo","source":"tmeyers-ubuntu","details":{"id":"e2df5244-1be2-49cd-be4b-b42b6a20ed44","uri":"kylo:kylo:audit:records:e2df5244-1be2-49cd-be4b-b42b6a20ed44","source":"tmeyers-ubuntu","account":"kylo:kylo:admin:accounts:kylo","details":{"domain":"","user_id":"local|2162e9b2-90c1-4a13-95ad-68a9dda726a4","username":"admin","client_id":"eb533cb3-3606-4365-ad01-dd261ae629af","connection":"local_account","grant_type":"password","refresh_token_id":"75c29b9c-18a0-424a-b639-eed150993e02"},"lineage":"","message":"Create Token","service":"kylo","success":true,"severity":"info","username":"","createdAt":"2019-08-23T19:15:27.474841Z","principal":{"acct":"kylo:kylo:admin:accounts:kylo"},"requestId":"e46a19c1-f3cd-40a6-849f-5b2e532fb8a7","devAccount":"kylo:kylo:admin:accounts:kylo","application":"system:system:admin:applications:system"},"source_type":"server_record"}}}}}},"/v1/configs/interfaces/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a string list of all the interface names.\n","tags":["Interfaces"],"parameters":[{"name":"interface_type","in":"query","required":false,"type":"string","description":"Filter by interface type."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"properties":{"interfaces":{"type":"array","items":{"type":"string"}}}},"examples":{"application/json":{"skip":0,"limit":10,"total":3,"resources":[{"id":"358be9d6-a5e9-4ccf-97d7-40bb14c5da9b","name":"kmip","mode":"tls-cert-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[],"kmip_enable_hard_delete":1,"auto_registration":true,"Registration_token":"876577896978787698"},"createdAt":"2018-07-05T20:22:10.292152Z","updatedAt":"2018-07-05T20:22:14.883529Z"},{"id":"38ab7856-c7f3-44d5-9e99-e2c29951427f","name":"nae","mode":"unauth-tls-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"createdAt":"2018-07-05T20:22:10.285426Z","updatedAt":"2018-07-05T20:22:14.880588Z"},{"id":"173af49e-8748-4245-95a9-80bf147e108c","name":"web","mode":"tls-cert-opt-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"createdAt":"2018-07-05T20:22:10.289546Z","updatedAt":"2018-07-05T20:22:16.98482Z"}]}}}}},"post":{"summary":"Add","description":"Adds a new interface.\n\nAn interface is an externally exposed service. This API basically opens\na new port in the system and starts a service to listen on that port.\n\nCurrently supported interface types are:\n- NAE - \"nae\"\n- KMIP- \"kmip\"\n- SNMP - \"snmp\"\n\nNAE by default listens to port 9000 and kmip by default listens to port 5696. This route offers the capability\nto make `nae` and `kmip` listen on additional ports on specific network interfaces\nand with different settings.\n","parameters":[{"name":"body","in":"body","required":true,"description":"The interface properties to be added\n","schema":{"title":"Add NAE Interface","required":["port"],"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"name":{"type":"string","description":"The name of the interface. Not valid for `interface_type` `nae`.\n"},"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n\n {\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n }\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local\nauthentication or the LDAP domain for LDAP authentication. This value\nis applied when the username does not embed the connection name (e.g.\n\"jdoe\" effectively becomes \"local_account|jdoe\"). This value only\napplies to NAE only and is ignored if set for web and KMIP\ninterfaces.\n"},"port":{"type":"integer","description":"The new interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can for example be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n\nExamples:\n\nPort `9002` on `ens3`:\n\n {\n \"network_interface\": \"ens3\",\n \"port\": 9002\n }\n\nPort `9002` on all ethernet adapters:\n\n {\n \"network_interface\": \"all\",\n \"port\": 9002\n }\n\nTo open the same port on other ethernet adapters it is possible to\nuse the same port on other ethernet adapter.\n\nDefaults to `all` if not specified.\n"},"interface_type":{"type":"string","description":"This parameter is used to identify the type of interface, what\nservice to run on the interface.\n\nCurrently supported:\n- `web`\n- `kmip`\n- `nae`\n- `snmp`\n\nDefaults to `nae` if not specified.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n- `tls_1_0`\n- `tls_1_1`\n- `tls_1_2`\n- `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}}}],"tags":["Interfaces"],"responses":{"200":{"description":"Successful interface addition.","schema":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"name":{"type":"string","description":"The name of the interface. Not valid for `interface_type` `nae`.\n"},"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n\n {\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n }\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local\nauthentication or the LDAP domain for LDAP authentication. This value\nis applied when the username does not embed the connection name (e.g.\n\"jdoe\" effectively becomes \"local_account|jdoe\"). This value only\napplies to NAE only and is ignored if set for web and KMIP\ninterfaces.\n"},"port":{"type":"integer","description":"The new interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can for example be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n\nExamples:\n\nPort `9002` on `ens3`:\n\n {\n \"network_interface\": \"ens3\",\n \"port\": 9002\n }\n\nPort `9002` on all ethernet adapters:\n\n {\n \"network_interface\": \"all\",\n \"port\": 9002\n }\n\nTo open the same port on other ethernet adapters it is possible to\nuse the same port on other ethernet adapter.\n\nDefaults to `all` if not specified.\n"},"interface_type":{"type":"string","description":"This parameter is used to identify the type of interface, what\nservice to run on the interface.\n\nCurrently supported:\n- `web`\n- `kmip`\n- `nae`\n- `snmp`\n\nDefaults to `nae` if not specified.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n- `tls_1_0`\n- `tls_1_1`\n- `tls_1_2`\n- `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"examples":{"application/json":{"id":"173af49e-8748-4245-95a9-80bf147e108c","name":"nae-9001","mode":"tls-cert-opt-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"port":9001,"network_interface":"all","createdAt":"2018-07-05T20:22:10.289546Z","updatedAt":"2018-07-05T20:22:16.98482Z","meta":{}}}}}}},"/v1/configs/interfaces/{interface}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the configuration details of the given interface.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","schema":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"},"configurable":{"type":"boolean","description":"TLS cipher suite configurable flag. This is a non-editable field.\nIf it is true, only then the corresponding cipher_suite can be enabled/disabled.\n"}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"examples":{"application/json":{"id":"173af49e-8748-4245-95a9-80bf147e108c","name":"web","mode":"tls-cert-opt-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"createdAt":"2018-07-05T20:22:10.289546Z","updatedAt":"2018-07-05T20:22:16.98482Z","meta":{},"tls_ciphers":[{"cipher_suite":"TLS_AES_256_GCM_SHA384","enabled":true,"configurable":false},{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","enabled":true,"configurable":false},{"cipher_suite":"TLS_AES_128_GCM_SHA256","enabled":true,"configurable":false},{"cipher_suite":"ECDHE-RSA-AES128-SHA256","enabled":true,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-GCM-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES128-GCM-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-GCM-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-GCM-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES128-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-SHA","enabled":false,"configurable":true}]}}}}},"patch":{"summary":"Update","description":"Change the properties of an interface.\n\nInterface types supporting port update are:\n- NAE - \"nae\"\n- KMIP- \"kmip\"\n- WEB - \"web\"\n\nIf you are changing the port of a default interface (web, nae, kmip),\nall CM services will be restarted in order to make that port change.\nPort change remains persistent even after restarting the system\nand will get replicated if the device is part of a cluster.\nIf CM is deployed in cluster mode, this will restart services on all the nodes\nand therefore port change should be a planned activity.\n","parameters":[{"name":"body","in":"body","required":true,"description":"The interface properties to be updated.\n","schema":{"title":"Update Interface","description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","required":["cipher_suite","enabled"],"properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"}}}},"network_interface":{"type":"string","description":"Defines what ethernet adapter the interface should listen to, use\n\"all\" for all.\n\nThe available ethernet adapters in the system can be retrieved from\nthe `GET /v1/system/network/interfaces` route.\n"},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}}}],"tags":["Interfaces"],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"Configuration is the set of editable options for how an interface operates.\n","type":"object","properties":{"mode":{"type":"string","description":"The interface mode can be one of the following: no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. Refer to the top level discussion of the Interface section for further details.\n"},"cert_user_field":{"type":"string","description":"Specifies how the user name is extracted from the client certificate. Allowed values are: CN, SN, E, E_ND, UID and OU. Refer to the top level discussion of the Interfaces section for more details.\n"},"auto_gen_ca_id":{"type":"string","description":"Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. Auto-generation of the server certificate can be disabled by setting `auto_gen_ca_id` to an empty string (\"\") to allow full control over the server certificate.\n"},"trusted_cas":{"type":"object","title":"Trusted CAs","properties":{"local":{"type":"array","description":"A list of Local CA IDs","items":{"type":"string"}},"external":{"type":"array","description":"A list of External CA IDs","items":{"type":"string"}}},"description":"Collection of local and external CA IDs to trust for client authentication. See section \"Certificate Authority\" for more details.\n\nExample:\n{\n \"local\": [\"kylo:kylo:naboo:localca:634c90f4-808d-11e8-8711-77b786d179d5\", \"kylo:kylo:naboo:localca:67e6e8f8-808d-11e8-981b-f30fc34129ae\"],\n \"external\": [\"kylo:kylo:naboo:external_ca:747b27d2-808d-11e8-b9ba-bf6d65974e66\"]\n}\n"},"default_connection":{"type":"string","description":"The default connection may be \"local_account\" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. \"jdoe\" effectively becomes \"local_account|jdoe\"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces.\n"},"port":{"type":"integer","description":"The interface will listen on the specified port.\nThe port number should not be negative, 0 or the one already in-use.\n"},"kmip_enable_hard_delete":{"type":"integer","description":"Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. By default, only key material is removed and meta-data is preserved with the updated key state. This setting applies only to KMIP interface. Should be set to 1 for enabling the feature or 0 for returning to default behavior.\n"},"auto_registration":{"type":"boolean","description":"Set auto registration to allow auto registration of kmip clients.\n"},"registration_token":{"type":"string","description":"Registration token in case auto registration is true.\n"},"minimum_tls_version":{"type":"string","description":"Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2).\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"maximum_tls_version":{"type":"string","description":"Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol.\n\nCurrently supported:\n - `tls_1_0`\n - `tls_1_1`\n - `tls_1_2`\n - `tls_1_3`\n"},"custom_uid_size":{"type":"integer","description":"This flag is used to define the custom uid size of managed object over the KMIP interface.\n"},"custom_uid_v2":{"type":"boolean","description":"This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used.\n"},"local_auto_gen_attributes":{"description":"Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used.\n","allOf":[{"type":"object","required":["cn"],"properties":{"cn":{"type":"string","description":"Common name"},"uid":{"type":"string","description":"User ID"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) IP addresses"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) Email addresses"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) DNS names"},"names":{"type":"array","items":{"type":"object","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"Accounting\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}}]},"meta":{"type":"object","title":"meta","description":"Meta information related to interface","properties":{"nae":{"type":"object","title":"nae","description":"Meta information related to NAE interface","properties":{"mask_system_groups":{"type":"boolean","description":"Flag for masking system groups in NAE requests"}}}}},"tls_ciphers":{"description":"TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake.\n","type":"array","items":{"type":"object","properties":{"cipher_suite":{"type":"string","description":"TLS cipher suite name."},"enabled":{"type":"boolean","description":"TLS cipher suite enabled flag.\nIf set to true, cipher suite will be available for TLS hanshake.\n"},"configurable":{"type":"boolean","description":"TLS cipher suite configurable flag. This is a non-editable field.\nIf it is true, only then the corresponding cipher_suite can be enabled/disabled.\n"}}}},"allow_unregistered":{"type":"boolean","description":"If true, this flag enables interfaces to allow unregistered clients.\nonly supported in NAE interface.\n"}}},"examples":{"application/json":{"id":"173af49e-8748-4245-95a9-80bf147e108c","name":"web","mode":"tls-cert-opt-pw-opt","cert_user_field":"CN","auto_gen_ca_id":"kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e","port":443,"trusted_cas":{"local":["kylo:kylo:naboo:localca:070dd793-6b89-4999-bd35-5ae6724f4d6e"],"external":[]},"createdAt":"2018-07-05T20:22:10.289546Z","updatedAt":"2018-07-05T20:22:16.98482Z","meta":{},"tls_ciphers":[{"cipher_suite":"TLS_AES_256_GCM_SHA384","enabled":true,"configurable":false},{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","enabled":true,"configurable":false},{"cipher_suite":"TLS_AES_128_GCM_SHA256","enabled":true,"configurable":false},{"cipher_suite":"ECDHE-RSA-AES128-SHA256","enabled":true,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-GCM-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES128-GCM-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-GCM-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-GCM-SHA256","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES128-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES256-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-SHA384","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-ECDSA-AES128-SHA","enabled":false,"configurable":true},{"cipher_suite":"ECDHE-RSA-AES256-SHA","enabled":false,"configurable":true}]}}}}},"delete":{"summary":"Delete","description":"Delete given interface.\n\nInterfaces with name `web`, `kmip` and `nae` cannot be deleted.\n","tags":["Interfaces"],"responses":{"204":{"description":"No Content | Successful deletion of interface."}}}},"/v1/configs/interfaces/{interface}/certificate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"get":{"summary":"Get Certificate","description":"Return the public portion of the certificate in PEM format.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}},"put":{"summary":"Put Certificate","description":"Replace the certificate for this interface","parameters":[{"name":"body","in":"body","required":true,"description":"The details of the certificate operation to be performed.\nFor certificate import you will need the properties certificate, format, and if encrypted, password.\nFor self-signed generation all you will need is generate.\nNote: the 'kmip' interface is currently not configurable. It uses the TLS certificate configured for the 'nae' interface.\n","schema":{"type":"object","title":"Put Certificate","required":["certificate","format"],"properties":{"certificate":{"type":"string","description":"The certificate and key data in PEM format or base64 encoded PKCS12 format. A chain chain of certs may be included - it must be in ascending order (server to root ca).\n"},"format":{"type":"string","description":"The format of the certificate data (PEM or PKCS12).\n"},"password":{"type":"string","description":"Password to the encrypted key.\n"},"generate":{"type":"boolean","description":"Create a new self-signed certificate.\n"}}}}],"tags":["Interfaces"],"responses":{"200":{"description":"Successful resource update.","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}}},"/v1/configs/interfaces/{interface}/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"Enable Interface","description":"This API starts and enables an interface to listen on its respective port.\n\nEnable/Disable is supported for NAE, KMIP, and SSH interfaces only.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"34452a40-d258-408c-96bd-eba6aa430920","name":"ssh","port":22,"enabled":true,"network_interface":"all","interface_type":"ssh","createdAt":"2020-06-24T04:41:42.715961Z","updatedAt":"2020-06-30T09:55:20.905103Z"}}}}}},"/v1/configs/interfaces/{interface}/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"Disable Interface","description":"This API stops and disables an interface.\n\nEnable/Disable is supported for NAE, KMIP, and SSH interfaces only.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"34452a40-d258-408c-96bd-eba6aa430920","name":"ssh","port":22,"enabled":false,"network_interface":"all","interface_type":"ssh","createdAt":"2020-06-24T04:41:42.715961Z","updatedAt":"2020-06-30T09:55:20.905103Z"}}}}}},"/v1/configs/interfaces/{interface}/restore-default-tls-ciphers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"Restores Interface TLS Ciphers","description":"This restore API sets TLS Ciphers of an interface to default.\n\nTLS Ciphers is supported for NAE, KMIP, and WEB interfaces only.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","examples":{"application/json":[{"cipher_suite":"TLS_AES_256_GCM_SHA384","enabled":true,"configurable":false},{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","enabled":true,"configurable":false},{"cipher_suite":"TLS_AES_128_GCM_SHA256","enabled":true,"configurable":false},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","enabled":true,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","enabled":true,"configurable":true},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","enabled":true,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","enabled":true,"configurable":true},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA256","enabled":false,"configurable":true},{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","enabled":false,"configurable":true},{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","enabled":false,"configurable":true}]}}}}},"/v1/configs/interfaces/{interface}/csr":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"get":{"summary":"Get CSR","description":"Return the CSR.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","schema":{"properties":{"csr":{"type":"string"}}},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\\nMIIEyDCCArACAQAwUjELMAkG...cf3MYX/xUQ==\\n-----END CERTIFICATE REQUEST-----\\n\n"}}}}},"post":{"summary":"CSR","description":"Generate CSR with the provided parameters, Without them, the system defaults are used.","parameters":[{"name":"body","in":"body","description":"CSR parameters","schema":{"type":"object","title":"CSR Request","required":["cn"],"properties":{"cn":{"type":"string","description":"Common Name"},"dns_names":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"email_addresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ip_addresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPS\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}},"example":{"cn":"CM","dns_names":["*.thalesgroup.com","*.thalesgroup.net"],"email_addresses":["contact@thalesgroup.com"],"ip_addresses":["1.1.1.1"],"names":[{"O":"Thales Group","OU":"RnD","C":"US","ST":"MD","L":"Belcamp"}]}}}],"tags":["Interfaces"],"responses":{"201":{"description":"Successful CSR creation.","schema":{"type":"object"},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHNMHUCAQAwEzERMA8GA1UEAxMIVGVzdCBDU1IwWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATndOIgsTp7m4bOuixxuAt2XQ3oZqp8th/woAo51z7RiAAGdm7IfB1w\n7uWr8o5PWKBatXIgvPp8hvRWHQPHCfcLoAAwCgYIKoZIzj0EAwIDSAAwRQIgVyvz\nhFGCKV460fNJC0vC48gI268B68Xr6osFoy9Ouw8CIQCWN1LtcyxPIvul3XF1Pj7l\navEeIqDBcfD6VHhbnpO2Ag==\n-----END CERTIFICATE REQUEST-----"}}}}}},"/v1/configs/syslogs/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all syslog connections. The results can be filtered,\nusing the query parameters.\n","tags":["Syslog Connections"],"parameters":[{"name":"transport","in":"query","required":false,"type":"string","description":"Filter by the transport of the syslog connection (`udp`, `tcp` or `tls`)"},{"name":"host","in":"query","required":false,"type":"string","description":"Filter by the hostname or IP address of the syslog connection"},{"name":"port","in":"query","required":false,"type":"integer","description":"Filter by the port of the syslog connection"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","account":"kylo:kylo:admin:accounts:kylo","host":"192.168.0.1","port":514,"transport":"udp","caCert":"","messageFormat":"plain_message","createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}]}}}}},"post":{"summary":"Add","description":"Add a syslog connection.\n","tags":["Syslog Connections"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Add Syslog Connection","required":["transport","host"],"properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection"},"port":{"type":"integer","description":"The port to use for the connection. Defaults to `514` for\n`udp`, `601` for `tcp` and `6514` for `tls`\n"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport\nmode\n"},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}},"example":{"transport":"udp","host":"192.168.0.1"}}}],"responses":{"201":{"description":"Successful syslog connection creation.","schema":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","transport":"tls","host":"192.168.0.1","port":514,"caCert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","messageFormat":"cef","createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}}}}},"/v1/configs/syslogs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns a single syslog connection.","tags":["Syslog Connections"],"responses":{"200":{"description":"OK","schema":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","transport":"udp","host":"192.168.0.1","port":514,"caCert":"","messageFormat":"cef","createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a syslog connection.","tags":["Syslog Connections"],"responses":{"204":{"description":"No Content | Successful deletion of syslog connection."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Change the properties of a syslog connection.\n","tags":["Syslog Connections"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Update Syslog Properties","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection"},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport\nmode\n"},"messageFormat":{"type":"string","description":"The log message format to send log messages."}},"example":{"transport":"udp","host":"192.168.0.1"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A syslog connection object","type":"object","properties":{"transport":{"type":"string","description":"`udp`, `tcp` or `tls`"},"host":{"type":"string","description":"The hostname or IP address of the syslog connection."},"port":{"type":"integer","description":"The port to use for the connection"},"caCert":{"type":"string","description":"The trusted CA cert in PEM format. Only used in TLS transport mode."},"messageFormat":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `plain_message`\n* `cef`\n* `leef`\n"}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","transport":"udp","host":"192.168.0.1","port":514,"caCert":"","messageFormat":"cef","createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/configs/log-forwarders/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all Log Forwarders.\n","tags":["Log Forwarders"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter by the name of the Log Forwarder"},{"name":"type","in":"query","required":false,"type":"string","description":"Filter by the type of the Log Forwarder"},{"name":"connection_id","in":"query","required":false,"type":"string","description":"Filter by the connection_id of the Log Forwarder"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","account":"kylo:kylo:admin:accounts:kylo","name":"Elastic Search Connection","type":"elasticsearch","connection_id":"49c6-8c4e-61f0f474c803-2ca211a1-a6fd","params":{"host":"127.0.0.1","port":9200,"indices":{"server_audit_records":"server_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}},"createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}]}}}}},"post":{"summary":"Add","description":"Add a Log Forwarder.\n","tags":["Log Forwarders"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Add Log Forwarders","required":["name","type","connection_id"],"properties":{"name":{"type":"string","description":"Unique name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder\n","enum":["elasticsearch","loki","syslog"]},"connection_id":{"type":"string","description":"connection id of log-forwarder connection (elasticsearch, loki, syslog)."},"elasticsearch_params":{"type":"object","description":"Optional attributes specifying extra configuration fields specific to Elasticsearch\n","properties":{"indices":{"type":"object","properties":{"activity_nae":{"type":"string","description":"Index to be used for entires coming from the NAE activity log. Logs will not be forwarded if index is not provided. Consult Elasticsearch documentation for allowed characters."},"activity_kmip":{"type":"string","description":"Index to be used for entries coming from the KMIP activity log. Logs will not be forwarded if index is not provided. Consult Elasticsearch documentation for allowed characters."},"server_audit_records":{"type":"string","description":"Index to be used for entries coming from server audit records. Logs will not be forwarded if index is not provided. Consult Elasticsearch documentation for allowed characters."},"client_audit_records":{"type":"string","description":"Index to be used for entries coming from client audit records. Client audit logs are forwarded only if this index is provided. Consult Elasticsearch documentation for allowed characters."}},"description":"Optional attributes specifying index field for different logs\n"}}},"loki_params":{"type":"object","description":"Optional attributes specifying extra configuration fields specific to Loki\n","properties":{"labels":{"type":"object","properties":{"activity_nae":{"type":"string","description":"Labels to be used for entries coming from the NAE activity log, for example \"jobs=activity_nae\". Logs will not be forwarded if label is not provided. Consult Loki documentation for allowed characters."},"activity_kmip":{"type":"string","description":"Labels to be used for entries coming from the KMIP activity log, for example \"jobs=activity_kmip\". Logs will not be forwarded if label is not provided. Consult Loki documentation for allowed characters."},"server_audit_records":{"type":"string","description":"Labels to be used for entries coming from server audit records, for example \"jobs=server_audit_records\". Logs will not be forwarded if label is not provided. Consult Loki documentation for allowed characters."},"client_audit_records":{"type":"string","description":"Labels to be used for entries coming from client audit records, for example \"jobs=client_audit_records\". Client audit logs are forwarded only if this label is provided. Consult Loki documentation for allowed characters."}},"description":"Optional attributes specifying labels for different logs\n"}}},"syslog_params":{"type":"object","description":"Attributes specifying configuration fields specific to Syslog\n","properties":{"forward_logs":{"type":"object","properties":{"activity_nae":{"type":"boolean","description":"When true, NAE Activity logs will be forwarded. You need to enable NAE Acitivity logs before forwarding them."},"activity_kmip":{"type":"boolean","description":"When true, KMIP Activity logs will be forwarded. You need to enable KMIP Acitivity logs before forwarding them."},"server_audit_records":{"type":"boolean","description":"When true, Server Audit Records will be forwarded."},"client_audit_records":{"type":"boolean","description":"When true, Client Audit Records will be forwarded."}},"description":"Attributes specifying which log-type to be forwarded to syslog\n"}}}},"example":{"name":"es_logs","type":"elasticsearch","connection_id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","elasticsearch_params":{"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}}}}}],"responses":{"201":{"description":"Successful Log Forwarder creation.","schema":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","name":"Elastic Search Connection","type":"elasticsearch","connection_id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","params":{"host":"127.0.0.1","port":9200,"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}},"createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}}}}},"/v1/configs/log-forwarders/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns a single Log Forwarder.","tags":["Log Forwarders"],"responses":{"200":{"description":"OK","schema":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","name":"Elastic Search Connection","type":"elasticsearch","connection_id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","params":{"host":"192.168.0.1","port":9200,"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}},"createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a Log Forwarder.","tags":["Log Forwarders"],"responses":{"204":{"description":"No Content | Successful deletion of Log Forwarder."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Change the properties of a Log Forwarder.\n","tags":["Log Forwarders"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Update Log Forwarders","properties":{"name":{"type":"string","description":"Unique name of the Log Forwarder."},"connection_id":{"type":"string","description":"connection id of log-forwarder connection (elasticsearch, loki, syslog)."},"elasticsearch_params":{"type":"object","description":"Optional attributes specifying extra configuration fields specific to Elasticsearch\n","properties":{"indices":{"type":"object","properties":{"activity_nae":{"type":"string","description":"Index to be used for entires coming from the NAE activity log. Consult Elasticsearch documentation for allowed characters."},"activity_kmip":{"type":"string","description":"Index to be used for entries coming from the KMIP activity log. Consult Elasticsearch documentation for allowed characters."},"server_audit_records":{"type":"string","description":"Index to be used for entries coming from server audit records. Consult Elasticsearch documentation for allowed characters."},"client_audit_records":{"type":"string","description":"Index to be used for entries coming from client audit records. Consult Elasticsearch documentation for allowed characters."}},"description":"Optional attributes specifying index field for different logs\n"}}},"loki_params":{"type":"object","description":"Optional attributes specifying extra configuration fields specific to Loki\n","properties":{"labels":{"type":"object","properties":{"activity_nae":{"type":"string","description":"Labels to be used for entries coming from the NAE activity log, for example \"jobs=activity_nae\". Consult Loki documentation for allowed characters."},"activity_kmip":{"type":"string","description":"Labels to be used for entries coming from the KMIP activity log, for example \"jobs=activity_kmip\". Consult Loki documentation for allowed characters."},"server_audit_records":{"type":"string","description":"Labels to be used for entries coming from server audit records, for example \"jobs=server_audit_records\". Consult Loki documentation for allowed characters."},"client_audit_records":{"type":"string","description":"Labels to be used for entries coming from client audit records, for example \"jobs=client_audit_records\". Consult Loki documentation for allowed characters."}},"description":"Optional attributes specifying labels for different logs\n"}}},"syslog_params":{"type":"object","description":"Attributes specifying configuration fields specific to Syslog\n","properties":{"forward_logs":{"type":"object","properties":{"activity_nae":{"type":"boolean","description":"When true, NAE Activity logs will be forwarded. You need to enable NAE Acitivity logs before forwarding them."},"activity_kmip":{"type":"boolean","description":"When true, KMIP Activity logs will be forwarded. You need to enable KMIP Acitivity logs before forwarding them."},"server_audit_records":{"type":"boolean","description":"When true, Server Audit Records will be forwarded."},"client_audit_records":{"type":"boolean","description":"When true, Client Audit Records will be forwarded."}},"description":"Attributes specifying which log-type to be forwarded to syslog\n"}}}},"example":{"name":"es_update","connection_id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","elasticsearch_params":{"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A Log Forwarder resource","type":"object","properties":{"name":{"type":"string","description":"Name of the Log Forwarder."},"type":{"type":"string","description":"Type of the Log Forwarder.","enum":["elasticsearch","loki","syslog"]},"elasticsearch_params":{"type":"object","description":"The optional configuration fields for elasticsearch."},"loki_params":{"type":"object","description":"The optional configuration fields for loki."},"syslog_params":{"type":"object","description":"The optional configuration fields for syslog."}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","account":"kylo:kylo:admin:accounts:kylo","name":"es_update","type":"elasticsearch","connection_id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","params":{"host":"192.168.0.1","port":9200,"indices":{"server_audit_records":"server_audit_records","client_audit_records":"client_audit_records","activity_nae":"activity_nae","activity_kmip":"activity_kmip"}},"createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/configs/properties":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the user configurable system properties.","tags":["Properties"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"ENABLE_RECORDS_DB_STORE","value":"true","description":"Store audit records in database. Disabling also deletes the audit records. Values: true or false"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/configs/properties/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"Name of the system property.","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of the specified system property.\n","tags":["Properties"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]},"examples":{"application/json":{"name":"ENABLE_RECORDS_DB_STORE","value":"true","description":"Store audit records in database. Values: true or false"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the system property with the specified value.\n","tags":["Properties"],"parameters":[{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"type":"object","title":"Property","required":["value"],"properties":{"value":{"type":"string","description":"Value to be set."}}}}],"responses":{"202":{"description":"Accepted"},"404":{"description":"Resource not found."}}}},"/v1/configs/properties/{name}/reset":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"Name of the system property.","required":true,"type":"string"}],"post":{"summary":"Reset","description":"Resets the specified system property to its default value.\n","tags":["Properties"],"responses":{"202":{"description":"Accepted"},"404":{"description":"Resource not found"}}}},"/v1/dns-hosts":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"This route is for creating a host entries in DNS service to enable other services resolve\nthe domain names to IP.\n","tags":["DNS Hosts"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the domain name and IP of the host.\n","schema":{"type":"object","title":"Create DNS host record","properties":{"name":{"type":"string","description":"Host Domain name.\n"},"ip":{"type":"string","description":"Host IP.\n"}},"example":{"name":"sample_domain1.com","ip":"172.85.86.12"}}}],"responses":{"201":{"description":"Successful host DNS record creation.","schema":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Host Domain name."},"ip":{"type":"string","description":"Host IP."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was last updated"}}}]},"examples":{"application/json":{"success":"Host's DNS record created successfully"}}},"401":{"description":"Creation failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"get":{"summary":"List","description":"Returns the host's DNS entries.","tags":["DNS Hosts"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result by host name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"sample_domain1.com","ip":"172.85.86.12","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2020-07-01T23:00:10.072423Z","updatedAt":"2020-07-01T23:00:10.072423Z"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/dns-hosts/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the host","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the host details.\n","tags":["DNS Hosts"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Host Domain name."},"ip":{"type":"string","description":"Host IP."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was last updated"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"sample_domain1.com","ip":"172.85.86.12","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2020-07-01T23:00:10.072423Z","updatedAt":"2020-07-01T23:00:10.072423Z"}}}}},"patch":{"summary":"Update","description":"Change the host's ip mapping\n","tags":["DNS Hosts"],"parameters":[{"name":"body","in":"body","description":"TO-DO\n","schema":{"type":"object","title":"Update Host","required":["ip"],"properties":{"ip":{"type":"string","description":"Host IP.\n"}},"example":{"ip":"172.85.86.12"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Host Domain name."},"ip":{"type":"string","description":"Host IP."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the host was last updated"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"sample_domain1.com","ip":"172.85.86.12","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2020-07-01T23:00:10.072423Z","updatedAt":"2016-07-01T23:00:10.072423Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Delete given host's DNS record.\n","tags":["DNS Hosts"],"responses":{"204":{"description":"No Content | Successful deletion of host's DNS record."}}}},"/v1/configs/proxy":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"put":{"summary":"Set proxy","description":"Set proxy settings and certificate to trust in System","tags":["Proxy"],"parameters":[{"in":"body","name":"proxy","description":"The proxy to add and a corresponding SSL certificate to trust.","schema":{"allOf":[{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]},"examples":{"application/json":{"HTTP_PROXY":"username:xxxx@my.proxy.server:8080","HTTPS_PROXY":"username:xxxx@my.proxy.server:8081","NO_PROXY":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}}}},"patch":{"summary":"Update proxy","description":"Update proxy settings and certificate to trust in System","tags":["Proxy"],"parameters":[{"in":"body","name":"proxy","description":"Update proxy configurations.","schema":{"allOf":[{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]},"examples":{"application/json":{"HTTP_PROXY":"username:xxxx@my.proxy.server:8080","HTTPS_PROXY":"username:xxxx@my.proxy.server:8081","NO_PROXY":["localhost"]}}},"400":{"description":"Bad Request | Invalid parameter values"}}},"get":{"summary":"Get","description":"Returns the proxy settings","tags":["Proxy"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"http_proxy":{"type":"string","description":"HTTP proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"https_proxy":{"type":"string","items":{"type":"string"},"description":"HTTPS proxy URL for proxy configurations. If the proxy server's password contains any special character replace it with encoded values."},"no_proxy":{"type":"array","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."}},"example":{"http_proxy":"username:password@my.proxy.server:8080","https_proxy":"username:password@my.proxy.server:8081","no_proxy":["localhost","127.0.0.1"],"certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]}}}},"delete":{"summary":"Delete","description":"Delete all the proxy settings.","tags":["Proxy"],"responses":{"204":{"description":"No Content | Proxy is deleted successfully."}}}},"/v1/configs/proxy/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test proxy","description":"Test proxy settings and certificate before adding it to the System","tags":["Proxy"],"parameters":[{"in":"body","name":"proxy","description":"The proxy to test and a corresponding SSL certificate before adding it to the trusted list.","schema":{"allOf":[{"properties":{"http_proxy":{"type":"string"},"https_proxy":{"type":"string","items":{"type":"string"}},"certificate":{"type":"string","description":"CA certificate to trust for proxy."},"test_url":{"type":"string","description":"HTTPS URL to test with given proxy. By default it is https://www.thalesdocs.com."}},"example":{"https_proxy":"username:password@my.proxy.server:8081","test_url":"https://www.thalesdocs.com/","certificate":"-----BEGIN CERTIFICATE-----MIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ-----END CERTIFICATE-----"}}]}}],"responses":{"200":{"description":"Successful proxy connection test.","schema":{"properties":{"connection_ok":{"type":"boolean"},"connection_error":{"type":"string"}}},"examples":{"application/json":{"connection_ok":true}}},"400":{"description":"Bad Request | Invalid parameter values"}}}},"/v1/configs/loki":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Get the loki configuration parameters.","tags":["Loki Configuration"],"responses":{"200":{"description":"OK","schema":{"description":"Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using the Go library’s time.Duration, such as 24h, in multiple of 24h.\nExample: 240h\n"}}},"examples":{"application/json":{"retention_time":"240h"}}}}},"patch":{"summary":"Update","description":"Modify the Loki configuration parameters.","parameters":[{"name":"body","in":"body","required":true,"description":"The Loki configuration to be updated.","schema":{"title":"Update Loki Configuration","description":"Update Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using Go’s time.Duration, such as 24h, in multiple of 24h.\nExample: 240h\n"}}}}],"tags":["Loki Configuration"],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"Loki configuration parameters","type":"object","properties":{"retention_time":{"type":"string","description":"The duration for which Loki logs are retained.\nThe retention period is a duration represented as a string that can be parsed using the Go library’s time.Duration, such as 24h, in multiple of 24h.\nExample: 240h\n"}}},"examples":{"application/json":{"retention_time":"480h"}}}}}},"/v1/configs/interfaces/{interface}/auto-gen-server-cert":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"AutoGen Server Certificate","description":"Update the interface with new auto generated server certificate using the CA present in the Automatic server Certificate Generation field and autogen CSR parameters.\n","tags":["Interfaces"],"responses":{"200":{"description":"OK","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}}},"/v1/configs/interfaces/{interface}/use-certificate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","description":"The name of the interface.\n","required":true,"type":"string"}],"post":{"summary":"Copy Interface Certificate.","description":"Copies the server certificate from the interface provided in the parameter.\n","tags":["Interfaces"],"parameters":[{"name":"body","in":"body","description":"Source interface name","schema":{"type":"object","title":"Copy request","required":["copy_from"],"properties":{"copy_from":{"type":"string","description":"Source interface name"}}}}],"responses":{"200":{"description":"OK","schema":{"properties":{"certificates":{"type":"string"}}},"examples":{"application/json":{"certificates":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n"}}}}}},"/v1/logs/download/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Logs Download","x-interactive":false,"description":"This API returns a gzipped tarball (tar.gz) containing the log file(s), certificate and digital signature.\nThe ca_id(optional parameter) and include_logs(optional parameter) can be passed using the query parameters.\nIf CA ID is not provided, the default local CA i.e. KeySecure Root CA, signs the log file.\n\nValid values for include_logs are system, activity and all.\n\"system\" includes the current system logs, \"activity\" includes the current NAE, KMIP and Web activity logs,\nand \"all\" flag includes both the current and the rotated logs in the CipherTrust Manager.\n\nMultiple values can be mentioned, separated by commas. Default value is \"system, activity\"\n","tags":["Logs","deprecated"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"},{"name":"include_logs","in":"query","required":false,"type":"string","description":"Example\n1. \"system, all\" downloads all the system logs.\n2. \"activity\" only downloads the current activity logs.\n3. \"system, activity\" downloads current system and activity logs.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/nae-activity-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download NAE Activity Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing NAE activity log files, certificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/kmip-activity-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download KMIP Activity Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing KMIP activity log files, certificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/web-activity-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Web Activity Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing web activity log files, certificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/debug-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Debug Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing debug log files, certificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/download/all-logs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download All Logs","x-interactive":false,"description":"This API returns a gzipped tar file containing log files including debug and activity (NAE, KMIP and web),\ncertificate and digital signature.\n","tags":["Logs"],"produces":["application/gzip"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Use the provided CA to issue certificate and sign log file"}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/logs/level/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get Log Level","x-interactive":false,"description":"This API allow users to get log level for `kmip` and `nae` service.\n","tags":["Logs"],"produces":["application/json"],"parameters":[{"name":"service","in":"query","required":true,"type":"string","description":"Service Name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"service":{"type":"string","description":"Service Name.","enum":["kmip","nae"]},"level":{"type":"string","description":"Log level string.","enum":["ERR","INF","DBG"]}}},"examples":{"service":"kmip","level":"INF"}},"401":{"description":"Unauthorized.","schema":{"type":"string"}}}},"post":{"summary":"Set Log Level","x-interactive":false,"description":"This API allow users to set log level for `kmip` and `nae` service.\n","tags":["Logs"],"consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"ServiceLogLevel","in":"body","required":true,"description":"Service log level object","schema":{"type":"object","properties":{"service":{"type":"string","description":"Service Name.","enum":["kmip","nae"]},"level":{"type":"string","description":"Log level string.","enum":["ERR","INF","DBG"]}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"service":{"type":"string","description":"Service Name.","enum":["kmip","nae"]},"level":{"type":"string","description":"Log level string.","enum":["ERR","INF","DBG"]}}},"examples":{"service":"kmip","level":"INF"}},"401":{"description":"Not Authenticated.","schema":{"type":"string"}},"403":{"description":"Access Forbidden","schema":{"type":"string"}},"422":{"description":"Invalid Parameter","schema":{"type":"string"}}}}},"/v1/kmip/kmip-profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the kmip client profiles.","tags":["KMIP/Client-Management"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","collectionFormat":"multi","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"profile1","properties":{"cert_user_field":"","csr":"","csr_cn":"","csr_org_name":"","csr_org_unit":"","csr_email":"","csr_city":"","csr_state":"","csr_country":"","csr_uid":""},"device_credential":{"device_id":"","machine_id":"","media_id":"","network_id":"","serial_no":""}}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"This route will create KMIP client profile.\n","tags":["KMIP/Client-Management"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","title":"Create Client Profile","required":["name","properties"],"properties":{"name":{"type":"string","description":"Client Profile name.\n"},"properties":{"type":"object","description":"Properties object will contains all profle properties, if CSR is given then no need to provide other csr params.\n cert_user_field [Specifies how the user name is extracted from the client certificate for kmip app client ]\n csr [CSR for client certificate for kmip app client ]\n csr_cn [CSR common name parameter for client certificate for kmip app client]\n csr_org_name [CSR organization name parameter for client certificate for kmip app client]\n csr_org_unit [CSR organizational unit parameter for client certificate for kmip app client]\n csr_email [CSR email address parameter for client certificate for kmip app client]\n csr_city [CSR city name parameter for client certificate for kmip app client]\n csr_state [CSR state name parameter for client certificate ]\n csr_country [CSR country name parameter for client certificate]\n csr_uid [CSR UID parameter for client certificate].\n Fields like csr_org_name, csr_org_unit, csr_email, csr_city, csr_state and csr_country can have multiple values if specified in\n array. Example :- { \"csr_org_unit\" : [\"val1\",\"val2\",\"val3\"],\"csr_state\" : \"State\" }\n"},"device_credential":{"type":"object","description":"Device credential object will contains all device credentials related properties, please provide if the credential type is device.\n serial_no [Serial number of the device ]\n password [Password or shared secret of device]\n device_id [Device identifier]\n network_id [Network identifier]\n machine_id [Machine identifier]\n media_id [Media identifier]\n"},"do_not_modify_subject_dn":{"type":"boolean","description":"Flag to specify if the subject distinguished name (Subject DN) in the presented CSR is allowed to be modified or not.\nIf this is flag is set to true, then the subject distinguished name must be unique across all the CipherTrust Manager clients,\notherwise the client registration will not be allowed.\nThis flag is only applied when CSR is provided in the properties.\n"},"subject_dn_field_to_modify":{"type":"string","description":"This field is used in making the subject distinguished name (Subject DN) unique. This is required when the Subject DN from client's CSR is not unique in itself.\nAdmins should choose one of the following fields for this purpose. If none is chosen, by default UID is used to modify the Subject DN.\nIf the admin does not want the Subject DN to be modified, set the do_not_modify_subject_dn flag to true.\nIf one of these fields (except OU) is chosen, the original field values would be overridden by CipherTrust Manager .\nIf OU is chosen, the OU would be appended in the Subject DN with other attributes.\n","enum":["UID ('userid')","CN ('commonName')","SN ('serialNumber')","DNQ ('dnQualifier')","OU ('organizationalUnit')"]}},"example":{"name":"profile1","properties":{"cert_user_field":"","csr":"","csr_cn":"","csr_org_name":"","csr_org_unit":"","csr_email":"","csr_city":"","csr_state":"","csr_country":"","csr_uid":""},"device_credential":{"serial_no":"","password":"","device_id":"","network_id":"","machine_id":"","media_id":""}}}}],"responses":{"201":{"description":"Successful client profile creation.","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles. Properties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"success":"profile created successfully"}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/kmip/kmip-profiles/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the client profile","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return kmip client profile with given name.\n","tags":["KMIP/Client-Management"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles. Properties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"profile1","properties":{"csr":"","csr_org_name":"Thales","csr_city":"Noida","csr_state":"UP","csr_country":"IN"},"device_credential":{"serial_no":"12345678","device_id":"dev-123","network_id":"Net-123","machine_id":"Machine-KS-1","media_id":"Media123"}}}}}},"delete":{"summary":"Delete","description":"Delete given kmip client profile.\n","tags":["KMIP/Client-Management"],"responses":{"204":{"description":"No Content | Successful deletion of kmip client profile."}}}},"/v1/kmip/kmip-clients":{"post":{"summary":"Register KMIP client","description":"This route is for registering a kmip client.\n","tags":["KMIP/Client-Management"],"parameters":[{"name":"body","in":"body","required":true,"description":"To register a kmip client. The name of the client and registration token to register the client is provided in body.\n","schema":{"type":"object","title":"Register KMIP client","required":["name","reg_token"],"properties":{"name":{"type":"string","description":"Client Name.\n"},"reg_token":{"type":"string","description":"Registration token mapped with Kmip Profile.\n"},"ext_cert":{"type":"string","description":"Client certificate signed by an external CA used in registering a KMIP client.\n"}},"example":{"name":"kmip1","reg_token":"ADW3CDSDCX==","ext_cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3u9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}}],"responses":{"201":{"description":"Successful client registration.","examples":{"client_id":"7f8243dc-fa0d-4857-a382-fe70e0744fbc","key":"-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEA73clYaBS0gkqhk2CnNgGstCA8rFoqCfjYmz2nF4gAShO8N88\naTZsqA477saygoIi2FGfr/h+R3mVPBHe0ErdjZez1MiQFD6CnPIAzVsiVN9d3zFV\noeCy81LnyVpjUVOoz6OVUh8CWkomduhiQZzyfpoK32SBYO3nqU1zQB9UGPRMPyfn\nBObu4nLUa5+LAK5htpW4Swdluk2HcYnW29elHHKnsjN0Jz7bjhy9q3YvnFmIMhXg\nF6g4beB911D1a6pZj7pNUB1k0trslUxb7eqh+JvW4fIIc3DQF5z8gwDjyqDsk2dL\nAMHoVdJ5ivueoWE5FY5pCLsNPsXol1jdxde40wIDAQABAoIBAQCDTJLkiqGepIP6\ni7lYAmL53LU3XOsDeIuGxjQZ3MozmERgciaPkdXV96gI7k2mnXA5p9elBt1Gl3Wq\nMCo5jzMXldx2iVnmn7fCEjc6YgPbAXZZEJXhYnD8VbLdhn/6caKX5xvSoUoK86lP\nfW+Shlm37QKVJmiCGy/wdpUAzayw2QL8mpY+AyHsvU4QmvezHicGWgEV6KuBMWfp\nkSKtekNC5dbdz31H3LhkWvPMFzwNTjCZ/hENzG+NBK+UixuMqWSgOb/y3dZokiFt\n6CslCfYkNzQzMFS9Al6LeFvPTzJRT8AHDVmBB1PhSnLKuWNxhLRHqMVw8rCKjXhF\nIZjsD7FhAoGBAPxZONKykRlFKLQp4+OmkoaICDnOrfaxHeUbBnuctfEF2tI07WPi\nWgInDHfcc8nayGKl/R22yTsgNr56Urnv+atL3ypgrGag6PbP52D73JYttQw3fde1\n+Oxwwj1nZL+1XTgZ9ziCLVsUxJ9OklnKMKM8PSqRR6A4aT/3NtnrB987AoGBAPLu\nM3N/DRGO4C8Pum0aqXguRlA41AQz6Q3gpLIg7sZNufI3bP8av1E5N5GLnyDVQafj\nyl8nZZkkMt6LS5mm8QC5Ew9ajDZjPZca1JR9x868tv/wBlYPrGIiri7NkIf9JDwv\nIxlGIvxqUKJGPcR8K5mQq/vfMTBgAy/+qEbd/CNJAoGAHAcQ354DranXxoLsk8lZ\nduW+/CSvf7nWVy70PmB+eMGstzI3t6NZWenaYamzlpTdMs+62EUH/rAqRGezroEv\n2s23gK5yF4gBuAAJc+Ulb+ytsiirqnzEpAY2HLnSH9TWALgplDYpMXeSCxuf96cU\nVd0H8iVmri31yqv7hKKtIicCgYBAy1fdzl1l+X3CD6fhweLBs1X9v6qNFGts0CYd\nfLszGTgnarEfubqdp20y3NKspzTD2vX3O0LV/dmzkeOwL97IGpUC21vahc2/p+Bb\nWtEYSy1kRljqS3PnGOjsgtex7crkYo4yB4r9WD35ilKfPZ9Dblrw6y7rgDBZdMrd\nXAgMQQKBgB3R01iyHeaphD37L9/LDjVCtpzLMuendTQnKgIM+CpH4pw2k6Doi9/I\ni8YK7LGmnIxR9TPmsKICv8lUmBkq2mOztMfLadJDxnSJ1ckMtN3ba5RzfIyc3Y7E\nybSRpjvFa6uDYTJotcC/H3jft+3CQnN1viX5wlrAgcGf16O1vtU5\n-----END RSA PRIVATE KEY-----\n","signed_csr":"","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n","cert":"-----BEGIN CERTIFICATE-----\nMIIEKzCCAhOgAwIBAgIQcftu9vMScnHheHSZPK7cdTANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTE5\nMTIwOTA4Mzk1MFoXDTIxMTIwODA4Mzk1MFowEjEQMA4GA1UEAxMHa21pcDEyMjCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQ\ngPKxaKgn42Js9pxeIAEoTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2X\ns9TIkBQ+gpzyAM1bIlTfXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6a\nCt9kgWDt56lNc0AfVBj0TD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxy\np7IzdCc+244cvat2L5xZiDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib\n1uHyCHNw0Bec/IMA48qg7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMC\nAwEAAaM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwG\nA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAH1PMnNJkS6yHTKqSIgv99QR\npd0l+3e2HfsslgWgQ12u4fpsNO6HqgTRj5U5pVj9naFxIZpj04hTgSPbvV1Bq867\nmwpeMpm9bZnmunD0osmuoaDvrJ3BUr/gsmtUc+jP6jc6Sxtu00W6HzCuxV/aX3sK\nc6ls2DlWXzxq1aKst0k9AL4Bq4N5J5dp3rc/U8ptv3mXzQ86PqDu7wAn/qjnJ8Og\nSSgxLUrF6Cr8Qd1Mb1jLWfX4RwIjM6ND931GPzGjvRQ0d7+Cubveso5RduwsTozr\nnQngyjANySrXl687Sj22VFdzrAJqy4QC3FAfDsBZirBNOOHfoY03JcXKG+xnyxeq\nbiBYg7NQVqlV8Fn4IvLVf7q6C6fP4+fFOltpW52oUkVb9Ae22u2IhtYoUivaNxzC\nASkY+GJhNIRXxJSM3x1JJzbKcHTR+yGezgNXCXm+AW3YV6vApHihLWr5NB9fiAhS\nvuW+G30/piUiJK3HRTswVkAuXhhSsw7d3Gu9thOjU63YqxtZENvEVViCbP0iM6J5\n3vPOua4lCoysm9CzkBx2gWoNBBbFcqx6T5sPhLM8H08fMfgtdjwmmRxxaV3cR89E\ndJ7v04Tf75RcmcEGyLljYNdo9OHDBC2FTpWFfLDBtM6zSFSdnJsyajXJ4OC2RsM+\n84e6K77ZD0fJK1J2TUwm\n-----END CERTIFICATE-----\n","client_ca":"-----BEGIN CERTIFICATE-----\nMIIFljCCA36gAwIBAgIRAMkiVccUDK7+Pu/tCdz5+8cwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x\nOTEyMDkwNjM4MTFaFw0yMjAzMTMwNjM4MTFaMFwxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEcMBoG\nA1UEAxMTd2ViLmtleXNlY3VyZS5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBANalknhw0iXRsovQovxedMry7yJevMEEIfb7yGyHuwOKx76ISJ1H\ngJ8QKtICeRwOcegDkRhoAJDn1tgoKGTwP0iqccxSW9JbzJFuOGS6nC0YfeRxidKM\nxbGs5j8Vs1h3gHhzyZs0tu9OZBgWldJpT3qKDMvExybpo7rhjNW/4hen/8p75UB+\n+fDPz6znHb3ugmprFSDXU0v1euSZIC0omipaEmv4uXvNMCqGOEded4Iyjnq036L/\nfEYWiPhKPUyIU4TWuALU6DSuJVuc7f1LTVepnxZ2QGJChN7tUAVrb6L+TmaIlagJ\nG4Vi458lFeR0Cj0gVOuN9xZyAtHezipkutHJTN3erPPQrZChgRQPyavohCxl8goP\n4b/683lq/d+yzsQqJumcRYm9RAumT+MxnIc6puwXhDE3wUF8pQPHUWsY+hfpVkWv\nXFvaGpk1bSfxYC8b4QsbtjBn1UZGXAXd0wqecUI4iFZh084FkIRA9ll3A0GuFI88\nZycs/xoUGZ4qzvGTFi1So+x+kuOvWsuPhJzPN5WyMN+NEDi1ZdYXGrc3BdKgd1EG\n3uuTzjqbXjCzJgXgB78tfRpRogflj+qQpyqg4gBiRrkNBg8zw25OvsGtzkIYvS6I\nHbEX+3nmoLTb03QjEnfVOf9jg3SMoQd+rVpRYxhcU3m9yoCYgHQuLrghAgMBAAGj\nVTBTMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMB\nAf8EAjAAMB4GA1UdEQQXMBWBE3N1cHBvcnRAZ2VtYWx0by5jb20wDQYJKoZIhvcN\nAQELBQADggIBAHfCScI6bmrGGAEZk++opmTS8UfuW52E7UfUngB03AjQiDIE4632\n1GcBAFrpj6chbVaJcSTsdQoifj87yC5RbA73fUI/z2P2ruhb0YSvTDOkaoV23rYY\nkJczejm25RPNcsX28wYcv93yjF2rGQC6JVX6NgDyApv6fZjwLJnuGj6Hst/dBefX\ngm2BY62QU0w/d4RitZ1tBr8275JBNAIiRf33tNZ2mNnndmnEBYa56qfIE1ZUyM1m\noNA7HdCmjJ8aAgcvWYVcyrgnf98zuw9F2pEtO6SmHHb3NdK6VdPXp24AB7LlnMHD\nbL7Scj2YxSL6SKbOtEXpIsmTwkOp1bh+YkoxAIMItdOiTNXMG5GMeEwPuXxGK0Gh\npFhiBw4BKkO6luhOWLL49SA2EF1tbJ6+/T1wC49DcvHSq4QZT0n7srlUr3Dj64mz\nV9ZOIEtcpKTEG3frO7JaDX3oyf1TlOq4N8/G1sN+fF7BfoN3dX2ycJfuKyBULz8+\nd5WPUsl0EAP4gx5PwLblXcMtggApB1p6kHZNBlqg7zexU5yM48q1CZqkaLWLhJx9\nDdK7Ztdl6Y+EzZSCxGTF2d4HZjr4prC2IcueMTVm7R2YHkPwQjA0msNwjdVNGqig\nyLA9moWPCUljjp2d6qO+OXBLvGRmEBrVuZDLzBtARQ+eO1c4ixEEQ56x\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFgjCCA2qgAwIBAgIRAKgmQDuBuDdWmvBhHf0fNYAwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x\nOTEyMDkwNjM4MDhaFw0yOTEyMDYwNjM4MDhaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDkoXr6EPADnKF1C4tM4kHePFIzIFWeEI10MdUuKMyhgJYTofDSL4uG\n3uYWPmLkQcAuokcUC2MLGDcJU6zyFfv4DhA6VL9/Hef2P//Oj0BOvG71QV4g9lkT\nKlTfx6981JhE3ioXZNRkuLsLnTTENm7K1taKCqxv9HOgrCgHSDwC3bE9gBGuXokG\njt0S4cLdD/PkkrZyXQCbKZUi5XLK9F5Re9kB485t58zL/GdyDkgXFgldl3QsJIYw\nZIr7ekjxyURLQgeTDW8OPDsyqlD1vErSnDoxmOfuUW61bdS02SnVWm1ETCHvgylt\n5sEv+ITbkb0Xykm2WL6M09InjaDhXc4eSpwTZxDpYoKmQEu8O8JdXByOrWuGFjvN\nNiv8xeC2Ti4Bewab46tFB6tzHGK8MaGlti4kSCuU7TwhC8Rwm9HeJBkmqfWGGreR\n7O23dku8q7PnLNV7XPzVPn/K7FQPjs3fGTwwDF+FoXUhNVd5whyaKEinDPirjEGj\nFnhe11vfmv5ZKswxPLIwTkG5lvyUUNkuLSzflsbb+OIESqQjWOlweGJlrsPbNGjg\n7zYMAkB39I5lOggmnWbb2Feo4GAFEUksoFz5k8GR/15njIS01musIYTOEAQdPJ3Z\nrwsOuQTEJv9bpb93PLhwoq8IibrekqGOWvn5dGyvNjEr/EYQ3NtPBwIDAQABo0Mw\nQTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAeBgNVHREEFzAVgRNz\ndXBwb3J0QGdlbWFsdG8uY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBNQlJXZ5tR/Gpe\neNPiSn+QribNITfa8cuDhwU9y86R7wYnBvQDzvFilxP7lsuQRqb2/TkhdumPehwH\nRAn34RC7elNQXWo8xYmHH5SWH6/wPPNrK8SOM+CbnULZp+/Xml8qpMmAZG0xe8r7\nL08YizdJORGm8s8AJmVc8Wu0WihnBptlVEZv/nvUnpXGzAOK7QwmaZFdRTeNAxzR\nxf8ePW+fRfUVz9+nfDbATWidgxquHi/AT7SWaRMV7d+50VGthwvC+x7gce6qGWA1\nbdXha9zgVVOa/YgWCKylZhQIKVw7qnnqbOBArlnYocrFOFnPMfNLTkP4hGVxyCn5\nSDjuNOiD5peR/D3IFXg0hZ5tSECz3BfSLffOI8zECjnmwztLULa8eQhvhd/jubjg\nt3DgKnYq7VLw/KNbhmV/8rzV84hY1/vkj9LVUiGUqubbFe4LBtMuuHrdUZkBkccn\njbVMl3m1iPk1DisSP4C5TEJbsrH0YA8T7uL92RFL4HdT5Hkvcnf4BGo3PaSPGMfl\nCXPPVNn9W1MIP30gzFxXZys/lVTnFG/Lx9p1ytb5h3VZ+iEmsHHekyiSeS5BCitc\n0aB4cUtqwsIi1gAaliAeWhJzrnFN5+PDjM5SvqUFbFExiXHtBpCbq9RDd8pMdITK\niv2Bw42YgC0Jl+vmH1zMg+jZFP/CIA==\n-----END CERTIFICATE-----\n"}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"get":{"summary":"List","description":"Returns the kmip registered clients.","tags":["KMIP/Client-Management"],"parameters":[{"name":"name","in":"query","description":"Name of the registered client.","required":false,"type":"string"},{"name":"id","in":"query","description":"Id of registerd kmip client.","required":false,"type":"string"},{"name":"profile_name","in":"query","description":"Profile used for registering client.","required":false,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"System property name."},"value":{"type":"string","description":"System property value."},"description":{"type":"string","description":"Description of the system property."}}}]}}}}]},"examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"6bfbf7a8-3be9-4d5c-bdd5-f7f108f75779","uri":"kylo:kylo:nae:kmip_client:kmip1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-10T07:31:16.267524Z","name":"kmip1","updatedAt":"2019-12-10T07:31:16.267524Z","impersonated_user":"kmip1","fingerprint":"DC903547536A32BB32004171114D945445DAB469D31C4AA0281632246953FC64","profile_name":"profile1","certificate":"-----BEGIN CERTIFICATE-----\nMIIEKTCCAhGgAwIBAgIQDvBMYTeooqPsTfYNM+WmnzANBgkqhkiG9w0BAQsFADBa\nMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNhbXAxEDAO\nBgNVBAoTB0dlbWFsdG8xGjAYBgNVBAMTEUtleVNlY3VyZSBSb290IENBMB4XDTE5\nMTIwOTA3MzExNloXDTIxMTIwODA3MzExNlowEDEOMAwGA1UEAxMFa21pcDEwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC6lPiyX4pgez2Yd+hS/G3QI84\nXcEok6rCwEZG6uD8DTbePDQF/tRurUyWMDDBIYMC1UXIy683Ds1XGl2RjU6yp1yt\nvFutqOMpzYKMbt3F3KBJZlMeI/MGJELbfPdV3+ag68n1Q/iB/MiDPP67DO1pyWhg\nB1rHsZ5++YsEXAXO4Lx5Gpx+QnzmmBniDtgpUgw0zTyrTaYl3eEzoppe8N97ALEx\n89kZ0wBUryzxOOiGIV8VE6k0QwxwDzSX0eLK4JblEa4OgRBe/rbYbuZgmjdqNjNU\ns9vuDZdVy5xLdgVgEjO/3tHqtIRj0Y43T/P15kzMFZ0f/Lq2e+ZfEtjqjpYpAgMB\nAAGjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNV\nHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQBrM4Am7EU7n00+tDscnNUuenfb\ne459Mt0iiiSRHH381FEOrqER/+9mAf1D4AA6rCm+5vuM/DT9RtLAsGGw+8pjbBDp\nMIdBPWxSxOJGlY4gUGXohjB/MFQTuMVFx6vsEaJ1DIQy1lvFqWaUCDBd/+yHydnU\n3ngHgML6o3nVkJnx2Ne+iEAy9WRkBaD05XCaJznWiLu32OcXp9/Rw5+7s2DUOwWN\ns1UeTjr7327DVvrnqHGKbMePahiPUOX4lsyjTOGzdaPcYgXLgx56d4z3uviJwxuu\nzme8GscEmoMNJlRZ+ZbuXSD+Gz2n1uIEoP60qEgLWxJrrLtRNosn4Gx3vZsy7QHx\nYoqkmRSB2FE7oWeWJdo18ubMCv1Z7Dy36ght2pTTl3QWujxF1Suac33WdGMBkdkL\n0G1f+7y+X3bbkuVsQuGMWrdhxrXIM+D7OZwksNKe6s+c1LBSxdMNDlYuXmrFsJw/\nE2pskLPA+oI8LIdtF9LKdn8z1Qz/93L2Ey323oRLublQ4wB3ENz041cLJM0v0c/J\nZ+sxGXzsnYDu5I4t3Gp3JfiAo3ExKUAZuilZnB8dnZaieve8EwOSjjXxKMGi7TtI\nWjAlv9a9nQH+JnnOCMNblDMWsAcF6zsFvef2qAoToSzzzIyDEn8Frmb823mZxZPY\nGOGKUqF6kloD9dygNg==\n-----END CERTIFICATE-----\n","device_credential":{"device_id":"","machine_id":"","media_id":"","network_id":"","serial_no":""}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/kmip/kmip-clients-count":{"get":{"summary":"Get clients count","description":"Returns KMIP registered clients count across all domains.","tags":["KMIP/Client-Management","Beta"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"total":1}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/kmip/kmip-clients/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The ID of the kmip client","required":true,"type":"string"}],"delete":{"summary":"Delete","description":"Delete given kmip client.\n","tags":["KMIP/Client-Management"],"responses":{"204":{"description":"No Content | Successful deletion of kmip client."}}}},"/v1/kmip/regtokens/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Client registration token.\n","tags":["KMIP/Client-Management"],"parameters":[{"name":"body","in":"body","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default.","schema":{"type":"object","title":"Create Client registration token","properties":{"ca_id":{"description":"ID of the trusted Certificate Authority that will be used to sign client certificate for the registration process. By default local Certificate Authority will be used to issue certificates. An external CA ID can be specified if KMIP client registration is being done using a client certificate signed by an external CA.","type":"string"},"lifetime":{"type":"string","description":"Duration in minutes/hours/days for which this token can be used for registering CipherTrust Manager clients. No limit by default. For 'x' amount of time, it should formatted as xm for x minutes, xh for hours and xd for days."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager clients certificate is valid, default (730)."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"profile_name":{"type":"string","description":"Name of kmip profile to be linked withthis token."},"name_prefix":{"type":"string","description":"Prefix for the client name. For a client registered using this registration token, name_prefix, if specified, client name will be constructed as 'name_prefix{nth client registered using this registation token}', If name_prefix is not specified, CipherTrust Manager server will generate a random name for the client.","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager clients certificate is valid, default (730)."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."}}}]}},"example":{"ca_id":"d94ef496-5e43-4424-a6e7-f4213c108415","lifetime":"10h","cert_duration":730,"max_clients":100,"name_prefix":"test_client","profile_name":"profilename"}}}],"responses":{"201":{"description":"Successful client registration token creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":-1,"cert_duration":730,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"}}}}}}},"/v1/crypto/hide2":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Format-preserving encrypt","description":"This performs Format Preserving Encryption (FPE) per the FF3 algorithm.\n\nThe key used for encryption can be specified as a HTTP query parameter. \nA 256 bit AES key is created if it does not exist.\nA default key is used if the key name is not specified. The name of the default key\nis derived using quantities passed in the JWT (the issuer, subject, audience), and can\nbe considered unique per user. Once created, the same key will be reused for that user\nwhen the key name is not specified.\n \nTwo modes of input data are supported: batch data and single data.\n\nFor single data, the FPE parameters (tweak, etc.) are passed as HTTP query parameters,\nand the data is passed as plain text in the body. Set the HTTP \"Content Type\" header to\n\"text/plain\" for this mode.\n\nThe batch data mode allows passing both the FPE parameters and the plain text in the \nbody of the HTTP request. Set the HTTP \"Content Type\" and \"Accept\" headers to \"application/json\" for this mode. \nThe FPE parameters can be passed both as HTTP query parameters, or in the body. \nAny parameters passed via the body override the parameters passed in the query string.\nThe data to be encrypted must be passed in the body. Multiple plain text strings can be encrypted \nin a single request, each having their ownset of FPE parameters. The key and the hint\nare common to all data sets in the batch request.\n\nThe batch mode is recommended because it does not expose any of the FPE parameters via the HTTP query string.\nNote that the API playground only works in batch mode. The single data mode is not supported in the API playground.\n","tags":["Crypto"],"consumes":["application/json","text/plain"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":false,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. An empty string is assumed if this parameter is absent. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified."},{"name":"hint","in":"query","required":true,"type":"string","enum":["digit","alphabet","alphanumeric","printable","unicode"],"description":"This string identifies the type of input. It can be one of following printable strings - 'digit', 'alphabet', 'alphanumeric', 'printable' and 'unicode'. This hint needs to be passed."},{"name":"charset","in":"query","required":false,"type":"string","description":"This string identifies the charset name or id. It is required when hint is 'unicode'."},{"name":"tweakAlg","in":"query","required":false,"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm. Allowed values are \"sha1\", \"sha256\", \"sha512\" and \"none\". Defaults to \"none\"."},{"name":"tweak","in":"query","required":false,"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data. If tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes. It can be any arbitrary string if the tweakAlg is not \"none\". If provided, it must be the same for both hide and unhide operations for a given data. Tweak is not allowed if tweakAlg is empty."},{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},{"name":"body","in":"body","required":true,"description":"The data to be hidden.\nBody can be specified in two ways: plain data for single data mode and JSON data for batch mode.\nFor plain data, provide data to be hidden in the body and Content-Type header as \"text/plain\".\nFor JSON data, provide data in JSON format as specified in the body schema and Content-Type and Accept headers as \"application/json\".\nOnly the characters in the data that are within the alphabet type specified by the hint are hidden.\nCharacters not part of the specified alphabet are returned without modification, at the same location within the string.\n","schema":{"type":"object","description":"Specify the HTTP Content-Type and Accept headers as \"application/json\" to provide data in JSON format.\nEither `\"input\"` or `\"input_base64\"` should be specified.\n","properties":{"batch_request":{"type":"array","description":"Provide single or multiple data.\n\n`\"iv\"`, `\"tweak_alg\"` and `\"tweak\"` can be part of either query parameters or `\"batch_request\"`.\nIf specified in query parameters, these will be applicable to every data in the batch.\nIf specified with a data in the batch, these will be applicable to only that data in the batch.\n\"iv\", \"tweak_alg\" and tweak\", if specified with both \"batch_request\" and the query parameters,\nvalues within \"batch_request\" takes precedence.\n\nResponse comes in `\"batch_response\"`. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"HideData","description":"Data to hide and its associated values.\n","properties":{"input":{"type":"string","description":"Specify the data to be hidden (plaintext) as JSON string.\nEither `\"input\"` or `\"input_base64\"` should be specified.\nIf `\"input\"` is provided, `\"data\"` will contain the hidden data in the response.\n"},"input_base64":{"type":"string","description":"Specify the data to be hidden (plaintext) here. Data must be specified in base64 encoding.\nEither `\"input\"` or `\"input_base64\"` should be specified.\nIf `\"input_base64\"` is provided, `\"data_base64\"` will contain the hidden data in base64 encoding in the response.\n"},"iv":{"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data.\nIt is required only if the input data length is larger than the FPE block length.\nThe block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes).\nThe IV should not be supplied if the data length does not exceed the FPE block length.\nThe characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size.\n"},"tweak_alg":{"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm.\nDefaults to \"none\".\n","enum":["sha1","sha256","sha512"],"default":"none"},"tweak":{"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data.\nIf tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes.\nIt can be any arbitrary string if the tweakAlg is not \"none\".\nIf provided, it must be the same for both hide and unhide operations for a given data.\nTweak is not allowed if tweakAlg is empty.\n"}}}}},"example":{"batch_request":[{"input":"123","tweak":"abc","tweak_alg":"sha256"},{"input_base64":"MTIz","tweak":"abc","tweak_alg":"sha256"},{"input":"012345678901234567890123456789012345678901234567890123456789","tweak":"abcd","tweak_alg":"sha512","iv":"01234567890123456789012345678901234567890123456789012345"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"data":{"type":"string","description":"Contains hidden (encrypted) data when Content-Type is \"text/plain\"."},"opMeta":{"type":"object","properties":{"keyVersion":{"description":"The version of the cryptographic key used for encryption.\n"},"keyId":{"description":"ID of the key used for encryption."}}},"batch_response":{"type":"array","description":"Contains Hidden (Encrypted) data.\nReturned only when `\"batch_request\"` is provied in the request body.\n\nIf error occurs while processing any data in the batch, HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully hidden (encrypted).\n","items":{"type":"object","title":"Hidden (encrypted) Data","description":"Hidden (encrypted) data and its associated values\n","properties":{"data":{"type":"string","description":"Hidden data. Either `\"data\"` or `\"data_base64\"` is returned.\nIf `\"input\"` is provided in the request, then `\"data\"` is returned.\n"},"data_base64":{"type":"string","description":"Hidden data in base64 encoding. Either `\"data\"` or `\"data_base64\"` is returned.\nIf `\"input_base64\"` is provided in the request, then `\"data_base64\"` is returned.\n"},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"data\"`/`\"data_base64\"` will be returned.\n"}}}}}},"examples":{"application/json":{"data":"920-788-2756","opMeta":{"keyId":"f58d4353-740f-4ce2-91e2-1a753b8cda12","keyVersion":0}}}}}}},"/v1/crypto/unhide2":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Format-preserving decrypt","description":"This performs Format Preserving Decryption per the FF3 algorithm.\nIt decrypts the data created by the Hide operation.\n\nThe key used for decryption can be specified as a HTTP query parameter.\nThe default key is used if it is not specified.\nEither the specified key, or the default key, must exist.\n\nTwo modes of input data are supported: batch data and single data.\n\nFor single data, the FPE parameters (tweak, etc.) are passed as HTTP query parameters,\nand the data is passed in the body. Set the HTTP \"Content Type\" header to\n\"text/plain\" for this mode.\n\nThe batch data mode allows passing both the FPE parameters and the cipher text in the \nbody of the HTTP request. Set the HTTP \"Content Type\" and \"Accept\" headers to \"application/json\" for this mode. \nThe FPE parameters can be passed both as HTTP query parameters, or in the body. \nAny parameters passed via the body override the parameters passed in the query string.\nThe data to be decrypted must be passed in the body. Multiple text strings can be decrypted \nin a single request, each having their ownset of FPE parameters. The key and the hint\nare common to all data sets in the batch request.\n\nThe batch mode is recommended because it does not expose any of the FPE parameters via the HTTP query string.\nNote that the API playground only works in batch mode. The single data mode is not supported in the API playground.\n","tags":["Crypto"],"consumes":["application/json","text/plain"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":false,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. An empty string is assumed if this parameter is absent. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified."},{"name":"hint","in":"query","required":true,"type":"string","enum":["digit","alphabet","alphanumeric","printable","unicode"],"description":"This string identifies the type of input. It can be one of following printable strings - 'digit', 'alphabet', 'alphanumeric', 'printable' and 'unicode'. This hint needs to be passed."},{"name":"charset","in":"query","required":false,"type":"string","description":"This string identifies the charset name or id. It is required when hint is 'unicode'."},{"name":"tweakAlg","in":"query","required":false,"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm. Allowed values are \"sha1\", \"sha256\", \"sha512\" and \"none\". Defaults to \"none\"."},{"name":"tweak","in":"query","required":false,"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data. If tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes. It can be any arbitrary string if the tweakAlg is not \"none\". If provided, it must be the same for both hide and unhide operations for a given data. Tweak is not allowed if tweakAlg is empty."},{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},{"name":"body","in":"body","required":true,"description":"The data to unhide. It should be the output of the hide operation.\nBody can be specified in two ways: plain data for single data mode and JSON data for batch mode.\nFor plain data, provide data to be hidden in the body and Content-Type header as \"text/plain\".\nFor JSON data, provide data in JSON format as specified in the body schema and Content-Type and Accept headers as \"application/json\".\n","schema":{"type":"object","description":"Provide Content-Type and Accept as \"application/json\" to provide data in JSON format.\nEither provide `\"input\"` or in `\"input_base64\"`.\n","properties":{"batch_request":{"type":"array","description":"Single or multiple data to unhide.\n\n`\"iv\"`, `\"tweak_alg\"` and `\"tweak\"` can be part of either query parameters or `\"batch_request\"`.\nIf specified in query parameters, these will be applicable to every data in the batch.\nIf specified with a data in the batch, these will be applicable to only that data in the batch.\n\"iv\", \"tweak_alg\" and tweak\", if specified with both \"batch_request\" and the query parameters,\nvalues within \"batch_request\" takes precedence.\n\nResponse comes in `\"batch_response\"`. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"UnHideData","description":"Data to unhide and its associated values.\n","properties":{"input":{"type":"string","description":"Specify the data to unhide (ciphertext) as JSON string.\nEither `\"input\"` or `\"input_base64\"` should be specified.\nIf `\"input\"` is provided, `\"data\"` will contain the unhid (plaintext) data in the response.\n"},"input_base64":{"type":"string","description":"Specify the data to unhide (ciphertext) in base64 encoding.\nEither `\"input\"` or `\"input_base64\"` should be specified.\nIf `\"input_base64\"` is provided, `\"data_base64\"` will contain the unhid (plaintext) data in base64 encoding in the response.\n"},"iv":{"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data.\nIt is required only if the input data length is larger than the FPE block length.\nThe block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes).\nThe IV should not be supplied if the data length does not exceed the FPE block length.\nThe characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size.\n"},"tweak_alg":{"type":"string","description":"This string specifies the algorithm used for converting the tweak string into the tweak used by the FPE algorithm.\nDefaults to \"none\".\n","enum":["sha1","sha256","sha512"],"default":"none"},"tweak":{"type":"string","description":"This string identifies the tweak to be used along with the cryptographic key for hiding/unhiding the data.\nIf tweakAlg is \"none\", this should be a 8-byte array encoded in hex. Length of encoded string is 16 bytes.\nIt can be any arbitrary string if the tweakAlg is not \"none\".\nIf provided, it must be the same for both hide and unhide operations for a given data.\nTweak is not allowed if tweakAlg is empty.\n"}}}}},"example":{"batch_request":[{"input":"123","tweak":"abc","tweak_alg":"sha256"},{"input":"189567","tweak":"abcd","tweak_alg":"sha512"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"data":{"type":"string","description":"Contains unHid (decrypted) data when Content-Type is \"text/plain\"."},"opMeta":{"type":"object","properties":{"keyVersion":{"description":"The version of the cryptographic key used for decryption.\n"},"keyId":{"description":"ID of the key used for decryption."}}},"batch_response":{"type":"array","description":"Contains Unhid (Decrypted) data.\nReturned only when `\"batch_request\"` is given in the request body.\n\nIf error occurs while processing any data in the batch, HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully Unhidden (decrypted).\n","items":{"type":"object","title":"Unhide (decrypted) Data","description":"Unhid (decrypted) data and its associated values\n","properties":{"data":{"type":"string","description":"Unhid data. Either `\"data\"` or `\"data_base64\"` is returned.\nIf `\"input\"` is provided in the request, then `\"data\"` is returned.\n"},"data_base64":{"type":"string","description":"Unhid data in base64 encoding. Either `\"data_base64\"` or `\"data\"` is returned.\nIf `\"input_base64\"` is provided in the request, then `\"data_base64\"` is returned.\n"},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"data\"`/`\"data_base64\"` will be returned.\n"}}}}}},"examples":{"application/json":{"data":"239-823-9530","opMeta":{"keyId":"f58d4353-740f-4ce2-91e2-1a753b8cda12","keyVersion":0}}}}}}},"/v1/crypto/encrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Encrypt","description":"This operation encrypts data. The key name and the data to encrypt must be supplied. The Additional Authenticated Data (AAD) may be included for AES/GCM operation. Optional information that are passed via query parameters include the key version, crypto mode, crypto padding mode, the Initialization Vector (IV), and the length of the AES-GCM tag. The key version and tag length are pointers, and cannot be used in the API playground. The plaintext and AAD are passed in via a JSON encoded blob. The output is a JSON blob. The JSON blob that is returned can be passed to the decrypt endpoint.\nIt supports two modes for input data, single data (default) and batch data. To use single data mode, provide data in `\"plaintext\"`. To use batch mode, refer \"`batch_request`\" in body schema.\n","tags":["Crypto"],"consumes":["application/json","text/plain"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","required":true,"description":"The data to encrypt.","schema":{"description":"The input to an encrypt operation. It is a JSON object that contains the data to be encrypted. For AES-GCM, it also contains the data to be authenticated. Note that both these are byte arrays. JSON encodes byte arrays to base64 strings. Therefore, the JSON object that is input should contain valid base64 data for both the plaintext and AAD.","type":"object","title":"Encryption Input","required":["id"],"properties":{"id":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"name":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"plaintext":{"type":"string","description":"Data to Encrypt. This is a byte array. JSON encodes byte arrays to base64 strings. Therefore, the string in the JSON object should be a valid base64 string."},"version":{"type":"integer","description":"Version of the key to use."},"mode":{"type":"string","description":"This string identifies the cryptographic mode to use for symmetric key operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM' (default is 'GCM'), and the only allowed value for TDES is 'CBC'."},"pad":{"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES and TDES, allowed values are 'none', 'PKCS5' and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms the allowed values 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384' and 'OAEP512', defaulting to 'OAEP'."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"nae_key_version_header":{"type":"boolean","description":"This flag requests that the 3-byte NAE key-version header be prepended to the returned ciphertext."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."},"batch_request":{"type":"array","description":"Single or multiple data to encrypt.\n\n`\"iv\"`, `\"tag_len\"` and `\"aad\"` can be specified explicitly for each data within `\"batch_request\"` or\nfor all data in the batch request by making it part of the request body.\nIf specified at both the places, values inside `\"batch_request\"` takes precedence.\n\nResponse field `\"batch_response\"` will contain encrypted data. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"EncryptData","description":"Data to encrypt and its associated values\n","properties":{"plaintext":{"type":"string","description":"Data to Encrypt. This is a byte array. JSON encodes byte arrays to base64 strings. Therefore, the string in the JSON object should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."}}}}},"example":{"id":"mykey","plaintext":"ZW5jcnlwdA==","aad":"YXV0aGVudGljYXRl"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","description":"The output of an encrypt operation. It is a JSON object that contains the encrypted data, as well as parameters needed to decrypt the data.","title":"Encrypted Blob","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"ID of the key used for encrypting the data, only either ID or name should be specified."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data."},"mode":{"type":"string","description":"The crypto mode (e.g. cbc, ecb, gcm)."},"pad":{"type":"string","description":"The padding algorithm (e.g. none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array, and appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."},"batch_response":{"type":"array","description":"Contains encrypted data.\nReturned only when `\"batch_request\"` is provided in request (i.e if data is sent in batch mode).\n\nIf error occurs while processing any data in the batch, HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully encrypted.\n\n`\"iv\"` and `\"aad\"`, if specified explicitly for a data within `\"batch_request\"`, are returned with the data within `\"batch_response\"`.\n`\"iv\"` and `\"aad\"`, if specified in request body, are returned in response body.\n`\"tag\"` is always returned with the data within `\"batch_response\"`.\nIf `\"iv\"` is not specified anywhere and generated automatically while encrypting, it will be returned with the data in `\"batch_response\"`.\n","items":{"type":"object","title":"Encrypted Data","description":"Encrypted data and its associated values\n","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"ciphertext\"` will be returned.\n"}}}}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"examples":{"application/json":{"ciphertext":"VY2D+Q9UyPRj2tIlHP/yVQ==","tag":"ws/1krVDXQKA1JlThx6Ejg==","id":"mykey1","version":0,"mode":"gcm","iv":"GB1yLYeN5IljclAc38x6ow==","aad":"YWJj"}}}}}},"/v1/crypto/decrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Decrypt","description":"This operation decrypts data. The input should be the JSON blob that was output by the encrypt operation. The output of this operation contains the plaintext encoded in a JSON blob.\nIt supports two modes for input data, single data (default) and batch data. To use single data mode, provide data in `\"ciphertext\"`. To use batch mode, refer \"`batch_request`\" in body schema.\n","tags":["Crypto"],"consumes":["application/json"],"produces":["application/json","text/plain"],"parameters":[{"name":"Accept","in":"header","description":"Accept type","type":"string","default":"application/json"},{"name":"body","in":"body","required":true,"description":"The data to decrypt.","schema":{"description":"The input of an decrypt operation. It is a JSON object that contains the encrypted data, as well as parameters needed to decrypt the data.","type":"object","title":"DecryptInput","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"ID of the key used for encrypting the data, only either ID or name should be specified."},"type":{"type":"string","description":"Specify the type of the identifier specified by the 'name' field. Must be one of name, id, uri, or alias. If not specified, the type of the identifier is inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data."},"mode":{"type":"string","description":"The crypto mode (e.g. cbc, ecb, gcm)."},"pad":{"type":"string","description":"The padding algorithm (e.g. none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array, and appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."},"batch_request":{"type":"array","description":"Single or multiple data to decrypt.\n\n`\"iv\"`, `\"tag\"` and `\"aad\"` can be specified explicitly for each data within `\"batch_request\"` or for all\ndata in the batch request by making it part of the request body.\nIf specified at both the places, values inside `\"batch_request\"` takes precedence.\n\nResponse field `\"batch_response\"` will contain decrypted data. See `\"batch_response\"` description for more.\nResponse HTTP status code - 207 indicates failure in batch request.\n","items":{"type":"object","title":"DecryptData","description":"Data to decrypt and its associated values.\n","properties":{"ciphertext":{"type":"string","description":"The cipher text is a byte array, and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array, and appears as a base64 encoded string in the JSON blob."},"iv":{"type":"string","description":"The IV is a byte array, and appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."}}}}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}}}],"responses":{"200":{"description":"OK","schema":{"description":"The output of an decrypt operation. It is a JSON object that contains the plaintext.","type":"object","title":"Decrypted Blob","properties":{"plaintext":{"type":"string","description":"The plain text is a byte array, and appears as a base64 encoded string in the JSON blob."},"batch_response":{"type":"array","description":"Contains decrypted data.\nReturned only when `\"batch_request\"` is provided in request (i.e if data is sent in batch mode).\n\nIf error occurs while processing any data in a batch, Response HTTP status code will be 207 and error will be\nreturned only for the data that failed, with `\"batch_response\"` containing `\"error\"` for that\nindex; rest all indexes will be successfully decrypted.\n","items":{"type":"object","title":"Decrypted Data","description":"Decrypted Data.","properties":{"plaintext":{"type":"string","description":"The plain text is a byte array, and appears as a base64 encoded string in the JSON blob."},"error":{"type":"string","description":"Returned only for the index that failed.\nEither `\"error\"` or `\"plaintext\"` will be returned.\n"}}}}},"example":{"plaintext":"VY2D+Q9UyPRj2tIlHP/yVQ=="}},"examples":{"application/json":{"plaintext":"VY2D+Q9UyPRj2tIlHP/yVQ=="}}}}}},"/v1/crypto/reencrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Reencrypt","description":"This operation re-encrypts the data. The re-encrypt operation first decrypts the ciphertext with the original key and returns no plaintext, and then encrypts the plaintext with a different or the same key and returns the ciphertext.\nFor the Decrypt operation, the input must be the JSON blob generated as a output of the encrypt operation. This operation doesn't return any plaintext as a output.\n\nFor Encrypt operation, The key name must be supplied. The Additional Authenticated Data (AAD) may be included for AES/GCM operation. Optional information that are passed via json parameters include the key version, crypto mode, crypto padding mode, the Initialization Vector (IV), and the length of the AES-GCM tag.\nThe AAD are passed in via a JSON encoded blob. The output is a JSON blob. The JSON blob that is returned can be passed to the decrypt endpoint.\n","tags":["Crypto"],"consumes":["application/json","text/plain"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","required":true,"description":"The data to decrypt and encrypt.","schema":{"description":"The input for a re-encrypt operation. It is a JSON object that contains encryption and decryption parameters.\nThe decryption parameters contain the encrypted data and the parameters required to decrypt the data.\nFor Encryption parameters, in case of AES-GCM, it contains the data to be authenticated. Note that this is byte array. JSON encodes byte arrays to base64 strings. Therefore, the JSON object should contain valid base64 data for AAD.\nNote: The Plaintext parameter is not required.\n","title":"ReencryptInput","properties":{"decrypt":{"type":"object","description":"The input for a decrypt operation. It is a JSON object that contains the encrypted data and the parameters required to decrypt the data.","properties":{"ciphertext":{"type":"string","description":"The ciphertext is a byte array and appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array that appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"The ID of the key used for encrypting the data. Specify either ID or name."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data."},"mode":{"type":"string","description":"The cryptographic mode (for example, cbc, ecb, and gcm)."},"pad":{"type":"string","description":"The padding algorithm (for example, none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array that appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array that appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."}}},"encrypt":{"type":"object","description":"The input of Encrypt operation, In case of AES-GCM, it contains the data to be authenticated. Note that this is byte array. JSON encodes byte arrays to base64 strings.","properties":{"id":{"type":"string","description":"The name, ID, or URI of the key used by the crypto operation."},"name":{"type":"string","description":"The name, ID or URI of the key used by the crypto operation."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key to use."},"mode":{"type":"string","description":"Identifies the cryptographic mode to use for the symmetric key operations. The allowed values depend on the algorithm used. Allowed values for AES are 'CBC', 'EBC', and 'GCM' (default is 'GCM'). The only allowed value for TDES is 'CBC'."},"pad":{"type":"string","description":"This string identifies the cryptographic padding algorithm to use. The allowed values depend on the algorithm used. For AES and TDES, the allowed values are 'none', 'PKCS5', and 'PKCS7' (default is 'PKCS7'). For asymmetric algorithms, the allowed values are 'PKCS1', 'OAEP', 'OAEP256', 'OAEP384', and 'OAEP512' (default is 'OAEP')."},"aad":{"type":"string","description":"Data to authenticate. This is a byte array and should be a valid base64 string."},"iv":{"type":"string","description":"The Initialization Vector (IV) is a byte array used with CBC and GCM cryptographic algorithm modes. It appears as a base64 encoded string in the JSON blob. We recommend to omit this field to let the server generate and return a secure IV using its random number generator. Otherwise follow the security guidelines in \"NIST SP800-38A\" and \"NIST SP800-38D\" publications to ensure your IV construction is secure."},"nae_key_version_header":{"type":"boolean","description":"This flag requests that the 3-byte NAE key-version header be prepended to the returned ciphertext."},"tag_len":{"type":"integer","description":"The byte length of the GCM tag. It can be between 4 and 16, defaults to 16."}}}},"example":{"decrypt":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"},"encrypt":{"id":"mykey","aad":"YXV0aGVudGljYXRl"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","description":"The output of a re-encrypt operation. It is a JSON object that contains the encrypted data and the parameters required to decrypt the data.","title":"Re-Encrypted Blob","properties":{"ciphertext":{"type":"string","description":"The ciphertext is a byte array that appears as a base64 encoded string in the JSON blob."},"tag":{"type":"string","description":"The AEAD tag is a byte array that appears as a base64 encoded string in the JSON blob."},"id":{"type":"string","description":"The ID of the key used for encrypting the data. Specify either ID or name."},"type":{"type":"string","description":"Type of the identifier specified in the 'name' parameter. The Type of the identifier is derived from name, ID, URI, or alias. If not specified, the type of the identifier is automatically inferred."},"version":{"type":"integer","description":"Version of the key used for encrypting the data."},"mode":{"type":"string","description":"The cryptographic mode (for example, cbc, ecb, and gcm)."},"pad":{"type":"string","description":"The padding algorithm (for example, none, pkcs7)."},"iv":{"type":"string","description":"The IV is a byte array that appears as a base64 encoded string in the JSON blob."},"aad":{"type":"string","description":"The AAD is a byte array that appears as a base64 encoded string in the JSON blob."},"nae_key_version_header":{"type":"boolean","description":"This flag indicates that the 3-byte NAE key-version header is prepended to the input ciphertext."}},"example":{"ciphertext":"V7xlczQt5A==","tag":"BUClpmg4Lu9GvgRe7/MgrA==","id":"8a16ee3a43a8fda6d0d3d923f20dc46821db19ed17cfa18f4b2af36d090e9da8","version":0,"mode":"gcm","iv":"0/RM+V753YJGJERC","aad":"YXV0aGVudGljYXRl"}},"examples":{"application/json":{"ciphertext":"VY2D+Q9UyPRj2tIlHP/yVQ==","tag":"ws/1krVDXQKA1JlThx6Ejg==","id":"mykey1","version":0,"mode":"gcm","iv":"GB1yLYeN5IljclAc38x6ow==","aad":"YWJj"}}}}}},"/v1/crypto/mac":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"MAC","description":"This operation creates the MAC. The key name (and optional version and algorithm - hmac or cmac), and the data to MAC should be supplied.\nWhile generating the HMAC key, specify the algorithm as a HMAC algorithm (e.g. hmac-sha256). For the CMAC algorithm,\nthe key algorithm should be AES. In addition the keys should have appropriate usage masks to \"MAC Generate\" and\n\"MAC Verify\" in the usageMask (e.g. usageMask=384). The MAC is returned in the response body.\n","tags":["Crypto"],"consumes":["application/octet-stream"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified."},{"name":"algorithm","in":"query","required":false,"type":"string","description":"This string specifies the MAC Algorithm used for MAC/MACV operations. The supported values for this are hmac and cmac."},{"name":"body","in":"body","required":true,"description":"The data for which to generate a MAC.","schema":{"type":"string","example":"how-now-brown-cow"}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"data":"6a8696683658f16d14cd8a7fc94ba213385ecf1f","opMeta":{"keyId":"f58d4353-740f-4ce2-91e2-1a753b8cda12","keyVersion":0}}}}}}},"/v1/crypto/macv":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"MAC Verify","description":"This operation verifies MAC. The key name (and optional version and algorithm - hmac or cmac), the data to\nMAC, and the MAC, are supplied. The MAC verification result is returned in the response body.\n","tags":["Crypto"],"consumes":["application/octet-stream"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified."},{"name":"algorithm","in":"query","required":false,"type":"string","description":"This string specifies the MAC Algorithm used for MAC/MACV operations. The supported values for this are hmac and cmac."},{"name":"hash","in":"query","required":true,"type":"string","description":"This string identifies the hex encoded mac to be verified for the given data."},{"name":"body","in":"body","required":true,"description":"The data for which MAC is to be verified.","schema":{"type":"string","example":"239-823-9530"}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"verified":true}}}}}},"/v1/crypto/sign":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Sign","description":"The key is uniquely associated with quantities passed in the JWT (the issuer, subject, audience), and the keyName string that is passed in as a query parameter. The signature along with the key version information is returned in the body of the response.","tags":["Crypto"],"consumes":["application/octet-stream"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified."},{"name":"signAlgo","in":"query","required":false,"type":"string","description":"This string specifies the signing algorithm used for generating signature. Allowed values are \"RSA\" and \"ECDSA\"."},{"name":"hashAlgo","in":"query","required":true,"type":"string","description":"This string specifies the hash algorithm used for generating signature. For ECDSA the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\", \"SHA3-224\", \"SHA3-256\", \"SHA3-384\", \"SHA3-512\" and \"none\". For RSA, the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\" and \"none\"."},{"name":"pad","in":"query","required":false,"type":"string","description":"This string specifies the padding used for generating signature and is only applicable for the RSA signing algorithm. Allowed values are 'PKCS1', 'PSS', and 'PSSWithPrecomputedHash'. Default value is 'PKCS1'."},{"name":"saltLength","in":"query","required":false,"type":"integer","description":"This integer specifies the saltLength for PSS padding. This is only applicable for the RSA signing algorithm. The SaltLength varies from -1 to a positive integer upto the maximum length.\n-1 is for HASH-EQUAL-LENGTH and 0 is for MAX-LENGTH.\nMaximum supported value of salt length = (Key length in bytes - HASH length in byte - 2)\n"},{"name":"body","in":"body","required":true,"description":"The data for which to generate signature.","schema":{"type":"string","example":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9"}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"data":"4742753e7000c6abff59336602789452209b7e4300de6029d4ba327d3ed45a1d5bf78fa8ea15ea99b48741d46f09f8210b1dd8cc905efb15821f813a37ac4008fdf802786f752f308110360e3c9e872ebe98cb29d1181aef7c3bd0d595b810091306b13ebdaec910d2cc59f947bed2d26bf3f44b5eaf0efcbc19f190f8895d99","opMeta":{"keyId":"f58d4353-740f-4ce2-91e2-1a753b8cda12","keyVersion":0}}}}}}},"/v1/crypto/signv":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Sign Verify","description":"The key is uniquely associated with quantities passed in the JWT (the issuer, subject, audience), and the keyName string that is passed in as a query parameter. The signature verification result is returned in the body of the response.","tags":["Crypto"],"consumes":["application/octet-stream"],"produces":["application/json"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"version","in":"query","required":false,"type":"string","description":"This string is used for identifying the version of the cryptographic key that is used for encryption/hmac. The newest version is used if this parameter is omitted. This string is used only when the keyName parameter is also specified."},{"name":"signAlgo","in":"query","required":false,"type":"string","description":"This string specifies the signing algorithm used for generating signature. Allowed values are \"RSA\" and \"ECDSA\"."},{"name":"hashAlgo","in":"query","required":true,"type":"string","description":"This string specifies the hash algorithm used for generating signature. For ECDSA the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\", \"SHA3-224\", \"SHA3-256\", \"SHA3-384\", \"SHA3-512\" and \"none\". For RSA, the allowed values are \"SHA1\", \"SHA-256\", \"SHA-384\", \"SHA-512\" and \"none\"."},{"name":"pad","in":"query","required":false,"type":"string","description":"This string specifies the padding used for generating signature and is only applicable for the RSA signing algorithm. Allowed values are 'PKCS1', 'PSS', and 'PSSWithPrecomputedHash'. Default value is 'PKCS1'."},{"name":"saltLength","in":"query","required":false,"type":"integer","description":"This integer specifies the saltLength for PSS padding. This is only applicable for the RSA signing algorithm. The SaltLength varies from -1 to a positive integer upto the maximum length.\n-1 is for HASH-EQUAL-LENGTH and 0 is for MAX-LENGTH.\nMaximum supported value of salt length = (Key length in bytes - HASH length in byte - 2)\n"},{"name":"signature","in":"query","required":true,"type":"string","description":"This string identifies the hex encoded signature to be verified for the given data."},{"name":"body","in":"body","required":true,"description":"The data for which MAC is to be verified.","schema":{"type":"string","example":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9"}}],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"verified":true}}}}}},"/v1/crypto/encryptonite":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Encryptonite","x-interactive":false,"description":"This endpoint (`encryptonite`) is deprecated, please use the `encrypt` endpoint. The byte array passed in the message body is encrypted. The keyName string that is passed in as a query parameter. The encrypted data are returned in the body of the response. You must set content type to application/octet-stream for symmetric encryption, and to multipart/form-data for use with AES-GCM operations so both the data to encrypt and the authentication data can be passed in. You must set accept type to multipart/form-data.
The multipart/form-data returned via the body contains (i) the key ID and version used for encryption, (ii) the encrypted data, (iii) the IV that was generated (in case an IV was not passed in via a query parameter).","tags":["Crypto","deprecated"],"consumes":["application/octet-stream","multipart/form-data"],"produces":["multipart/form-data"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"Data","in":"formData","required":false,"type":"string","description":"The data to encrypt or decrypt. If the content type is multipart/form-data then it is included in the multipart under the label 'Data'."},{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},{"name":"defaultiv","in":"query","required":false,"type":"string","description":"This boolean identifies if the user wants to use the default IV along with the cryptographic key for encrypting/decrypting data. False is 0 and True is 1. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request."},{"name":"mode","in":"query","required":false,"type":"string","description":"This string identifies the cryptographic mode to use for symmetric operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM', and the only allowed value for TDES is 'CBC'. Defaults to 'cbc'."},{"name":"pad","in":"query","required":false,"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES, allowed values are 'none', 'PKCS5', and 'PKCS7'. The default is 'PKCS7'. For asymmetric algorithms the allowed values 'PKCS1', and 'OAEP' defaulting to 'PKCS1'."},{"name":"AAD","in":"formData","required":false,"type":"string","description":"The authentication data for AES-GCM cipher operations. It is included in the multipart/form-data of the body under the label 'AAD'."},{"name":"taglen","in":"query","required":false,"type":"integer","description":"This integer is the requested length of the authentication tag. This parameter is only used for AES-GCM, must be between 4 and 16 inclusive and defaults to 16."}],"responses":{"200":{"description":"OK"}}}},"/v1/crypto/decryptonite":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Decryptonite","x-interactive":false,"description":"This endpoint (`decryptonite`) is deprecated, please use the `decrypt` endpoint. The byte array passed in the message body is decrypted. The keyName string that is passed in as a query parameter. The decrypted data are returned in the body of the response. You must set content type to application/octet-stream for symmetric encryption, and to multipart/form-data for use with AES-GCM operations so both the data to encrypt and the authentication data can be passed in. You must set accept type to multipart/form-data.
The multipart/form-data returned via the body contains (i) the key ID and version used for decryption, (ii) the decrypted data.","tags":["Crypto","deprecated"],"consumes":["application/octet-stream","multipart/form-data"],"produces":["multipart/form-data"],"parameters":[{"name":"keyName","in":"query","required":true,"type":"string","description":"This string is used for identifying the cryptographic key that is used for encryption/hmac. The tuple containing this keyName string, and the account details in the JWT uniquely identify the cryptographic key."},{"name":"Data","in":"formData","required":false,"type":"string","description":"The data to encrypt or decrypt. If the content type is multipart/form-data then it is included in the multipart under the label 'Data'."},{"name":"iv","in":"query","required":false,"type":"string","description":"This string identifies the IV to be used along with the cryptographic key for hiding/unhiding data. It is required only if the input data length is larger than the FPE block length. The block length depends on the hint (digit-56, alphabet,alphanumeric-32, printable-28 bytes). The IV should not be supplied if the data length does not exceed the FPE block length. The characters in the IV should lie in the alphabet specified via the hint. The length of the IV should equal the FPE block size."},{"name":"defaultiv","in":"query","required":false,"type":"string","description":"This boolean identifies if the user wants to use the default IV along with the cryptographic key for encrypting/decrypting data. False is 0 and True is 1. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request."},{"name":"mode","in":"query","required":false,"type":"string","description":"This string identifies the cryptographic mode to use for symmetric operations (i.e algorithm is 'AES' or 'TDES'). Allowed values for AES are 'CBC', 'EBC', and 'GCM', and the only allowed value for TDES is 'CBC'. Defaults to 'cbc'."},{"name":"pad","in":"query","required":false,"type":"string","description":"This string identifies cryptographic padding algorithm to use. Allowed values depend on the algorithm used. For AES, allowed values are 'none', 'PKCS5', and 'PKCS7'. The default is 'PKCS7'. For asymmetric algorithms the allowed values 'PKCS1', and 'OAEP' defaulting to 'PKCS1'."},{"name":"AAD","in":"formData","required":false,"type":"string","description":"The authentication data for AES-GCM cipher operations. It is included in the multipart/form-data of the body under the label 'AAD'."},{"name":"tag","in":"query","required":false,"type":"string","description":"This string is a hex encoded AES-GCM authentication tag for decryption operations."}],"responses":{"200":{"description":"OK"}}}},"/v1/crypto/hash":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate Hash","description":"This operation calculate Hash(digest) of the data given. Data must be given in base64 encoding. Digest returned in response will be in base64 encoding.","tags":["Crypto"],"consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","required":true,"description":"Specify Data to calculate hash of and Algorithm used to calculate hash.","schema":{"type":"object","title":"Body","description":"Specify data and algorithm.","example":{"algorithm":"SHA3-256","data":"YXNjaWktZGF0YQ=="},"required":["data"],"properties":{"algorithm":{"type":"string","description":"Algorithm used to calculate hash. Default - SHA-256","enum":["SHA-256","SHA-512","SHA-224","SHA-384","SHA-512/224","SHA-512/256","SHA3-256","SHA3-384","SHA3-512","SHA3-224"],"default":"SHA-256"},"data":{"type":"string","description":"Calculate hash of this data. Data must be given in base64 encoding."}}}}],"responses":{"200":{"description":"OK","schema":{"properties":{"data":{"type":"string","description":"Digest of data. In base64 encoding."}}},"examples":{"data":"5rgotvgzad2nXVPOwopz3xo3P4KOmP8s43JqsQ4UyxM="}}}}},"/v1/vault/random":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Random","description":"Generate random bytes using HMAC512-DRBG implementation. Displayed in base64 format.","tags":["Crypto"],"parameters":[{"name":"bytes","in":"query","type":"integer","description":"Length of the random bytes to be generated. Default is 32. The limit is 64k/65532 bytes. Make multiple requests if more than 64k bytes are needed.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"bytes":{"type":"string","description":"Random bytes in base64 format"}}},"examples":{"application/json":{"bytes":"mSsD6yHZRP4K5W9/i50mxNy933ZpN8gWJKscInvyfAw="}}}}}},"/v1/vault/keys2/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all keys. Results can be refined with query parameters. Key objects included in the response do not include the `meta`, `links` and `certFields` fields by default. Use the `fields` query parameter to include these fields in the response.","tags":["Keys"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill attempt to include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, supported fields are \"meta\", \"links\" and \"certFields\". The server will only include the meta\nattribute in the response if the query parameters includes \"fields=meta\". Certificate information\nis included when \"certFields\" is one of the field values.\n"},{"name":"metaContains","in":"query","type":"string","collectionFormat":"multi","format":"JSON","description":"A valid JSON value. Only keys whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"id","in":"query","type":"string","collectionFormat":"multi","format":"UUID","description":"Filters result to the one with matching ID\n"},{"name":"uuid","in":"query","type":"string","collectionFormat":"multi","description":"Filters result to the one with matching UUID\n"},{"name":"muid","in":"query","type":"string","collectionFormat":"multi","description":"Filters result to the one with matching MUID\n"},{"name":"keyId","in":"query","type":"string","collectionFormat":"multi","description":"Filters result to the one with matching KeyID\n"},{"name":"size","in":"query","type":"integer","collectionFormat":"multi","description":"Filters results to those with matching size. May be specified more than once. Results will match *any*\nof the values.\n"},{"name":"curveid","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching elliptic key curve id. May be specified more than once. Results will match *any*\nof the values.\n"},{"name":"version","in":"query","type":"integer","collectionFormat":"multi","description":"Filters results to those with matching version. If version is specified as -1, only latest version of the\nkeys is returned.\n"},{"name":"name","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},{"name":"algorithm","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used."},{"name":"uri","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching uris. The '?' and '*' wildcard characters may be used."},{"name":"compareIDWithUUID","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching comparison between ID and UUID.\nIf `compareIDWithUUID` is set to `equal`, then it returns keys whose IDs are equal to their UUIDs.\nIf `compareIDWithUUID` is set to `notequal`, then it returns keys whose IDs are not equal to their UUIDs.\nThe supported values are `equal` and `notequal`.\nThese keys are generally ESG keys used by CTE.\n"},{"name":"sha1Fingerprint","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching SHA1 fingerprints. The '?' and '*' wildcard characters may be used.\nThis fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},{"name":"sha256Fingerprint","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used."},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"objectType","in":"query","type":"string","collectionFormat":"multi","description":"Type of the object. It is one of 'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},{"name":"state","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching key state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},{"name":"alias","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching aliases. The '?' and '*' wildcard characters or\ncomma separted aliases may be used.\n"},{"name":"linkType","in":"query","type":"string","collectionFormat":"multi","description":"Filters results to those with matching link types. The '?' and '*' wildcard characters or\ncomma separted link types may be used.\n"},{"name":"usageMask","in":"query","type":"integer","collectionFormat":"multi","description":"Filters results to those with matching Cryptographic usage mask. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},{"name":"labels","in":"query","type":"string","description":"Filters results that match label selector expressions. Multiple\nvalues are logically ANDed. For example, to select keys that have\nthe label `{\"region\": \"noram\"}` but do not have `{\"team\": \"sales\"}`\nuse `region=noram,team!=sales`.\n\nSee the labels entry in /v1/vault/query-keys/ for a complete\ndescription of selector expressions. However, the format of the\nquery string is not JSON but must be a URL safe, comma separated\nlist of selector expressions. For example, instead of\n`[\"region=noram\",\"team!=sales\"]`, use `region=noram,team!=sales`\nwhich when URL encoded is `region%3Dnoram%2Cteam%21%3Dsales`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was updated"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:vault:keys:1480633212136-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","name":"1480633212136","updatedAt":"2016-12-01T23:00:10.072423Z","usageMask":4194303,"version":0,"algorithm":"AES","size":256,"format":"raw","unexportable":false,"undeletable":false,"objectType":"Symmetric Key","activationDate":"2017-10-02T14:24:37.436073Z","deactivationDate":"2017-10-02T14:24:37.439922Z","archiveDate":"2017-10-02T14:24:37.440033Z","destroyDate":"2017-10-02T14:24:37.445276Z","revocationReason":"Cessation of Operation","state":"Destroyed","aliases":[{"alias":"altname1","type":"string","index":0},{"alias":"altname2:keysecure:gemalto:com","type":"uri","index":1}],"links":[{"id":"137ca586-eed5-4e67-933d-2422a1c37d67","type":"replacedObject","targetID":"0f3333c4-319a-448f-8e97-e6f4367b746a"}],"uuid":"177397cd-c411-4f05-bfad-6a5503dd3d96","labels":{"region":"noram","team":"sales"}}]}}}}},"post":{"summary":"Create","description":"Creates a new key","tags":["Keys"],"parameters":[{"name":"includeMaterial","in":"query","required":false,"description":"Include key bytes in the response. If set to 'false' or not specified, only key meta data is returned.","type":"string"},{"name":"body","in":"body","description":"Type of key to create. By default an AES 256 bit key is created. Other key types are RSA and HMAC. Body itself and all parameters within are optional with the following exception.\nBy default, users not in the admin group *must* include `{\"ownerId\" : \"local|ab12...\"}` in the `meta` property of the post body. This is because the\ndefault policies state that only the owner of a key may use the key - so we must declare the owner in the metadata. Policies can be changed by admins if this behavior\nis not desired. The key by default enters \"Active\" state upon creation. For the key to start in \"Pre-Active\" state as specified in the KMIP spec, set state to \"Pre-Active\" in the\ncreate request POST body.\nAn array of aliases can be used to pass in one or more KMIP \"Name\" attributes associated with the key.\n","schema":{"title":"Create Key","properties":{"name":{"type":"string","description":"Optional friendly name, The key name should not contain special characters such as angular brackets (<,>) and backslash (`\\`)."},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"algorithm":{"type":"string","description":"Cryptographic algorithm this key is used with. Defaults to 'aes'","enum":["aes","tdes","rsa","ec","hmac-sha1","hmac-sha256","hmac-sha384","hmac-sha512","seed","aria","opaque"]},"xts":{"type":"boolean","description":"If set to true, then key created will be XTS/CBC-CS1 Key. Defaults to false. Key algorithm must be 'AES'."},"objectType":{"type":"string","description":"This specifies the type of object that is being created. Valid values are\n'Symmetric Key', 'Public Key', 'Private Key', 'Secret Data', 'Opaque Object',\nor 'Certificate'. The object type is inferred for many objects,\nbut must be supplied for the certificate object.\n"},"curveid":{"type":"string","description":"Cryptographic curve id for elliptic key. Key algorithm must be 'EC'. Values:\n * secp224k1\n * secp224r1\n * secp256k1\n * secp384r1\n * secp521r1\n * prime256v1\n * brainpoolP224r1\n * brainpoolP224t1\n * brainpoolP256r1\n * brainpoolP256t1\n * brainpoolP384r1\n * brainpoolP384t1\n * brainpoolP512r1\n * brainpoolP512t1\n"},"size":{"type":"integer","description":"Bit length for the key."},"macSignBytes":{"type":"string","description":"This parameter specifies the MAC/Signature bytes to be used for verification while importing a key. The \"wrappingMethod\" should be \n\"mac/sign\" and the required parameters for the verification must be set.\n"},"macSignKeyIdentifier":{"type":"string","description":"This parameter specifies the identifier of the key to be used for generating MAC or signature of the key material.\nThe \"wrappingMethod\" should be \"mac/sign\" to verify the MAC/signature(\"macSignBytes\") of the key material(\"material\"). \nFor verifying the MAC, the key has to be a HMAC key. \nFor verifying the signature, the key has to be an RSA private or public key.\n"},"macSignKeyIdentifierType":{"type":"string","description":"This parameter specifies the identifier of the key(\"macSignKeyIdentifier\") used for generating MAC or signature of the key material.\nThe \"wrappingMethod\" should be \"mac/sign\" to verify the mac/signature(\"macSignBytes\") of the key material(\"material\").\nPossible values are:\n * name\n * id\n * alias\n"},"signingAlgo":{"type":"string","description":"This parameter specifies the algorithm to be used for generating the signature for the verification of the \"macSignBytes\" during import of key material. \nThe \"wrappingMethod\" should be \"mac/sign\" to verify the signature(\"macSignBytes\") of the key material(\"material\"). \nPossible values are:\n * RSA\n * RSA-PSS\n"},"wrapPublicKey":{"type":"string","description":"If the algorithm is 'aes','tdes','hmac-*', 'seed' or 'aria', this value will be used to encrypt\nthe returned key material. This value is ignored for other algorithms. Value must be an RSA public\nkey, PEM-encoded public key in either PKCS1 or PKCS8 format, or a PEM-encoded X.509 certificate.\nIf set, the returned 'material' value will be a Base64 encoded PKCS#1 v1.5 encrypted key. View \n\"wrapPublicKey\" in export parameters for more information.\nOnly applicable if 'includeMaterial' is true.\n"},"wrapPublicKeyPadding":{"type":"string","description":"1. WrapPublicKeyPadding specifies the type of padding scheme that needs to be set when importing\nthe Key using the specified wrapkey. Accepted values are \"pkcs1\", \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nand will default to \"pkcs1\" when 'wrapPublicKeyPadding' is not set and 'WrapPublicKey' is set.\n\n2. While creating a new key, wrapPublicKeyPadding parameter should be specified only if 'includeMaterial' is true.\nIn this case, key will get created and in response wrapped material using specified wrapPublicKeyPadding and other\nwrap parameters will be returned.\n","enum":["pkcs1","oaep","oaep256","oaep384","oaep512"]},"wrapKeyName":{"type":"string","description":"1. While creating a new key, If 'includeMaterial' is true, then only the key material will be wrapped with material of the specified key name. The response \"material\"\nproperty will be the base64 encoded ciphertext. For more details, view \"wrapKeyName\" in export parameters.\n\n2. While importing a key, the key material will be unwrapped with material of the specified key name. The only applicable \"wrappingMethod\" for the unwrapping is \"encrypt\" \nand the wrapping key has to be an AES key or an RSA private key.\n"},"wrapKeyIDType":{"type":"string","description":"IDType specifies how the wrapKeyName should be interpreted. \nValues can be:\n * name\n * id\n * alias\n"},"wrappingMethod":{"type":"string","description":"This parameter specifies the wrapping method used to wrap/mac/sign the key material.\nValid values:\n * encrypt\n * mac/sign\n * pbe \n\nIn \"encrypt\", the material of a symmetric key, private key or a certificate can be unwrapped based on\nseveral available parameters. \n\nFor AES Key Wrap with Padding(RFC 5649) or AES Key Wrap(RFC 3394)\nalgorithms, a wrapped symmetric key, private key or a certificate can be unwrapped using an AES wrapping key. For\nunwrapping a symmetric key and importing it, the following parameters are needed:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\" \n * \"padded\"(optional, required if padding not mentioned in \"wrappingEncryptionAlgo\")\n * \"material\" \n\nFor unwrapping a wrapped private key, the following parameters are needed:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(only \"aes/aeskeywrappadding\" allowed) \n * \"material\" \n\nFor unwrapping a wrapped certificate, the following parameters are needed:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(only \"aes/aeskeywrappadding\" allowed) \n * \"padded\"(only true is valid) \n\nAdditionally \"wrapHKDF\" parameters can be set in order to derive a wrapping key for the wrapping algorithm(RFC 5649/3394) \n\nA wrapped symmetric key can be unwrapped with RSA encryption using an RSA private key. \nFor this, the following parameters are needed: \n * \"wrapKeyName\"(RSA private key)\n * \"wrapKeyIDType\"(optional)\n * \"wrapPublicKeyPadding\"\n * \"material\" \n\nFor unwrapping a wrapped RSA private key with RSA AES KWP algorithm using an RSA private key, the following parameters are needed:\n * \"wrapKeyName\"(RSA private key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(set to \"rsa/rsaaeskeywrappadding\")\n * \"wrapRSAAES\"\n * \"material\" \n\n\nIn \"mac/sign\", either MAC or signature will be verified based on type of the key in \"macSignKeyIdentifier\". \nFor MAC operation, the hash algorithm will be inferred from the type of key using the \"macSignKeyIdentifier\" field which has to be an HMAC key. \nThe following parameters are needed for this operation:\n * \"macSignBytes\"\n * \"macSignKeyIdentifier\"\n * \"macSignKeyIdentifierType\"(optional) \n * \"material\" \n\nFor SIGN operation, the key used to verify the signature(\"macSignKeyIdentifier\") has to be an RSA private or public key. \nThe following parameters are needed for this operation:\n * \"macSignBytes\"\n * \"macSignKeyIdentifier\"\n * \"macSignKeyIdentifierType\"(optional)\n * \"signingAlgo\"\n * \"wrappingHashAlgo\" \n * \"material\" \n\nFor \"pbe\" (password based encryption) operation, a wrapped symmetric key, private key or a certificate can be \nunwrapped using the following parameters:\n * \"padded\"(for a symmetric key)\n * \"wrapPBE\" \n * \"material\" \n\n\nAdditionally, if \"includeMaterial\" query parameter is true, and the wrapping parameters are set as per \n\"wrappingMethod\" in export, the wrapped material can be obtained in the \"material\" field in response.\n"},"wrappingEncryptionAlgo":{"type":"string","enum":["AES/AESKEYWRAP","AES/AESKEYWRAPPADDING","RSA/RSAAESKEYWRAPPADDING"],"description":"It indicates the Encryption Algorithm information for wrapping the key.\nFormat is : Algorithm/Mode/Padding. For example : AES/AESKEYWRAP. Here AES is Algorithm, AESKEYWRAP is Mode & Padding is not specified.\nAES/AESKEYWRAP is RFC-3394 & AES/AESKEYWRAPPADDING is RFC-5649. For wrapping private key, only AES/AESKEYWRAPPADDING is allowed.\nRSA/RSAAESKEYWRAPPADDING is used to wrap/unwrap asymmetric keys using RSA AES KWP method. Refer \"WrapRSAAES\" to provide optional parameters.\n"},"wrappingHashAlgo":{"type":"string","description":"This parameter specifies the hashing algorithm used if \"wrappingMethod\" corresponds to \"mac/sign\".\nIn case of MAC operation, the hashing algorithm used will be inferred from the type of HMAC key(\"macSignKeyIdentifier\"). \nIn case of SIGN operation, the possible values are: \n * sha1\n * sha224\n * sha256\n * sha384\n * sha512\n"},"wrapHKDF":{"type":"object","title":"HKDF Wrap Parameters","description":"Information which is used to wrap a Key using HKDF.","properties":{"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF Wrapping.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"},"okmLen":{"type":"integer","description":"The desired output key material length in integer.\n"}}},"wrapPBE":{"type":"object","title":"Password based encryption parameters for generating password based derived keys.","description":"WrapPBE produces a derived key from a password and other parameters like salt, iteration count, hashing algorithm and derived key length. PBE is currently only supported to wrap symmetric keys (AES), private Keys and certificates.","properties":{"hashAlgorithm":{"type":"string","description":"Underlying hashing algorithm that acts as a pseudorandom function to generate derive keys.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512","hmac-sha512/224","hmac-sha512/256","hmac-sha3-224","hmac-sha3-256","hmac-sha3-384","hmac-sha3-512"]},"password":{"type":"string","description":"Base password to generate derive keys. It cannot be used in conjunction with passwordidentifier.\npassword must be in range of 8 bytes to 128 bytes.\n"},"passwordIdentifier":{"type":"string","description":"Secret password identifier for password. It cannot be used in conjunction with password.\n"},"passwordIdentifierType":{"type":"string","description":"Type of the Passwordidentifier. If not set then default value is name.\n","enum":["id","name","slug"]},"salt":{"type":"string","description":"A Hex encoded string.\npbeSalt must be in range of 16 bytes to 512 bytes.\n"},"purpose":{"type":"string","description":"User defined purpose. If specified will be prefixed to pbeSalt.\npbePurpose must not be greater than 128 bytes.\n"},"dklen":{"type":"integer","description":"Intended length in octets of the derived key.\ndklen must be in range of 14 bytes to 512 bytes.\n"},"iteration":{"type":"integer","description":"Iteration count increase the cost of producing keys from a password.\nIteration must be in range of 1 to 1,00,00,000.\n"}}},"wrapRSAAES":{"type":"object","title":"RSA AES KWP parameters","description":"Information which is used to wrap/unwrap asymmetric keys using RSA AES KWP method.\nThis method internally requires AES key size to generate a temporary AES key and RSA padding.\nTo use WrapRSAAES, algorithm \"RSA/RSAAESKEYWRAPPADDING\" must be specified in WrappingEncryptionAlgo.\n","properties":{"aesKeySize":{"type":"integer","description":"Size of AES key for RSA AES KWP. Accepted value are 128, 192, 256.\nDefault value is \"256\".\n"},"padding":{"type":"string","description":"Padding specifies the type of padding scheme that needs to be set when exporting\nthe Key using RSA AES wrap. Accepted values are \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nDefault value is \"oaep256\".\n","enum":["oaep","oaep256","oaep384","oaep512"]}}},"padded":{"type":"boolean","description":"This parameter determines the padding for the wrap algorithm while unwrapping a symmetric key,\n * if \"wrappingMethod\" is \"encrypt\" and the \"wrappingEncryptionAlgo\" doesn't have a mode set\n * if \"wrappingMethod\" is \"pbe\". \n\nIf true, the RFC 5649(AES Key Wrap with Padding) is followed and if false, RFC 3394(AES Key Wrap) is followed for unwrapping the material for the symmetric key. \n\nIf a certificate is being unwrapped with the \"wrappingMethod\" set to \"encrypt\", the \"padded\" parameter has to be set to true. \nThis parameter defaults to false.\n"},"format":{"type":"string","description":"This parameter is used while importing keys ('material' is not empty), and also when returning\nthe key material after the key is created ('includeMaterial' is true).\n\n**For Asymmetric keys:**\n When this parameter is not specified, while importing keys, the format of the material is inferred from the material itself.\n When this parameter is specified, while importing keys, the only allowed format is 'pkcs12', and this only applies\n to the 'rsa' algorithm (the 'material' should contain the base64 encoded value of the PFX file in this case).\n\n When returning the key material, this parameter specifies the format of the returned key material.\n\n*Options:*\n\n- pkcs1\n- pkcs8 (default)\n- pkcs12\n\n**For Symmetric keys:**\n When importing keys if specified, the value must be given according to the format of the material.\n\n When returning the key material, this parameter specifies the format of the returned key material.\n\n *Options:*\n\n- raw \n- opaque \n"},"encoding":{"type":"string","description":"Specifies the encoding used for the 'material' field. This parameter is used :\n * during importing keys when key material is not empty\n * while returning the key material after the key is created ('includeMaterial' is true)\n\nFor wrapping scenarios and PKCS12 format, the only valid option is base64.\nIn case of \"Symmetric Keys\" when 'format' parameter has 'base64' value and 'encoding' parameter also contains some value;\nthe encoding parameter takes the priority. Following are the options for Symmetric Keys:\n","enum":["hex","base64"]},"material":{"type":"string","description":"If set, the value will be imported as the key's material. If not set, new key material will be\ngenerated on the server (certificate objects must always specify the material).\nThe format of this value depends on the algorithm. If the algorithm is\n'aes', 'tdes', 'hmac-*', 'seed' or 'aria', the value should be the hex-encoded bytes of the key material.\nIf the algorithm is 'rsa', and the format is 'pkcs12', it should be the base64 encoded PFX file.\nIf the algorithm is 'rsa' or 'ec', and format is not 'pkcs12', the value should be a PEM-encoded private\nor public key using PKCS1 or PKCS8 format.\nFor a X.509 DER encoded certificate, certType equals 'x509-der' and the material should equal the hex encoded certificate.\nThe material for a X.509 PEM encoded certificate (certType = 'x509-pem') should equal the certificate itself.\nWhen placing the PEM encoded certificate inside a JSON object (as in the playground), be sure to change\nall new line characters in the certificate to the string '\\n'.\n"},"defaultIV":{"type":"string","description":"Deprecated. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request. Refer to Crypto encrypt endpoint for more details. Must be a 16 byte hex encoded string (32 characters long). If specified, this will be set as the default IV for this key."},"unexportable":{"type":"boolean","description":"Key is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable. Defaults to false."},"meta":{"type":"object","description":"Optional end-user or service data stored with the key","properties":{"ownerId":{"type":"string","description":"Optional owner information for the key, required for non-admin. Value should be the user's `user_id`"}}},"state":{"type":"string","description":"Optional initial key state (Pre-Active) upon creation. Defaults to Active. If set,\nactivationDate and processStartDate can not be specified during key creation.\nIn case of import, allowed values are \"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\"\nand \"Destroyed Compromised\". If key material is not specified, it will not be autogenerated if input\nparameters correspond to either of these states - \"Deactivated\", \"Destroyed\", \"Compromised\" and\n\"Destroyed Compromised\". Key in \"Destroyed\" or \"Destroyed Compromised\" state would not have key material even\nif specified during key creation.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"aliases":{"type":"array","description":"Aliases associated with the key. The alias and alias-type must be specified.\nThe alias index is assigned by this operation, and need not be specified.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"publicKeyParameters":{"type":"object","title":"Public Key","description":"Information needed to create a public key.","properties":{"name":{"type":"string","description":"Friendly name of the corresponding public key"},"usageMask":{"type":"integer","description":"Defined in PostKey parameters"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"state":{"type":"string","description":"Optional initial key state (Pre-Active) upon creation. Defaults to Active. If set,\nactivationDate and processStartDate can not be specified during key creation.\n"},"aliases":{"type":"array","description":"Aliases associated with the key. The alias and alias-type must be specified.\nThe alias index is assigned by this operation, and need not be specified.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"unexportable":{"type":"boolean","description":"Key is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable. Defaults to false."}}},"certType":{"type":"string","description":"This specifies the type of certificate object that is being created. Valid values\nare 'x509-pem' and 'x509-der'. At present, we only support x.509 certificates.\nThe cerfificate data is passed in via the 'material' field. The certificate type\nis infered from the material if it is left blank.\n"},"password":{"type":"string","description":"For pkcs12 format, either password or secretDataLink should be specified.\nThis should be the base64 encoded value of the password.\n"},"secretDataLink":{"type":"string","description":"For pkcs12 format, either secretDataLink or password should be specified.\nThe value can be either ID or name of Secret Data.\n"},"secretDataEncoding":{"type":"string","description":"For pkcs12 format, this field specifies the encoding method used for the secretDataLink material.\nIgnore this field if secretData is created from REST and is in plain format.\nSpecify the value of this field as HEX format if secretData is created from KMIP.\n"},"hkdfCreateParameters":{"type":"object","title":"HKDF Create Parameters","description":"Information which is used to create a Key using HKDF.","properties":{"ikmKeyName":{"type":"string","description":"Any existing symmetric key. Mandatory while using HKDF key generation.\n"},"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF. This is required if ikmKeyName is specified, default is hmac-sha256.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"}}},"generateKeyId":{"type":"boolean","description":"If specified as true, the key's keyId identifier of type long is generated. Defaults to false.\n"},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal\nlowercase digits with 4 dashes.\nThis is optional and applicable for import key only.\n- If set, the value is imported as the key's uuid.\n- If not set, new key uuid is generated on the server.\n"},"muid":{"type":"string","description":"Additional identifier of the key.\nThis is optional and applicable for import key only.\n- If set, the value is imported as the key's muid.\n"},"keyId":{"type":"string","description":"Additional identifier of the key. The format of this value is of type long.\nThis is optional and applicable for import key only.\n- If set, the value is imported as the key's keyId.\n"},"id":{"type":"string","description":"This optional parameter specifies the identifier of the key (id).\nIt is used only when creating keys with specific key material. If set, the key's id is set to this value.\n"},"rotationFrequencyDays":{"type":"string","description":"Number of days from current date to rotate the key. It should be greater than or equal to 0. Default is an empty string.\nIf set to 0, rotationFrequencyDays set to an empty string and auto rotation of key will be disabled.\n"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed."},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when the object was first believed to be compromised, if known.\nOnly valid if the revocation reason is CACompromise or KeyCompromise, otherwise ignored.\n"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object entered into the compromised state."},"revocationReason":{"type":"string","description":"The reason the key is being revoked.","enum":["Unspecified","KeyCompromise","CACompromise","AffiliationChanged","Superseded","CessationOfOperation","PrivilegeWithdrawn"]},"revocationMessage":{"type":"string","description":"Message explaining revocation."},"idSize":{"type":"integer","description":"Size of the ID for the key"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. APIs that list keys can use\nlabels to filter the set of matching resources.\n\nA label's key has an optional prefix up to 253 characters followed by a\nforward slash and a required name up to 63 characters. For example,\n`sales.widgets.com/region` is a label key with the prefix\n`sales.widgets.com` and the name `region`, while `region` is a label key\nwithout a prefix.\n\nA label's value may be empty and may be up to 63 characters.\n\nEach part of the label (i.e. the prefix, name, and value) must begin\nand end with an alphanumeric character (a-zA-Z0-9). Characters\ninbetween the beginning and end may contain alphanumeric characters,\ndots (.), dashes (-) and underscores (_).\n\nA Label can be a simple tag by specifying a key with no value\n(e.g. `{ \"critical\": \"\" }`).\n\nHere's a full example showing a name/value pair with prefix, a name/value pair, and a simple tag:\n```\n \"labels\": {\n \"sales.widgets.com/region\": \"noram\",\n \"team\": \"sales\",\n \"critical\": \"\"\n }\n```\n","example":{"region":"noram","team":"sales"}},"assignSelfAsOwner":{"type":"boolean","description":"If set to `true`, the user who is creating the key is set as the key owner. Specify either `assignSelfAsOwner`\nor `ownerId` in the meta, not both. Specifying both in the meta returns an error.\n"}},"example":{"name":"My Encryption Key","usageMask":12,"algorithm":"aes","meta":{"ownerId":"local|1a45d..."},"state":"Pre-Active","deactivationDate":"2018-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z","aliases":[{"alias":"altname1","type":"string"},{"alias":"altname2:keysecure:gemalto:com","type":"uri"}]}}}],"responses":{"201":{"description":"Successful key creation.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"sample RSA key","updatedAt":"2016-12-02T21:23:48.853904312Z","usageMask":12,"meta":{},"version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB-----END PUBLIC KEY-----","objectType\"":"Private Key","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","aliases":[{"alias":"altname1","type":"string","index":0},{"alias":"altname2:keysecure:gemalto:com","type":"uri","index":1}],"links":[{"id":"166997fb-850d-4b1d-af0c-724a5fb13576","type":"publicKey","targetID":"80f3f406-349d-4509-9ad1-5c019fc0a1ee"}],"uuid":"f813745d-3126-4c05-9f09-467619ddff78","muid":"f813745d-3126-4c05-9f09-467619ddff78d1c85c6f-d778-4267-b171-97485147942e","keyId":"2825844310","labels":{"region":"noram","team":"sales"}}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/keys2/{id}":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns information about the key. Does not return the actual key\nmaterial (that is an \"export\", which is a different endpoint).\n\nDefaults to fetching the latest version of the key.\n","tags":["Keys"],"parameters":[{"name":"usageMask","in":"query","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n","type":"integer"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"sample RSA key","updatedAt":"2016-12-02T21:23:48.853904312Z","usageMask":12,"meta":{},"version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","links":[{"id":"166997fb-850d-4b1d-af0c-724a5fb13576","type":"publicKey","targetID":"80f3f406-349d-4509-9ad1-5c019fc0a1ee"}],"uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}},"409":{"description":"Conflict | An existing key has an incompatible usage."}}},"patch":{"summary":"Update","description":"Updates the key properties. This can be used to update the key\nmetadata, change the exportable and deletable properties, activation date,\ndeactivation date, compromise occurance date and revocation reason for the key.\n\nIf you update the `meta` field, and both the current value and the\nupdated value are JSON objects, the fields of the objects will be\nbe merged.\n\nThis operation can be used to add, delete and modify key aliases.\nTo add an alias, pass in the alias and alias-type.\nTo delete an alias, pass the unique index of the alias to be deleted.\nTo modify an alias, pass the index as well as the new values of the alias and alias-type.\n","tags":["Keys"],"parameters":[{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"title":"Update Key","properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"unexportable":{"type":"boolean","description":"Key is not exportable.\n"},"undeletable":{"type":"boolean","description":"Key is not deletable."},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object activation date."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object deactivation date."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object archive date."},"rotationFrequencyDays":{"type":"string","description":"Number of days from current date to rotate the key. It should be greater than or equal to 0. Default is an empty string.\nIf set to 0, rotationFrequencyDays set to an empty string and auto rotation of key will be disabled.\n"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"aliases":{"type":"array","description":"Information needed for adding, modifying or deleting key aliases.\nTo delete a key, just specify its index. To add a key, do not specify the index.\nTo modify a key, specify its index, and the new values of the alias and type.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"muid":{"type":"string","description":"Optional additional identifier of the key.\nIt can be set if not set already.\n"},"keyId":{"type":"string","description":"Optional additional identifier of the key.\nIt can be set if not set already.\n"},"allVersions":{"type":"boolean","description":"To update the group permissions/custom attribute or both in metadata of all versions of the key.\nBy default it is set to false.\nSet to true, only when to update the group/custom attribute or both permissions of all versions of the key.\n"},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks). \n"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. When labels are provided\nthey are merged with the key's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n\nRefer to the schema under `/v1/vault/keys2 POST` for a full description\nof labels.\n","example":{"region":"noram","team":"sales"}}},"example":{"meta":"Sample Metadata","activationDate":"2017-10-02T14:24:37.436073Z","deactivationDate":"2018-10-02T14:24:37.436073Z","processStartDate":"2017-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z","aliases":[{"alias":"modified-altname1","type":"string","index":0},{"alias":"newname3","type":"string"},{"index":1}],"allVersions":false,"usageMask":3}}}],"responses":{"201":{"description":"Successful resource update.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2016-12-02T21:31:30.854924686Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","aliases":[{"alias":"modified-altname1","type":"string","index":0},{"alias":"newname3","type":"string","index":2}],"uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}},"delete":{"summary":"Delete","description":"Deletes a key.","tags":["Keys"],"responses":{"204":{"description":"No Content | Successful deletion of key."}}}},"/v1/vault/keys2/{id}/versions/":{"parameters":[{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List versions","description":"Returns a list of all the versions of a key.","tags":["Keys"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill attempt to include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, supported fields are \"meta\" and \"links\". The server will only include the meta\nattribute in the response if the query parameters includes \"fields=meta\"\n"},{"name":"state","in":"query","type":"string","description":"Filters results to those with matching key state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},{"name":"alias","in":"query","type":"string","description":"Filters results to those with matching aliases. The '?' and '*' wildcard characters or\ncomma separted aliases may be used.\n"},{"name":"linkType","in":"query","type":"string","description":"Filters results to those with matching link types. The '?' and '*' wildcard characters or\ncomma separted link types may be used.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was updated"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2016-12-02T21:31:30.854925Z","usageMask":12,"version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}]}}}}},"post":{"summary":"Create version","description":"Generates a new version of a key with the same keyname, metadata and attributes other than 'material', 'createdAt', and 'updatedAt'.","tags":["Keys"],"parameters":[{"name":"includeMaterial","in":"query","required":false,"description":"Include key bytes in the response. If set to 'false' or not specified, only key meta data is returned.","type":"string"},{"name":"body","in":"body","schema":{"type":"object","title":"Generate New Version","properties":{"material":{"type":"string","description":"If set, the value will be imported as the key's material. If not set, new key material will be\ngenerated on the server. The format of this value depends on the algorithm. If the algorithm is\n'aes', 'tdes', 'hmac-*', 'seed' or 'aria', the value should be the hex-encoded bytes of the key material\nunless format 'base64' is specified, in whcih case the key material is base64-encoded. If the algorithm is\n'rsa' or 'ec', the value should be a PEM-encoded private or public key using PKCS1 or PKCS8 format.\nFor a X.509 DER encoded certificate, certType equals 'x509-der' and the material should equal the hex encoded certificate.\nThe material for a X.509 PEM encoded certificate (certType = 'x509-pem') should equal the certificate itself.\nWhen placing the PEM encoded certificate inside a JSON object (as in the playground), be sure to change\nall new line characters in the certificate to the string '\\n'.\n"},"defaultIV":{"type":"string","description":"Deprecated. This field was introduced to support specific legacy integrations and applications. New applications are strongly recommended to use a unique IV for each encryption request. Refer to Crypto encrypt endpoint for more details. Must be a 16 byte hex encoded string (32 characters long). If specified, this will be set as the default IV for this key."},"wrapPublicKey":{"type":"string","description":"If the algorithm is 'aes','tdes','hmac-*', 'seed' or 'aria', this value will be used to encrypt\nthe returned key material. This value is ignored for other algorithms. Value must be an RSA public\nkey, PEM-encoded public key in either PKCS1 or PKCS8 format, or a PEM-encoded X.509 certificate.\nIf set, the returned 'material' value will be a Base64 encoded PKCS#1 v1.5 encrypted key.\nOnly applicable if 'includeMaterial' is true.\n"},"wrapPublicKeyPadding":{"type":"string","description":"1. wrapPublicKeyPadding specifies the type of padding scheme that needs to be set when importing\nthe Key using the specified wrapkey. Accepted values are \"pkcs1\", \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nand will default to \"pkcs1\" when 'wrapPublicKeyPadding' is not set and 'WrapPublicKey' is set.\n\n2. While creating a new version of a key, wrapPublicKeyPadding parameter should be specified only if 'includeMaterial' is true.\nIn this case, key will get created and in response wrapped material using specified wrapPublicKeyPadding and other\nwrap parameters will be returned.\n"},"wrapKeyName":{"type":"string","description":"1. While creating a new key, If 'includeMaterial' is true, then only the key material will be wrapped with material of the specified key name. The response \"material\"\nproperty will be the base64 encoded ciphertext. This will follow RFC-3394. Defaults to none. For RSA or EC keys it will follow RFC-5649.\n\n2. While importing a key, the key material will be unwrapped with material of the specified key name.\n"},"padded":{"type":"boolean","description":"If set as true, and \"wrapKeyName\" is specified or \"WrappingMethod\" is specified as \"pbe\" will use RFC-5649.\nDefaults to false. Applicable for symmetric keys only.\n"},"wrapKeyIDType":{"type":"string","description":"IDType specifies how the wrapKeyName should be interpreted\nValues can be name,id,alias.\n"},"encoding":{"type":"string","description":"Specifies the encoding used for the 'material' field. This parameter is used:\n * during import of keys when key material is not empty\n * while returning the key material after the key is created ('includeMaterial' is true)\n\nFor wrapping scenarios, the only valid option is base64.\nIn case of \"Symmetric Keys\" when 'format' parameter has 'base64' value and 'encoding' parameter also contains some value;\nthe encoding parameter takes the priority. Following are the options for Symmetric Keys:\n","enum":["hex","base64"]},"format":{"type":"string","description":"The format of the returned key material. It is applicable only if 'includeMaterial' is true. If the algorithm is 'rsa' or 'ec', the value\ncan be 'pkcs1' or 'pkcs8', and defaults to 'pkcs8'. For symmetric keys, the value of 'base64' can be used to indicate the key material\nis base64-encoded; without it, the key material defaults to hex-encoded.\n","enum":["pkcs1","pkcs8"]},"aliases":{"type":"array","description":"Aliases associated with the key. The alias and alias-type must be specified.\nThe alias index is assigned by this operation, and need not be specified.\n","items":{"type":"object","title":"Key Alias","description":"Information needed to create a key alias.","required":["alias"],"properties":{"alias":{"type":"string","description":"An alias for a key name."},"type":{"type":"string","description":"Type of alias (allowed values are string and uri)."},"index":{"type":"integer","description":"Index associated with alias. Each alias within an object has a unique index."}}}},"offset":{"type":"integer","description":"An Offset MAY be used to indicate the difference between the Creation Date and the\nActivation Date of the replacement key. If no Offset is specified, the Activation Date,\nProcess Start Date, Protect Stop Date and Deactivation Date values are copied from the\nexisting key. If Offset is set and dates exist for the existing key, then the dates of the\nreplacement key are set based on the dates of the existing key by adding the offset.\n"},"certType":{"type":"string","description":"This specifies the type of certificate object that is being created. Valid values\nare 'x509-pem' and 'x509-der'. At present, we only support x.509 certificates.\nThe cerfificate data is passed in via the 'material' field. The certificate type\nis infered from the material if it is left blank.\n"},"idSize":{"type":"integer","description":"Size of the ID for the versioned key"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys. When labels are provided\nthey are merged with the key's existing labels.\n\nTo remove a label, set the label's value to `null`.\n```\n \"labels\": {\n \"critical\": null\n }\n```\n\nTo remove all labels, set `labels` to `null`.\n```\n \"labels\": null\n```\n\nRefer to the schema under `/v1/vault/keys2 POST` for a full description\nof labels.\n","example":{"region":"noram","team":"sales"}},"uuid":{"type":"string","description":"Additional identifier of the key. The format of this value is 32 hexadecimal\nlowercase digits with 4 dashes. This is optional and applicable for import key only.\n- If set, the value is imported as the key's uuid.\n- If not set, new uuid is generated on the server.\n"},"muid":{"type":"string","description":"Additional identifier of the key.\nThis is optional and applicable for import key only.\n- If set, the value is imported as the key's muid.\n- If not set, new muid is generated on the server.\n"},"keyId":{"type":"string","description":"Additional identifier of the key. This is optional and applicable for import key only.\n- If set, the value is imported as the key's keyId.\n- If not set, new keyId is generated on the server if the latest version of key has keyID present.\n"}}}}],"responses":{"201":{"description":"Successful key version creation.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"examples":{"application/json":{"id":"13097490-acc2-491c-9d3a-b7fbb699961e","uri":"kylo:kylo:vault:keys:sample-rsa-key-v1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:37:24.597164919Z","name":"sample RSA key","updatedAt":"2016-12-02T21:37:24.597164919Z","usageMask":12,"meta":"Object","myTag":"myValue","version":1,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","aliases":[{"alias":"altname1","type":"string","index":0},{"alias":"altname2:keysecure:gemalto:com","type":"uri","index":1}],"links":[{"id":"5a390c08-7c77-4d54-9527-867478f785f4","type":"publicKey","targetID":"dea1fd9a-c084-42d6-b9f8-76ac4ab760b4"},{"id":"65963066-9c38-4694-85b0-749b768350da","type":"replacementObject","targetID":"0f3333c4-319a-448f-8e97-e6f4367b746a"}],"uuid":"75f471a8-970a-4998-a05e-adfb9ec44dbf","muid":"75f471a8-970a-4998-a05e-adfb9ec44dbfefc19969-f28f-467f-b4dd-0bedb7edbbf7","keyId":"3172642133","labels":{"region":"noram","team":"sales"}}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/keys2/{id}/destroy":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Destroy","description":"Destroys key material of a key.","tags":["Keys"],"responses":{"200":{"description":"Successful destruction of key material.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","destroyDate":"2018-10-11T16:47:05.18131037Z","state":"Destroyed","aliases":[{"alias":"modified-altname1","type":"string","index":0},{"alias":"newname3","type":"string","index":2}],"uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/archive":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Archive","description":"Archives a key, effectively taking it offline. An archived key cannot be used\nor modified. When listing keys, archived keys are omitted from\nthe search results by default.\n\nThe archivedDate will be set to the current time. An error will\nbe returned if the key is not found, or is already archived.\n\nA key may be archived regardless of the key's state.","tags":["Keys"],"responses":{"200":{"description":"Successful key archival.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","archiveDate":"2018-10-11T16:47:05.18131037Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/recover":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Recover","description":"Recovers an archived key, effectively bringing the key back online.\nThe key may then be used or modified as usual.\n\nThe archiveDate will be cleared. An error will be returned if the\nkey is found. If the key is not currently archived, no error is returned:\nthe operation will silently succeed.","tags":["Keys"],"responses":{"200":{"description":"Successful key recovery.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/revoke":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Revoke","description":"Transitions the key to the Deactivated, Compromised, or CompromisedDestroyed\nstate. If the key is revoked with a reason of CACompromised or\nKeyCompromised, the key will transition to either Compromised or\nCompromisedDestroyed state. All other reasons transition the key\nto the Deactivated state.\n\nIf the key transitions to the Deactivated state, the deactivationDate will\nbe set to the current time.\n\nIf the key transitions to the Compromised or CompromisedDestroyed state,\nthe compromiseDate will be set to the current time, and the\ncompromiseOccurrenceDate will be set to either the specified time, or\nto the creation time of the key.\n\nThe revocation reason must be specified. Other parameters are optional.\n\nAn error will be returned if the key is not found, the reason is\ninvalid, the key is archived, or the key is not able to transition to\nthe required state.","parameters":[{"name":"body","in":"body","description":"Specifies the parameters of the revoke operation.\n","schema":{"title":"Revoke Key Parameters","required":["reason"],"properties":{"reason":{"type":"string","description":"The reason the key is being revoked.","enum":["Unspecified","KeyCompromise","CACompromise","AffiliationChanged","Superseded","CessationOfOperation","PrivilegeWithdrawn"]},"message":{"type":"string","description":"Message explaining revocation."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"The time when the compromise occurred, if known.\nOnly valid if the revocation reason is\nCACompromise or KeyCompromise, otherwise ignored.\nDefaults to key's creation time."}}}}],"tags":["Keys"],"responses":{"200":{"description":"Successful key revocation.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/reactivate":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Reactivate","description":"Transitions the key to the Active state (with or without protect stop date) based on the parameters.\n\nIn case of key transition from deactivated to active state, deactivation date and protect stop date will be unset.\nWhereas in case of key transition from deactivated to active with protect stop state, only deactivation date will be unset and protect stop date will be set to the current time.\nSimilarly in case of key transition from active with protect stop to active state, only protect stop date will be unset.\n\nThe reactivation reason must be specified. Other parameters are optional.\n\nAn error will be returned if the key is not found, the reason is\ninvalid, the key is archived, or the key cannot be transitioned to the specified state.","parameters":[{"name":"body","in":"body","description":"Specifies the parameters of the reactivation operation.\n","schema":{"title":"Reactivate Key Parameters","required":["reason"],"properties":{"reason":{"type":"string","description":"The reason the key is being reactivated.","enum":["DeactivatedToActive","ActiveProtectStopToActive","DeactivatedToActiveProtectStop"]},"message":{"type":"string","description":"Message explaining reactivation."}}}}],"tags":["Keys"],"responses":{"200":{"description":"Successful key reactivation.","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Deprecated. Key usage"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"Encoded key"},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample RSA key","updatedAt":"2018-10-11T16:47:05.181373005Z","usageMask":12,"meta":"Object","myTag":"myValue","version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}}}}},"/v1/vault/keys2/{id}/export":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Export","description":"Returns metadata and the material of the latest version of the key matching the given `id` and the JWT's `account` claim.","tags":["Keys"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Export Key","properties":{"combineXts":{"type":"boolean","description":"If set to true, then full material of XTS/CBC-CS1 key will be exported. Defaults to false."},"wrapPublicKeyPadding":{"type":"string","description":"wrapPublicKeyPadding specifies the type of padding scheme that needs to be set when exporting\nthe Key using a public wrapping key. Accepted values are \"pkcs1\", \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nand will default to \"pkcs1\" when 'wrapPublicKeyPadding' is not set.\n(Not used when format is set to \"jwe\".)\n","enum":["pkcs1","oaep","oaep256","oaep384","oaep512"]},"wrapPublicKey":{"type":"string","description":"This parameter specifies the public key used to wrap the key material of the key to be exported. The \nresponse \"material\" property will be the base64 encoded ciphertext. This parameter is valid if the \n\"wrappingMethod\" is \"encrypt\" or \"format\" is \"jwe\". This parameter cannot be passed with \"wrapKeyName\"\nparameter for export with wrapping. \n\nIf wrapping of key material with \"encrypt\" method is desired the key has to be an RSA public key, a \nPEM-encoded public key in either PKCS1 or PKCS8 format, or a PEM-encoded X.509 certificate. If a \nsymmetric key is to be wrapped given a valid \"wrapPublicKey\", the \"wrappingMethod\" must be \"encrypt\". \nIf a RSA private key is to be wrapped using RSA AES KWP method, a valid \"wrapPublicKey\" must pe passed,\n the \"wrappingMethod\" must be \"encrypt\", the \"wrapRSAAES\" parameters should be set and the \n\"wrappingEncryptionAlgo\" should be set to \"RSA/RSAAESKEYWRAPPADDING\".\n\nFor export with format 'jwe', if the algorithm is 'aes','tdes','hmac-*', 'seed', 'aria', 'rsa' or 'ec'\n, the \"wrapPublicKey\" value will be used to encrypt the return key material.\n"},"wrapKeyName":{"type":"string","description":"The key material will be wrapped with material of the specified key name. The \"material\" property in \nthe response will be base64 encoded ciphertext. If the \"wrappingMethod\" field is set to \"encrypt\",\nthen the wrapping key must be an AES key, RSA private key or RSA public key. For the export of symmetric\nkeys with the \"encrypt\" method, the three key types are allowed but for the export of a private key if the\n\"wrapRSAAES\" parameters are not set, the wrapping key has to be an AES key with a size of 256 bits. If\n\"wrapRSAAES\" parameters are set, then the wrapping key has to either be an RSA private or public key. \nYou can set either \"wrapKeyName\" parameter or \"wrapPublicKey\" at a time. The wrapping key should be \nactive with a protect stop date that is not expired.\n\nFor export with format 'jwe',\n- One of wrapPublicKey or wrapKeyName is mandatory\n- wrapKeyName should be public key name that could be used for generation of 'jwe'\n"},"signingAlgo":{"type":"string","description":"This parameter specifies the algorithm used for generating a signature in response as \"macSignBytes\".\nThe \"wrappingMethod\" must equal \"mac/sign\" to generate the signature(\"macSignBytes\") of the key material. \nPossible values are:\n * RSA\n * RSA-PSS\n"},"macSignKeyIdentifier":{"type":"string","description":"This parameter specifies the identifier of the key used for generating the MAC or signature(\"macSignBytes\") of \nthe key whose key material is to be exported. \nThe \"wrappingMethod\" should be \"mac/sign\" to generate the MAC/signature. \nTo generate a MAC, the key should be a HMAC key. \nTo generate a signature, the key should be an RSA private key.\n"},"macSignKeyIdentifierType":{"type":"string","description":"This parameter specifies the identifier of the key used for generating the MAC or signature.\nThe \"wrappingMethod\" should be \"mac/sign\" to generate the mac/signature(\"macSignBytes\") of the key material(\"material\").\nPossible values are:\n * name\n * id\n * alias\n"},"wrapSymmetricKeyName":{"type":"string","description":"Deprecated. Use \"wrapKeyName\" instead."},"wrapKeyIDType":{"type":"string","description":"IDType specifies how the wrapKeyName should be interpreted. \nValues can be:\n * name\n * id\n * alias\n"},"wrappingMethod":{"type":"string","description":"This indicates the method used to wrap/mac/sign the key material.\nValid values:\n * encrypt\n * mac/sign\n * pbe \n\nIn \"encrypt\", the material of a symmetric key, private key or a certificate can be wrapped based on\nseveral available parameters. \nFor AES Key Wrap with Padding(RFC 5649) or AES Key Wrap(RFC 3394)\nalgorithms, a symmetric key, private key or a certificate can be wrapped using an AES wrapping key. \nFor wrapping a symmetric key, the following parameters are required: \n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"\n * \"padded\"(optional, required if padding not mentioned in \"wrappingEncryptionAlgo\"). \n\nFor wrapping a private key, the following parameters are required:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(only \"aes/aeskeywrappadding\" allowed)\n * \"pemWrap\" \n\nFor wrapping a certificate, the following parameters are required:\n * \"wrapKeyName\"(AES key)\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(only \"aes/aeskeywrappadding\" allowed)\n * \"padded\"(only true is valid) \n\nAdditionally \"wrapHKDF\" parameters can be set in order to derive a wrapping key for the wrapping algorithm. \n\nA symmetric key can be wrapped with RSA encryption using an RSA public key, private key or a certificate. \nFor this, the following parameters are required:\n * either \"wrapKeyName\" or \"wrapPublicKey\"\n * \"wrapKeyIDType\"(optional) \n * \"wrapPublicKeyPadding\" \n\nFor wrapping a RSA private key with RSA AES KWP algorithms using an RSA public key, private key or a certificate,\nthe following parameters are required:\n * either \"wrapKeyName\" or \"wrapPublicKey\"\n * \"wrapKeyIDType\"(optional)\n * \"wrappingEncryptionAlgo\"(set to \"rsa/rsaaeskeywrappadding\")\n * \"wrapRSAAES\"\n * \"pemWrap\" \n\nIn \"mac/sign\", either MAC or signature will be calculated based on type of the key in \"macSignKeyIdentifier\". \nThe key to be exported has to be a symmetric key or a private key. \nFor MAC operation, the hash algorithm will be inferred from type of key using the \"macSignKeyIdentifier\" \nfield which has to be an HMAC key. The following parameters are needed for this method:\n * \"macSignKeyIdentifier\" \n * \"macSignKeyIdentifierType\"(optional) \n\nFor SIGN operation, the key used to generate the signature(\"macSignKeyIdentifier\") has to be an RSA \nprivate key. The following parameters are needed for this method:\n * \"macSignKeyIdentifier\"\n * \"macSignKeyIdentifierType\"(optional) \n * \"signingAlgo\"\n * \"wrappingHashAlgo\" \n\nFor \"pbe\" (password based encryption) operation, a symmetric key, private key or a certificate can be \nwrapped using the following parameters:\n * \"padded\"(for a symmetric key)\n * \"pemWrap\"(for a private key)\n * \"wrapPBE\"\n"},"wrappingEncryptionAlgo":{"type":"string","enum":["AES/AESKEYWRAP","AES/AESKEYWRAPPADDING","RSA/RSAAESKEYWRAPPADDING"],"description":"It indicates the Encryption Algorithm information for wrapping the key.\nFormat is : Algorithm/Mode/Padding. For example : AES/AESKEYWRAP. Here AES is Algorithm, AESKEYWRAP is Mode & Padding is not specified.\nAES/AESKEYWRAP is RFC-3394 & AES/AESKEYWRAPPADDING is RFC-5649. For wrapping private key, only AES/AESKEYWRAPPADDING is allowed.\nRSA/RSAAESKEYWRAPPADDING is used to wrap/unwrap asymmetric keys using RSA AES KWP method. Refer \"wrapRSAAES\" to provide optional parameters.\n"},"wrappingHashAlgo":{"type":"string","description":"This parameter specifies the hashing algorithm if \"wrappingMethod\" corresponds to \"mac/sign\".\nIn case of MAC operation, the hash algorithm will be inferred from the type of HMAC key(\"macSignKeyIdentifier\"). \nIn case of SIGN operation, Possible values are:\n * sha1\n * sha224\n * sha256\n * sha384\n * sha512\n"},"pemWrap":{"type":"boolean","description":"If the parameter is set to true, it wraps the PEM encoding of the private key (asymmetric) otherwise, the DER encoding of the key is wrapped. \nOnly valid when private keys (asymmetric) and certificates are to be wrapped for \"mac/sign\" and \"encrypt\" values for \"wrappingMethod\" parameter. \nDefault value: false.\n"},"padded":{"type":"boolean","description":"This parameter determines the padding for the wrap algorithm while exporting a symmetric key, \n * if \"wrappingMethod\" parameter is \"encrypt\" and the \"wrappingEncryptionAlgo\" doesn't have a mode set\n * if \"wrappingMethod\" is \"pbe\". \n\nIf true, the RFC 5649(AES Key Wrap with Padding) is followed and if false, RFC 3394(AES Key Wrap) is followed for wrapping the material for the symmetric key. \n\nIf a certificate is being exported with the \"wrappingMethod\" set to \"encrypt\", the \"padded\" parameter must be set to true. \nThis parameter defaults to false.\n"},"encoding":{"type":"string","description":"Specifies the encoding for the returned key material. \n\nFor wrapping scenarios and PKCS12 format, the only valid option is base64.\nIn case of \"Symmetric Keys\" when 'format' parameter has 'base64' value and 'encoding' parameter also contains some value;\nthe encoding parameter takes the priority. Following are the options for Symmetric Keys:\n","enum":["hex","base64"]},"format":{"type":"string","description":"The format of the returned key material. If the algorithm is 'rsa' or 'ec'. The value can be one of these: \n'pkcs1', 'pkcs8' , 'pkcs12', or 'jwe'. The default value is 'pkcs8'.\nIf algorithm is ‘rsa’ and format is 'pkcs12', the key material will contain the base64-encoded value of the PFX file.\nThe value 'base64' is used for symmetric keys, for which the format of the returned key material is base64-encoded\nif wrapping is applied (i.e., either 'wrapKeyName' or 'wrapPublicKey' is specified),otherwise, the format is hex-encoded,\nunless 'base64' is given.\nIf the \"format\" is 'jwe' then the \"material\" for the symmetric key, asymmetric key or certificate will be wrapped in JWE format.\n\"wrapKeyName\"(should be a public key) or \"wrapPublicKey\" and \"wrapJWE\" parameters are required for 'jwe' format.\nThe value 'opaque' is supported for symmetric keys with 'opaque' format only.\n","enum":["pkcs1","pkcs8","pkcs12","jwe"]},"password":{"type":"string","description":"For pkcs12 format, if the pkcs12passwordLink is not present in the Key (RSA keys), specify either password or secretDataLink.\nThis should be the base64 encoded value of the password.\n"},"secretDataLink":{"type":"string","description":"For pkcs12 format, if the pkcs12passwordLink is not present in the Key (RSA keys), specify either secretDataLink or password.\nThe value can be either ID or name of Secret Data.\n"},"secretDataEncoding":{"type":"string","description":"For pkcs12 format, this field specifies the encoding method used for the secretDataLink material.\nIgnore this field if secretData is created from REST and is in plain format.\nSpecify the value of this field as HEX format if secretData is created from KMIP.\n"},"wrapHKDF":{"type":"object","title":"HKDF Wrap Parameters","description":"Information which is used to wrap a Key using HKDF.","properties":{"hashAlgorithm":{"type":"string","description":"Hash Algorithm is used for HKDF Wrapping.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512"]},"salt":{"type":"string","description":"Salt is an optional hex value for HKDF based derivation.\n"},"info":{"type":"string","description":"Info is an optional hex value for HKDF based derivation.\n"},"okmLen":{"type":"integer","description":"The desired output key material length in integer.\n"}}},"wrapJWE":{"type":"object","title":"JWE Parameters for generating jwe","description":"Information which is used to wrap a Key using JWE. (JWT ID (JTI) provides a unique identifier for the JWT. JTI will be automatically included in JWE if it is available in JWT identity token.)","properties":{"jwtIdentifier":{"type":"string","description":"JWT identifier (JTI) is unique identifier for the JWT used by SFDC for cache key replay detection.\n"},"contentEncryptionAlgorithm":{"type":"string","description":"Content Encryption Algorithm is symmetric encryption algorithm used to encrypt the data , default is AES_256_GCM.\n","enum":["AES_128_CBC_HMAC_SHA_256","AES_192_CBC_HMAC_SHA_384","AES_256_CBC_HMAC_SHA_512","AES_128_GCM","AES_192_GCM","AES_256_GCM"]},"keyEncryptionAlgorithm":{"type":"string","description":"Key Encryption Algorithm is used to encrypt the Content Encryption Key (CEK), default is RSA_OAEP_SHA1.\nAlgorithm should correspond to type of public key provided for wrapping.\n","enum":["RSA1_5","RSA_OAEP_SHA1","RSA_OAEP_SHA256","ECDH_ES","ECDH_ES_AES_128_KEY_WRAP","ECDH_ES_AES_192_KEY_WRAP","ECDH_ES_AES_256_KEY_WRAP"]},"keyIdentifier":{"type":"string","description":"Key identifier to be used as \"kid\" parameter in JWE material and JWE header.\nDefaults to key id.\n"}}},"wrapPBE":{"type":"object","title":"Password based encryption parameters for generating password based derived keys.","description":"WrapPBE produces a derived key from a password and other parameters like salt, iteration count, hashing algorithm and derived key length. PBE is currently only supported to wrap symmetric keys (AES), private Keys and certificates.","properties":{"hashAlgorithm":{"type":"string","description":"Underlying hashing algorithm that acts as a pseudorandom function to generate derive keys.\n","enum":["hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512","hmac-sha512/224","hmac-sha512/256","hmac-sha3-224","hmac-sha3-256","hmac-sha3-384","hmac-sha3-512"]},"password":{"type":"string","description":"Base password to generate derive keys. It cannot be used in conjunction with passwordidentifier.\npassword must be in range of 8 bytes to 128 bytes.\n"},"passwordIdentifier":{"type":"string","description":"Secret password identifier for password. It cannot be used in conjunction with password.\n"},"passwordIdentifierType":{"type":"string","description":"Type of the Passwordidentifier. If not set then default value is name.\n","enum":["id","name","slug"]},"salt":{"type":"string","description":"A Hex encoded string.\npbeSalt must be in range of 16 bytes to 512 bytes.\n"},"purpose":{"type":"string","description":"User defined purpose. If specified will be prefixed to pbeSalt.\npbePurpose must not be greater than 128 bytes.\n"},"dklen":{"type":"integer","description":"Intended length in octets of the derived key.\ndklen must be in range of 14 bytes to 512 bytes.\n"},"iteration":{"type":"integer","description":"Iteration count increase the cost of producing keys from a password.\nIteration must be in range of 1 to 1,00,00,000.\n"}}},"wrapRSAAES":{"type":"object","title":"RSA AES KWP parameters","description":"Information which is used to wrap/unwrap asymmetric keys using RSA AES KWP method.\nThis method internally requires AES key size to generate a temporary AES key and RSA padding.\nTo use WrapRSAAES, algorithm \"RSA/RSAAESKEYWRAPPADDING\" must be specified in WrappingEncryptionAlgo.\n","properties":{"aesKeySize":{"type":"integer","description":"Size of AES key for RSA AES KWP. Accepted value are 128, 192, 256.\nDefault value is \"256\".\n"},"padding":{"type":"string","description":"Padding specifies the type of padding scheme that needs to be set when exporting\nthe Key using RSA AES wrap. Accepted values are \"oaep\", \"oaep256\", \"oaep384\", \"oaep512\",\nDefault value is \"oaep256\".\n","enum":["oaep","oaep256","oaep384","oaep512"]}}}},"example":{"format":"pkcs1","wrapPublicKeyPadding":"pkcs1","wrapPublicKey":"----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC20Df30JsXSSUvUYXYWe5od3ek\nkj6FfAXR51GhcaMvOypImCAT9Mc7majhyLQGQye7cfxo2jK1D4E135d+Pn/w+bdG\n6IFt4NK8+62RFfXmjmYGUU96IEu1XWRmGzTYvrGiQ43SLrCI+erhoV79Qx4dYsOn\n777GltHAVG0ECYCQxQIDAQAB\n-----END PUBLIC KEY-----\n"}}}],"responses":{"200":{"description":"Successful key export.","examples":{"application/json":{"resources":[{"id":"13097490-acc2-491c-9d3a-b7fbb699961e","uri":"kylo:kylo:vault:keys:sample-rsa-key-v1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:37:24.597165Z","name":"sample RSA key","updatedAt":"2016-12-02T21:37:24.597165Z","material":"-----BEGIN PRIVATE KEY-----\nMIICdAIBADALBgkqhkiG9w0BAQEEggJgMIICXAIBAAKBgQDQSuQFFeK1fQBljzL/\nR+zCJc5X3ToLDmD4dQ8Cn+kU21ekjNhtfFoJVSY97ZRh7PzIpMNdYZ+8Ye3nkUWv\nALFmDMIgNAw9nUkDgmh1QtJj9I9zntudLXWjRUSUuzJ2JCNngKY403mphZXmBaGD\n/Zn3hdu1C4qyM+IiblGDnKjCmwIDAQABAoGAEsout6a5xNV56693UkASw5DVhGeY\njNbHOKKWsA3s4MzIozdxbq8BEEZ2JLAB6rOOOiti1FGyLzRGWdVpC9hsKDbcYwR6\nUzgPZHuwQXYFF2oMzs4BNNanaBZXudmQW7l+G2Ek4TsU3sSHT/5WIxq5NZskfnyC\nItWDv+Z+5LTf0MECQQDwV3ruOR3wXjl6G0nT5neRgc2Je0kuW5P0ZXb4Lsg08T+p\nxbvtQkyWhoGHxHG3GibKZhqxPyr6o4ibXVWva/TtAkEA3dzhguidUgsnxvhr8OO4\ndkUJup2FMX6TDPuDjTl9s+E67LCUdQVmOff8q1Mi3bIH+FZa6mBXbwADCWSgFIhs\npwJATT9Qu5CQFtmyD5UFvZ2tgI7/yNhfRQ8aFssl2c7velSv6ZksNa3Bf//rUf/J\nrNgy74qxuZZb8gLtvUHacG96YQJACEG7JssPZ8lAfrgqFDn1WHlzRj2sgk4KnPYT\nTEMyeWpNbheYPs6nokqnXZzndEa24zgbhBN3zYq7kjLrfjghiwJBALFpp8CRUwXR\nEYtQ0gCsSjdYqJOo+dY4nab0eFtJcoemXrSTsC9TyIEs9YMUvXF++L3empa7jCjD\n8bdLNXqGMkA=\n-----END PRIVATE KEY-----","usageMask":12,"meta":"Object","myTag":"myValue","version":1,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQSuQFFeK1fQBljzL/R+zCJc5X\n3ToLDmD4dQ8Cn+kU21ekjNhtfFoJVSY97ZRh7PzIpMNdYZ+8Ye3nkUWvALFmDMIg\nNAw9nUkDgmh1QtJj9I9zntudLXWjRUSUuzJ2JCNngKY403mphZXmBaGD/Zn3hdu1\nC4qyM+IiblGDnKjCmwIDAQAB\n-----END PUBLIC KEY-----","uuid":"75f471a8-970a-4998-a05e-adfb9ec44dbf","labels":{"region":"noram","team":"sales"}}]}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/keys2/{id}/clone":{"parameters":[{"name":"version","in":"query","description":"Specify the key version. Defaults to the latest\nversion. Only valid if the identifier is a key\nname, otherwise version is ignored.","type":"number"},{"name":"type","in":"query","description":"Specify the type of the identifier specified\nby the 'name' option. Must be one of: name, id,\nuri, or alias. If not specified, the type of the\nidentifier is inferred.","type":"string","enum":["name","id","uri","alias"]},{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"includeMaterial","in":"query","required":false,"description":"Include key bytes in the response. If set to 'false' or not specified, only key meta data is returned.","type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Clone","description":"It clones the metadata and the material of the given key identified by id or the combination of name and version, and matching the JWT's `account` claim.\n\nThe state of the new cloned key would always be active. If version is not specified with the key name, the latest version of the key will be cloned.\n\nXTS Keys will be cloned as a pair of two linked keys.\nPrivate keys will be cloned as private and public key pair, if public Key link is available for the private key.\nLinks from the key that is being cloned will not be carry forwarded to the cloned key.\n\nWhile cloning, the key attributes that will be cloned to the new cloned key are :\nMaterial, Algorithm, Usage, Size, Curveid, Unexportable, Undeletable,CertFields, ObjectType, defaultIV, meta.","tags":["Keys"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Clone Key","properties":{"newKeyName":{"type":"string","description":"Key name for the new cloned key."},"meta":{"type":"object","description":"Optional end-user or service data stored with the key"},"idSize":{"type":"integer","description":"Size of the ID for the key"}}}}],"responses":{"200":{"description":"Successful key clone.","examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-aes-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"sample AES key","updatedAt":"2016-12-02T21:23:48.853904312Z","usageMask":12,"meta":{},"version":0,"algorithm":"AES","size":256,"format":"raw","unexportable":false,"undeletable":false,"activationDate":"2017-10-02T14:24:37.436073Z","state":"Active","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/key-policies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List key policies","description":"Returns list of key policies.\n","tags":["Key Policies"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"id","in":"query","type":"string","collectionFormat":"multi","format":"UUID","description":"Filters result to the one with matching ID\n"},{"name":"name","in":"query","type":"string","description":"Name of key policy\n"},{"name":"description","in":"query","type":"string","description":"description of key policy\n"},{"name":"label_selector","in":"query","type":"string","description":"label_selector on which key policy is applied\n"},{"name":"createdAfter","in":"query","type":"string","description":"Time after the key policy is created\n"},{"name":"createdBefore","in":"query","type":"string","description":"Time before the key policy is created\n"},{"name":"permissionsContains","in":"query","type":"string","description":"Permissions applied on a key policy\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2016-12-02T21:23:48.853904312Z","name":"ADPAdmin","label_selector":"environment=dev","description":"Read Permissions","permissions":{"clients":{"ReadKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"groups":{"ReadKey":["Application Data Protection Admins"]},"users":{"ReadKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]}}}}}}}},"post":{"summary":"Create a key policy","description":"Creates a new key policy","tags":["Key Policies"],"parameters":[{"name":"body","in":"body","description":"To create a key policy\n","schema":{"example":{"application/json":{"name":"Sample Key Policy","label_selector":"env=testing","description":"Sample","Permissions":{"clients":{"UseKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"users":{"UseKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]},"groups":{"UseKey":["group1"]}}}},"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}}],"responses":{"201":{"description":"Successful key policy creation.","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"ADPAdmin","label_selector":"environment=dev","description":"Read Permissions","permissions":{"clients":{"ReadKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"groups":{"ReadKey":["Application Data Protection Admins"]},"users":{"ReadKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]}}}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/vault/key-policies/{id}":{"parameters":[{"name":"id","in":"path","description":"The key's name, ID, URI, or alias. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name","required":true,"type":"string"},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get key policy","description":"Returns information about the key policy.\n","responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"ADPAdmin","label_selector":"environment=dev","description":"Read Permissions","permissions":{"clients":{"ReadKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"groups":{"ReadKey":["Application Data Protection Admins"]},"users":{"ReadKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]}}}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the key policy\n","parameters":[{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"example":{"application/json":{"label_selector":"env=dev","description":"Sample","Permissions":{"clients":{"UseKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"users":{"UseKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]},"groups":{"UseKey":["group1"]}}}},"type":"object","title":"Parameters for updating key policies.","description":"update parameters for key policies.","properties":{"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"description":"label_selector on which key policies are applied"}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","title":"Parameters for Creating key policies.","description":"Parameters to be used for creating key policies.","required":["name","label_selector","permissions"],"properties":{"name":{"type":"string","description":"Name of key policy"},"description":{"type":"string","description":"Key policy description"},"permissions":{"type":"object","description":"It contains permissions for users, client and groups","properties":{"clients":{"type":"object","description":"Contains permissions for clients","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"groups":{"type":"object","description":"Contains permissions for groups","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]},"users":{"type":"object","description":"Contains permissions for users","allOf":[{"type":"object","properties":{"ReadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Read Key\n","items":{"type":"string"}},"UseKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Use Key\n","items":{"type":"string"}},"SignWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign with key\n","items":{"type":"string"}},"DecryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Decrypt with key\n","items":{"type":"string"}},"EncryptWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for encrypt with key\n","items":{"type":"string"}},"SignVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Sign verify with key\n","items":{"type":"string"}},"ExportKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Export with key\n","items":{"type":"string"}},"UploadKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for Upload key\n","items":{"type":"string"}},"MACVerifyWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC verify with key\n","items":{"type":"string"}},"MACWithKey":{"type":"array","description":"Contains those identifier of the entities (users, groups or clients) which have permission for MAC with key\n","items":{"type":"string"}}}}]}}},"label_selector":{"type":"string","description":"labels on which key policy applied.'=' and 'in' operator supported only. Also multiple conditions can be combined using ',' example:- env in (test1,test2), test3=test4"}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"ADPAdmin","label_selector":"environment=dev","description":"Read Permissions","permissions":{"clients":{"ReadKey":["5484ed84-76d7-43f2-a43f-5a6e3d81ce42"]},"groups":{"ReadKey":["Application Data Protection Admins"]},"users":{"ReadKey":["local|909caa7f-a2f2-4f5f-a3ee-29a5b5dacd84"]}}}}}}},"delete":{"summary":"Delete","description":"Deletes a key policy.","tags":["Key Policies"],"responses":{"204":{"description":"No Content | Successful deletion of key."}}}},"/v1/vault/key-labels/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List key labels","description":"Returns list of key labels associated with all the keys in a domain\n","tags":["Keys"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"label","in":"query","type":"string","description":"Filters results that match label selector expression. Multiple\nexpressions are not supported. For example, to check if a label\n`{\"region\": \"noram\"}` exists, use `region=noram`. To check if a label\nexists with region not equal to noram, use `region!=noram`.\nAlso to get all labels with a given key `env` just use `env`.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"label":"environment:dev"}}}}}}},"/v1/vault/query-keys/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Query","description":"This operation searches for keys stored on the CipherTrust Manager. The operation is similar to the list operation. The differences are (a) a lot more search parameters can be passed in, and (b) the search parameters are passed in the body of an HTTP POST request instead of being passed as query parameters in a HTTP GET request. Normally, this operation returns a list of keys, secrets, etc., that satisfy the search criteria. When the returnOnlyIDs input parameter is specified as `true`, this operation just returns a list of key IDs.\n","tags":["Keys"],"consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","required":true,"description":"The search filter parameters.","schema":{"type":"object","title":"Search Parameters","description":"Information needed to search for a managed object.","properties":{"skip":{"description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},"limit":{"description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},"returnOnlyIDs":{"type":"boolean","description":"When this is not specified, or set to false, a list of keys is returned.\nWhen this is set to true, a list of key IDs is returned.\n"},"name":{"type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},"id":{"type":"string","format":"UUID","description":"Find the key with a matching ID.\n"},"uri":{"type":"string","description":"Filters results to those with matching uris. The '?' and '*' wildcard characters may be used."},"version":{"type":"integer","description":"Deprecated: Use 'versions'. Filters results to those with matching version. If version is specified as -1, only\nlatest version of the keys is returned. All versions are returned when the version is not specified.\n"},"versions":{"type":"array","description":"Filters results to those with matching versions. If versions is specified as [-1], only latest version of the keys are returned. All versions are returned when the version is not specified.","items":{"type":"integer"}},"algorithm":{"type":"string","description":"Deprecated: Use 'algorithms'. Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used."},"algorithms":{"type":"array","description":"Filters results to those with matching algorithms. The '?' and '*' wildcard characters may be used if only specifying a single value.","items":{"type":"string"}},"size":{"type":"integer","description":"Deprecated: Use 'sizes'. Filters results to those with matching size.\n"},"sizes":{"type":"array","description":"Filters results to those with a matching size.","items":{"type":"integer"}},"curveIDs":{"type":"array","items":{"type":"string"},"description":"Filters results to those with matching elliptic key curve id. Results will match *any*\nof the values.\n"},"states":{"type":"array","items":{"type":"string"},"description":"Filters results to those with matching key state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},"aliases":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching aliases. The '?' and '*' wildcard characters\nmay be used when a single alias is specified.\n"},"linkTypes":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching link types. The '?' and '*' wildcard characters\nmay be used when a single link type is specified. See the links documentation\nfor the various link types.\n"},"usageMask":{"type":"integer","description":"Deprecated: Use 'usageMasks'.\nFilters results to those with matching Cryptographic usage mask. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"usageMasks":{"type":"array","description":"Filters results to those with matching any of the Cryptographic usage masks. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303 (all usage masks including Export).\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n","items":{"type":"integer"}},"metaContains":{"type":"string","format":"JSON","description":"A valid JSON value. Only keys whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},"objectTypes":{"type":"array","items":{"type":"string"},"description":"Filters results to those with any of the matching KMIP object types. The '?' and '*' wildcard characters\nmay be used when a single object type is specified. Valid object types are:\n\"Certificate\", \"Symmetric Key\", \"Public Key\", \"Private Key\", \"Split Key\", \"Secret Data\", \"Opaque Object\".\n"},"sha1Fingerprint":{"type":"string","description":"Deprecated: Use 'sha1Fingerprints'.\nFilters results to those with matching SHA1 fingerprints. The '?' and '*' wildcard characters may be used.\nThis fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n"},"sha1Fingerprints":{"type":"array","description":"Filters results to those with matching one of the SHA1 fingerprints. The '?' and '*' wildcard characters may be used\nfor singular values. This fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\nTo be backward compatible with Classic KeySecure, it is based on ASN.1 representation of PKCS#1 public key.\n","items":{"type":"string"}},"sha256Fingerprint":{"type":"string","description":"Deprecated: Use 'sha256Fingerprints'\nFilters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used.\n"},"sha256Fingerprints":{"type":"array","description":"Filters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used\nfor a single value.\n","items":{"type":"string"}},"neverExported":{"type":"boolean","description":"Find keys with the specified value of the `neverExported` attribute."},"neverExportable":{"type":"boolean","description":"Find keys with the specified value of the `neverExportable` attribute (same as the KMIP `Never Extractable` attribute)."},"unexportable":{"type":"boolean","description":"Find keys with the specified value of the `unexportable` attribute (opposite of the KMIP `Extractable` attribute)."},"revocationReason":{"type":"string","description":"Deprecated: Use 'revocationReasons'. Find keys having the specified value of the `revocationReason` attribute."},"revocationReasons":{"type":"array","description":"Find keys having one of the specified values of the `revocationReason` attribute.","items":{"type":"string"}},"createdBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created\nbefore 1 year, 2 months and 5 days ago.\n"},"createdAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created after 1 year, 2 months\nand 5 days ago.\n"},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys created within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"updatedBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys updated\nbefore 1 year, 2 months and 5 days ago.\n"},"updatedAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys updated within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"activationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"activationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"activationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose activation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"processStartBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"processStartAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"processStartAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose process start date is within 0.5 seconds before or after the specified timestamp. Timestamp\nshould be in RFC3339Nano format.\n"},"protectStopBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"protectStopAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"protectStopAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose protect stop date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano format.\n"},"deactivationBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"deactivationAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"deactivationAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose deactivation date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"destroyBefore":{"type":"string","format":"date-time","description":"Find keys whose destroy date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"destroyAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose destroy date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"destroyAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose destroy date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"archiveBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"archiveAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"archiveAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose archive date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"compromiseOccurranceBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseOccurranceAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseOccurranceAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise occurrance date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"compromiseBefore":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseAfter":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat or a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},"compromiseAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Find keys whose compromise date is within 0.5 seconds before or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat.\n"},"rotationDateReached":{"type":"boolean","description":"- If `rotationDateReached` is set to true then it returns latest version of the keys with rotationDate of latest version <= currentTime.\n- If `rotationDateReached` is set to false then it returns latest version of the keys with rotationDate of latest version > currentTime\n"},"compareIDWithUUID":{"type":"string","description":"- If `compareIDWithUUID` is set to `equal`, then it returns keys whose IDs are equal to their UUIDs.\n- If `compareIDWithUUID` is set to `notequal`, then it returns keys whose IDs are not equal to their UUIDs.\n- The supported values are `equal` and `notequal`.\n- These keys are generally ESG keys used by CTE.\n"},"certFields":{"type":"object","title":"Certificate Fields","description":"Information encapsulated by a certificate.","properties":{"certType":{"type":"string","description":"This specifies the type of the certificate object. Valid values are 'x509-pem' and 'x509-der'.\nThe certificate type is infered from the material when not specified.\n"},"certLength":{"type":"integer","description":"Length of the certificate."},"x509SerialNumber":{"type":"string","description":"Serial number associated with x509 certificate."},"serialNumber":{"type":"string","description":"Certificate serial number (applies to x509 and other certificates)."},"dsalg":{"type":"string","description":"Algorithm used for signing the certificate."},"subjectDNFields":{"description":"Certificate subject's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"subjectANFields":{"description":"Certificate subject's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}},"issuerDNFields":{"description":"Certificate issuer's distinguished name fields.","type":"object","title":"Distinguished Name Fields","properties":{"cn":{"type":"string","description":"Common Name"},"o":{"type":"array","description":"List of organizations","items":{"type":"string"}},"ou":{"type":"array","description":"List of organization units","items":{"type":"string"}},"email":{"type":"array","description":"List of email addresses","items":{"type":"string"}},"c":{"type":"array","description":"List of countries","items":{"type":"string"}},"st":{"type":"array","description":"List of provinces or states","items":{"type":"string"}},"street":{"type":"array","description":"List of street addresses","items":{"type":"string"}},"l":{"type":"array","description":"List of localities","items":{"type":"string"}},"uid":{"type":"array","description":"List of UIDs","items":{"type":"string"}},"sn":{"type":"string","description":"serial number"},"t":{"type":"array","description":"List of titles","items":{"type":"string"}},"dc":{"type":"array","description":"List of domain components","items":{"type":"string"}},"dnq":{"type":"array","description":"List of domain name qualifiers","items":{"type":"string"}}}},"issuerANFields":{"description":"Certificate issuer's alternate name fields.","type":"object","title":"Alternate Name Fields","properties":{"dns":{"type":"array","description":"List of DNS addresses","items":{"type":"string"}},"ipAddress":{"type":"array","description":"List of IP addresses","items":{"type":"string"}},"uri":{"type":"array","description":"List of URIs","items":{"type":"string"}},"emailAddress":{"type":"array","description":"List of email addresses","items":{"type":"string"}}}}}},"labels":{"type":"object","additionalProperties":{"type":"array"},"items":{"type":"string"},"x-nullable":true,"description":"Find keys that match label selector expressions. Multiple values are\nlogically ANDed.\n\nLabel selector expressions:\n- Select keys that have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region=noram\" ]\n ```\n OR with a double equals:\n ```\n [ \"region==noram\" ]\n ```\n- Select keys that do not have the label `{\"region\": \"noram\"}`:\n ```\n [ \"region!=noram\" ]\n ```\n- Select keys that have either `{\"region\": \"noram\"}` or `{\"region\": \"emea\"}`\n ```\n [ \"region in (noram,emea)\" ]\n ```\n- Select keys that do not have `{\"region\": \"noram\"}` nor `{\"region\": \"emea\"}`\n ```\n [ \"region notin (noram,emea)\" ]\n ```\n- Select keys that have the label key `region` (the value may be anything)\n ```\n [ \"region\" ]\n ```\n- Select keys that not have the label key `region`\n ```\n [ \"!region\" ]\n ```\n\nMultiple label selector expressions, logically ANDed:\n- Select keys that have the label `{\"region\": \"noram\"}` but do not have\n `{\"team\": \"sales\"}`\n ```\n [ \"region=noram\", \"team!=sales\" ]\n\n ```\n"},"undeletable":{"type":"boolean","description":"Find keys with the specified value of the `undeletable` attribute."},"permissions":{"type":"array","items":{"type":"string"},"description":"The filter returns only those keys on which the user performing the query has the same permissions as given\nin the query. The permissions are given to a group in the key meta and the group must have the `ReadKey`\npermission. The user performing the query must be a member of the group having those permissions.\nAllowed values are \"EncryptWithKey\", \"DecryptWithKey\", \"MACWithKey\", \"MACVerifyWithKey\", \"SignWithKey\",\n\"SignVerifyWithKey\", \"ReadKey\", \"UseKey\", and \"ExportKey\".\n"}},"example":{"name":"oldkeys*","usageMask":12,"metaContains":"{\"info\":{\"color\":\"red\"}}","aliases":["abc1","yellow"],"size":256,"createdAfter":"2018-11-28T15:19:10Z"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usageMask":{"type":"integer","description":"Cryptographic usage mask"},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was updated"},"objectType":{"type":"string","description":"Type of the object. It is one of\n'Certificate', 'Symmetric Key', 'Public Key', 'Private Key',\n'Split Key', 'Template', 'Secret Data', 'Opaque Object' or 'PGP Key'.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active"},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive"},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived"},"destroyDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object was destroyed"},"compromiseDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time server was notified of the security compromise of the object"},"compromiseOccurrenceDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Reason for revoking the object. It is one of\n'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message for revoking the object"},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Symmetric Key Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Symmetric Key Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"labels":{"type":"object","additionalProperties":{"type":"string"},"x-nullable":true,"description":"Optional key/value pairs used to group keys.\n"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:keys:sample-rsa-key-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"oldkeys1","updatedAt":"2016-12-02T21:31:30.854925Z","usageMask":12,"version":0,"algorithm":"RSA","size":1024,"format":"raw","unexportable":false,"undeletable":false,"publickey":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFWOKyW00XdYRTMbciHRKx615X\nG4LbZWGgOSwub+sHvIYKDU7/MPm+wzWA8oel0S/uiVdUqnpwEL6qkj28KZkxgwSZ\nkRqk7QNpjs1DiW3DmPbL7foGh+iFZdqq/xh4w4Ap5qQJiPUzdGBed/q16eBcqPJp\nLGvm6pFLcgMLpmrkoQIDAQAB\n-----END PUBLIC KEY-----","uuid":"f813745d-3126-4c05-9f09-467619ddff78","labels":{"region":"noram","team":"sales"}}]}}}}}},"/v1/vault/csr":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"CSR","description":"This operation creates a Certificate Signing Request (CSR) if a key identifier is provided. Alternatively,\nit generates a key given the key creation parameters in order to create a CSR. It supports CSR parameters for\nsubject and extensions like key usage, extended key usage and ca basic constraints.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"CSR parameters","schema":{"title":"CSR Request","properties":{"keyID":{"type":"string","description":"Identifier for the private key to be used for creating CSR."},"keyIDType":{"type":"string","description":"Type of the identifier, keyID, for the private key to be used for creating CSR."},"keyVersion":{"type":"integer","description":"Version of the private key, keyID, to be used for creating CSR."},"csrParams":{"type":"object","title":"Parameters for CSR creation","description":"Parameters to be used during creating CSR like the subject, x509 extensions and signature algorithm used.","properties":{"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"emailAddresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPS\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"},"keyUsage":{"type":"array","items":{"type":"string"},"description":"List of names of the permitted key usages added as CSR extensions. Values:\n * digitalSignature\n * contentCommitment\n * keyEncipherment\n * dataEncipherment\n * keyAgreement\n * keyCertSign\n * crlSign\n * encipherOnly\n * decipherOnly\n\nThese keyUsage are allowed for CSR creation.\n"},"extendedKeyUsage":{"type":"array","items":{"type":"string"},"description":"List of names of the permitted extended key usages added as CSR extensions. Values:\n * any\n * serverAuth\n * clientAuth\n * codeSigning\n * emailProtection\n * ipsecEndSystem\n * ipsecTunnel\n * ipsecUser\n * timeStamping\n * ocspSigning\n * microsoftServerGatedCrypto\n * netscapeServerGatedCrypto\n * microsoftCommercialCodeSigning\n * microsoftKernelCodeSigning\n\nThese extendedKeyUsage are allowed for CSR creation.\n"},"signatureAlgorithm":{"type":"string","description":"Signature algorithm used for creating the CSR. sha512WithRSA, sha384WithRSA, sha256WithRSA, sha1WithRSA,\necdsaWithSHA512, ecdsaWithSHA384, ecdsaWithSHA256 and ecdsaWithSHA1 are the permitted values.\n"},"subjectKeyIdentifierHash":{"type":"boolean","description":"If set to true, the Subject Key Identifier extension is set to the hash specified by RFC5280, else\nunset\n"},"isCA":{"type":"boolean","description":"If set, the value of the basic constraints extension value for CA is set to that boolean value and unset\notherwise.\n"},"maxPathLen":{"type":"integer","description":"This parameter is valid only when is CA parameter is set to true and specifies the maximum number of CAs that\ncan appear below this one in a chain. If maxPathLen is -1, pathlen is unset.\n"}}},"keyGenParams":{"type":"object","title":"Parameters for generation of key required for CSR creation","description":"Parameters to be used for creating an asymmetric key to be used for CSR creation.","properties":{"keyName":{"type":"string","description":"Name of key to be generated for CSR creation"},"algorithm":{"type":"string","description":"Algorithm of key to be generated for CSR creation. Permitted values are 'RSA' or 'EC' and defaults to 'RSA'.\n"},"size":{"type":"string","description":"Size of key to be generated for CSR creation. Refer create key API for sizes for EC and RSA keys and their default values.\n"},"curveid":{"type":"string","description":"Cryptographic curve id for elliptic key. Values:\n * secp224r1\n * secp384r1\n * secp521r1\n * prime256v1\nThese curves are allowed for CSR creation.\n"}}}},"example":{"keyGenParams":{"algorithm":"RSA","size":2048},"csrParams":{"cn":"kylo.com","dnsNames":["*.thalesgroup.com","*.thalesgroup.net"],"emailAddresses":["contact@thalesgroup.com"],"ipAddresses":["1.1.1.1"],"names":[{"O":"Thales Group","OU":"RnD","C":"US","ST":"MD","L":"Belcamp"}]}}}}],"responses":{"200":{"description":"Successful CSR creation.","schema":{"type":"object"},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHNMHUCAQAwEzERMA8GA1UEAxMIVGVzdCBDU1IwWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATndOIgsTp7m4bOuixxuAt2XQ3oZqp8th/woAo51z7RiAAGdm7IfB1w\n7uWr8o5PWKBatXIgvPp8hvRWHQPHCfcLoAAwCgYIKoZIzj0EAwIDSAAwRQIgVyvz\nhFGCKV460fNJC0vC48gI268B68Xr6osFoy9Ouw8CIQCWN1LtcyxPIvul3XF1Pj7l\navEeIqDBcfD6VHhbnpO2Ag==\n-----END CERTIFICATE REQUEST-----"}}}}}},"/v1/vault/secrets":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all Secrets. Results can be refined with query params.","tags":["Secrets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill attempt to include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, supported fields are \"meta\" and \"links\". The server will only include the meta\nattribute in the response if the query parameters includes \"fields=meta\"\n"},{"name":"metaContains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only Secrets whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"id","in":"query","type":"string","format":"UUID","description":"Filters results to those with matching IDs. May be specified more than once. Results will match *any*\nof the values.\n"},{"name":"name","in":"query","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},{"name":"dataType","in":"query","type":"string","description":"Filters results to those with matching data types (blob, password, or seed)"},{"name":"uri","in":"query","type":"string","description":"Filters results to those with matching uris. The '?' and '*' wildcard characters may be used."},{"name":"sha1Fingerprint","in":"query","type":"string","description":"Filters results to those with matching SHA1 fingerprints. The '?' and '*' wildcard characters may be used.\nThis fingerprint is truncated and is based on the first 8 bytes of the SHA1 checksum.\n"},{"name":"sha256Fingerprint","in":"query","type":"string","description":"Filters results to those with matching SHA256 fingerprints. The '?' and '*' wildcard characters may be used.\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"objectType","in":"query","type":"string","description":"Type of the object. It is one of 'Secret Data', 'Opaque Object'."},{"name":"state","in":"query","type":"string","description":"Filters results to those with matching Secrets state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\" and \"Destroyed Compromised\".\n"},{"name":"alias","in":"query","type":"string","description":"Filters results to those with matching aliases. The '?' and '*' wildcard characters or\ncomma separted aliases may be used.\n"},{"name":"linkType","in":"query","type":"string","description":"Filters results to those with matching link types. The '?' and '*' wildcard characters or\ncomma separted link types may be used.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usage":{"type":"string","description":"Either FPE or Blob"},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":null,"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","state":"Active"}]}}}}},"post":{"summary":"Create","description":"Creates a new blob, password, or seed secret.","tags":["Secrets"],"parameters":[{"name":"includeMaterial","in":"query","required":false,"description":"Include key bytes in the response. If set to 'false' or not specified, only key meta data is returned.","type":"string"},{"name":"body","in":"body","required":true,"schema":{"title":"Create Secrets","required":["material","dataType"],"properties":{"name":{"type":"string","description":"Friendly name"},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n\nDefaults to 12 (Encrypt, Decrypt).\n\nNot applicable to the following:\n * blob\n"},"dataType":{"type":"string","description":"The type of data the secret represents. Each data type corresponds to a KMIP type.\n * blob - KMIP opaque object\n * password - KMIP secret data password\n * seed - KMIP secret data seed\n"},"material":{"type":"string","description":"The data imported as the secret. The encoding of the data is not specified. If the data cannot be set as a JSON string, such as arbitrary binary data, then the caller should encode the data first (e.g. using base64).\n"},"unexportable":{"type":"boolean","description":"Material is not exportable. Defaults to false.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable. Defaults to false."},"meta":{"type":"object","description":"End-user or service data stored with the secret."},"state":{"type":"string","description":"Initial Secret state (Pre-Active) upon creation. Defaults to Active. If set, activationDate can not be specified during state creation.\nNot applicable to the following:\n * blob\n"},"activationDate":{"type":"string","format":"date","description":"Date/time the Secret Data becomes active.\nNot applicable to the following:\n * blob\n"},"deactivationDate":{"type":"string","format":"date","description":"Date/time the Secret Data becomes inactive"},"idSize":{"type":"integer","description":"Size of the ID for the secret"}},"example":{"name":"My Secret","dataType":"seed","material":"DEADBEEF"}}}],"responses":{"201":{"description":"Created","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"data of the secret"},"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"}}}]},"examples":{"application/json":{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186537995Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186537995Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184291754Z","state":"Active"}}},"409":{"description":"A Secret with the same name already exists.\n"}}}},"/v1/vault/secrets/{id}/export":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"},{"name":"id","in":"path","description":"name (or uuid) of the Secret to export","required":true,"type":"string"}],"post":{"summary":"Export","description":"Returns metadata and the material of the secret matching the given `id`.","tags":["Secrets"],"responses":{"200":{"description":"OK","examples":{"application/json":{"resources":[{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","state":"Active","material":"DEADBEEF"}]}}},"404":{"description":"Secret with that name or id does not exist"},"422":{"description":"Incompatible body and/or parameters"}}}},"/v1/vault/secrets/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns information about the secret. Does not return the actual Secret\nmaterial (that is an \"export\", which is a different endpoint).\n","tags":["Secrets"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of the resource"}}}]},{"properties":{"updatedAt":{"type":"string","format":"date","description":"Date/time the application was updated"}}},{"type":"object","properties":{"usage":{"type":"string","description":"Blob"}}}]},{"type":"object","properties":{"material":{"type":"string","description":"data of the secret"},"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"}}}]},"examples":{"application/json":{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","state":"Active"}}},"409":{"description":"An existing Secret has an incompatible usage\n"}}},"patch":{"summary":"Update","description":"Updates the Secret properties. This can be used to update the secret\nmetadata, change the exportable and deletable properties, activation date,\ndeactivation date, compromise occurance date and revocation reason for the Secret.\n\nIf you update the `meta` field, and both the current value and the\nupdated value are JSON objects, the fields of the objects will be\nbe merged.\n","tags":["Secrets"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"},{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"title":"Update Secrets","properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"},"unexportable":{"type":"boolean","description":"Material is not exportable.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable."},"activationDate":{"type":"string","format":"date","description":"Secret Data activation date."},"deactivationDate":{"type":"string","format":"date","description":"Secret Data deactivation date."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."}},"example":{"revocationReason":"Unspecified","revocationMessage":"My Reason"}}}],"responses":{"201":{"description":"Successful update of Secret.","schema":{"properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"},"unexportable":{"type":"boolean","description":"Material is not exportable.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable."},"activationDate":{"type":"string","format":"date","description":"Secret Data activation date."},"deactivationDate":{"type":"string","format":"date","description":"Secret Data deactivation date."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."}},"example":{"revocationReason":"Unspecified","revocationMessage":"My Reason"}},"examples":{"application/json":{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":true,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","state":"Active"}}}}},"delete":{"summary":"Delete","description":"Deletes a Secret.","tags":["Secrets"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"}],"responses":{"204":{"description":"No Content | Successful deletion of secret."}}}},"/v1/vault/secrets/{id}/destroy":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"},{"name":"id","in":"path","description":"name (or uuid) of the secret to be destroyed","required":true,"type":"string"}],"post":{"summary":"Destroy","description":"Destroys material of a secret.","tags":["Secrets"],"responses":{"200":{"description":"Successful destruction of Secret material","schema":{"properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the Secret"},"unexportable":{"type":"boolean","description":"Material is not exportable.\n"},"undeletable":{"type":"boolean","description":"Object is not deletable."},"activationDate":{"type":"string","format":"date","description":"Secret Data activation date."},"deactivationDate":{"type":"string","format":"date","description":"Secret Data deactivation date."},"compromiseOccurrenceDate":{"type":"string","format":"date","description":"Date/time security compromise of the object was identified"},"revocationReason":{"type":"string","description":"Revocation Reason Code for revoking the object. Required in conjunction with compromiseOccurrenceDate.\nIt is one of 'Key Compromise', 'CA Compromise', 'Unspecified', 'Affiliation Changed',\n'Superseded', 'Cessation of Operation' or 'Privilege Withdrawn'\n"},"revocationMessage":{"type":"string","description":"Revocation message. Optionally used in conjunction with revocationReason."}},"example":{"revocationReason":"Unspecified","revocationMessage":"My Reason"}},"examples":{"application/json":{"id":"7c7b0c9afb88b3e8c3b489b3ae753965391773f8c42e485cd51f698911e79265","uri":"kylo:kylo:vault:secrets:s-2-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-10-10T21:16:36.186538Z","name":"s-2","updatedAt":"2018-10-10T21:16:36.186538Z","usageMask":512,"meta":{"ownerId":"local|38119f31-33d6-40be-915f-683d7e7c16d4"},"dataType":"seed","unexportable":false,"undeletable":false,"objectType":"Secret Data","activationDate":"2018-10-10T21:16:36.184292Z","destroyDate":"2018-10-11T03:46:50.154721Z","state":"Destroyed"}}}}}},"/v1/admin/policies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all policies. Supports standard paging\nquery params. Supports filtering on name. Supports sorting\non name, uri, or createdAt.\n","tags":["Policies"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"name","in":"query","description":"Filter results by policy name. Wildcards are supported.","required":false,"type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Policies are access control rules. They declare a set of\nactions, applied to a set of resources, under an optional set of\nconditions, which are either allowed or not allowed.\n\nPolicies, like other resources, share common properties like `id`,\n`uri`, `name`, etc.\n\n`actions` is a list of permissions.\n\nTBD: link to\ncanonical dictionary of permissions. Operations will require some\nset of the these permissions\n\n`resources` is a list of URI patterns.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"allow":{"type":"boolean"},"effect":{"type":"integer","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"conditions":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsignorescase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"}}}},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, sub-domains will be included while listing domains when this parameter is true.\n"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"bb03e94f-8e64-4915-8844-0ecec73293eb","uri":"asdf-gxO:pers-apitestuser:admin:policies:all","account":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","application":"dev-portal:pers-github-107825:admin:apps:asdf-gxO","devAccount":"dev-portal:pers-github-107825:admin:accounts:pers-github-107825","createdAt":"2015-09-23T02:40:48.163733Z","name":"All","actions":["*"],"resources":["*"],"allow":true,"effect":"allow"}]}}}}},"post":{"summary":"Create","description":"Creates a new policy. \"name\" is the name of the policy. \"allow\" is the effect of the policy, either to\nallow the actions or to deny the actions. \"actions\" is an array of strings, which can contain the \"*\"\nwildcard character. \"resources\" is a list of URI strings, which must be in URI format (*:*:*:*:*). Any of\nthe components of the URI may have a \"*\" wildcard character. If successful, the created policy is returned.\nIf the principalSelector does not include either \"acc\" or \"acct\", then \"acct\" will automatically be added, set\nto the current account.\n","tags":["Policies","Danger"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Create Policy","properties":{"name":{"type":"string"},"allow":{"type":"boolean"},"effect":{"type":"string","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"resources":{"type":"array","items":{"type":"string"}},"actions":{"type":"array","items":{"type":"string"}},"conditions":{"type":"array","items":{"type":"object","title":"Condition","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path, with template variables, which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsignorescase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\nformat: equals|==|equalsignorescase|matches|regex|=~|empty|contains|@>\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"},"negate":{"type":"boolean","description":"reverse the result of `op`"}}}},"obligations":{"type":"array","items":{"type":"object","title":"Obligation","properties":{"type":{"type":"string","format":"a string which defines the obligation.","description":"Obligations have a \"type\", which declares the type of obligation.\nEnsure to use the obligation types which the PEPs understand and know how to fulfill.\n"},"attributes":{"type":"object","format":"A json object.","description":"A JSON object which defines information the PEP might need to fulfill the obligation.\n"}}}},"includeDescendantAccounts":{"type":"boolean","default":false,"description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, this parameter should be set to true in order to include sub-domains while listing domains.\n"}}}}],"responses":{"201":{"description":"Successful policy creation.","schema":{"description":"Policies are access control rules. They declare a set of\nactions, applied to a set of resources, under an optional set of\nconditions, which are either allowed or not allowed.\n\nPolicies, like other resources, share common properties like `id`,\n`uri`, `name`, etc.\n\n`actions` is a list of permissions.\n\nTBD: link to\ncanonical dictionary of permissions. Operations will require some\nset of the these permissions\n\n`resources` is a list of URI patterns.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"allow":{"type":"boolean"},"effect":{"type":"integer","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"conditions":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsignorescase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"}}}},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, sub-domains will be included while listing domains when this parameter is true.\n"}}}]},"examples":{"application/json":{"id":"bb03e94f-8e64-4915-8844-0ecec73293eb","uri":"asdf-gxO:pers-apitestuser:admin:policies:all","account":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","application":"dev-portal:pers-github-107825:admin:apps:asdf-gxO","devAccount":"dev-portal:pers-github-107825:admin:accounts:pers-github-107825","createdAt":"2015-09-23T02:40:48.163733Z","name":"All","resources":["*"],"actions":["*"],"allow":true,"effect":"allow"}}}}}},"/v1/admin/policies/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"\"id\" can be the policy slug, uri, or id.\n","tags":["Policies"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"description":"Policies are access control rules. They declare a set of\nactions, applied to a set of resources, under an optional set of\nconditions, which are either allowed or not allowed.\n\nPolicies, like other resources, share common properties like `id`,\n`uri`, `name`, etc.\n\n`actions` is a list of permissions.\n\nTBD: link to\ncanonical dictionary of permissions. Operations will require some\nset of the these permissions\n\n`resources` is a list of URI patterns.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"allow":{"type":"boolean"},"effect":{"type":"integer","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"conditions":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsignorescase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"}}}},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, sub-domains will be included while listing domains when this parameter is true.\n"}}}]},"examples":{"application/json":{"id":"bb03e94f-8e64-4915-8844-0ecec73293eb","uri":"asdf-gxO:pers-apitestuser:admin:policies:all","account":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","application":"dev-portal:pers-github-107825:admin:apps:asdf-gxO","devAccount":"dev-portal:pers-github-107825:admin:accounts:pers-github-107825","createdAt":"2015-09-23T02:40:48.163733Z","name":"All","actions":["*"],"resources":["*"],"allow":true,"effect":"allow"}}}}},"delete":{"summary":"Delete","tags":["Policies","Danger"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of policy."}}}},"/v1/admin/policy-attachments/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns attached policies. Each resource contains the body of the policy,\nand the principal selector it is attached to. Supports sorting on policy,\nuri, createdAt, jurisdiction, name, or allow. Supports filtering on policy,\nname, and jurisdiction. Wildcards are supported.\n","tags":["Policy Attachments"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"name","in":"query","description":"Filter results by policy name. Wildcards are supported.","required":false,"type":"string"},{"name":"policy","in":"query","description":"Filter results by policy URI.","required":false,"type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["*"],"allow":true,"effect":"allow"}]}}}}},"post":{"summary":"Attach","description":"Attaches a policy to principals. The policy will be applied to all principals whose\nJWT token contains the principal selector. If an attachment\nbetween those two already exists, the call will succeed, but the\nexisting attachment will be returned. \"jurisdiction\" is optional, it will default\nto the current account.\n","tags":["Policy Attachments","Danger"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Attach Policy","required":["policy","principalSelector"],"properties":{"policy":{"type":"string","format":"a policy URI"},"principalSelector":{"type":"object","format":"can contain any subset of an internal JWT body"},"jurisdiction":{"type":"string","format":"an account URI","description":"reserved for future use"}}}}],"responses":{"201":{"description":"Successful policy attachment creation.","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]},"examples":{"application/json":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["*"],"allow":true,"effect":"allow"}}}}}},"/v1/admin/policy-attachments/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","tags":["Policy Attachments"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]},"examples":{"application/json":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["*"],"allow":true,"effect":"allow"}}}}},"delete":{"summary":"Detach","tags":["Policy Attachments","Danger"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of polcy attachment."}}}},"/v1/admin/internal/authorize":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Authorize","tags":["Authorization","Private"],"description":"Post a set of \"operations\", return a code indicating whether\nall the operations are authorized or not for the JWT in the header.\nDetails will include all the policies which applied to the request.\nOperations in the request can use wildcards in the action or resource\nfields. If used, the answer returned may be \"maybe\" if the policy\nservice is not able to determine if applicable policies completely contain\nthe set of actions/resources espressed by the operation.\n","parameters":[{"name":"body","in":"body","schema":{"type":"object","properties":{"operations":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string","format":"string with wildcards"},"resource":{"type":"string","format":"URI or URI mask with wildcards"}}}}},"example":{"operations":[{"action":"*","resource":"ncryptify:gemalto:admin:apps:*"}]}}}],"responses":{"200":{"description":"Successful authorization request.","schema":{"type":"object","properties":{"allowed":{"type":"string","format":"yes, no, or maybe"},"operations":{"type":"array","items":{"type":"object","properties":{"action":{"type":"string"},"resource":{"type":"string"},"allowed":{"type":"string","format":"yes, no, or maybe"},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, this parameter should be set to true in order to include sub-domains while listing domains.\n"},"details":{"type":"object","description":"A map. The keys are the jurisdictions (account URIs) involved in the request. The\nvalue is an object describing the details of the verdict in that jurisdiction.\n","additionalProperties":{"type":"object","properties":{"jurisdiction":{"type":"string","format":"account URI"},"allowed":{"type":"string","format":"yes, no, or maybe"},"allowingPolicies":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}},"denyingPolicies":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"policy":{"type":"string","format":"uri"},"principalSelector":{"type":"object","format":"an subset of the internal JWT body"},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"allow":{"type":"boolean"},"jurisdiction":{"type":"string","format":"account uri"}}}]}}}}}}}}},"example":{"allowed":"maybe","operations":[{"action":"*","resource":"ncryptify:gemalto:admin:apps:ncryptify","allowed":"maybe","details":{"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser":{"jurisdiction":"asdf-gxO:pers-apitestuser:admin:accounts:pers-apitestuser","allowed":"maybe","allowingPolicies":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["read"],"allow":true,"effect":"allow"},"denyingPolicies":{"id":"91b7a91f-ba22-45ce-985b-18fb9932f561","uri":"dev-portal:pers-testingsupport:admin:policy-attachments:91b7a91f-ba22-45ce-985b-18fb9932f561","account":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2015-09-23T02:45:43.980289Z","policy":"dev-portal:pers-testingsupport:admin:policies:mypolicy-yhg","jurisdiction":"dev-portal:pers-testingsupport:admin:accounts:pers-testingsupport","principalSelector":{"acct":"dev-portal:pers-jsmith:admin:accounts:pers-jsmith","user":"dev-portal:pers-github-107825:admin:users:apitestuser"},"name":"All","resources":["*"],"actions":["read"],"allow":false,"effect":"deny"}}}}]}}}}}},"/v1/audit/records":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns 0 or more audit records.","tags":["Records"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"service","in":"query","type":"string","x-nullable":true,"description":"Filters results to specified service., e.g.: kylo\n"},{"name":"message","in":"query","type":"string","x-nullable":true,"collectionFormat":"multi","description":"Filters results on message\n"},{"name":"success","in":"query","type":"string","x-nullable":true,"description":"Filters result based on success status . eg : \"true\"\n"},{"name":"client_ip","in":"query","type":"string","x-nullable":true,"description":"Filters results to specified clientIP value\n"},{"name":"severity","in":"query","type":"string","x-nullable":true,"collectionFormat":"multi","description":"Filters results on severity eg: info, warning\n"},{"name":"source","in":"query","type":"string","x-nullable":true,"description":"Filters result based on source\n"},{"name":"username","in":"query","type":"string","x-nullable":true,"description":"Filters result based on username\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"color":"red"},"message":"the quick fox","service":"admin","requestId":"f47ac10b-58cc-4372-a567-0e02b2c3d479","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Records an audit event. The `message`, `service`, `requestId`, `instanceId`, `instanceTime`, `instanceTz` and `success` post body fields are mandatory. The entire post body will be recorded for possible searching and viewing (functionality to be implemented).","tags":["Records","Private"],"parameters":[{"name":"body","in":"body","description":"Variable data in JSON form to store with record. `message`, `service`, `requestId`, `instanceId`, `instanceTime`, `instanceTz` and `success` are required.","required":true,"schema":{"properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied. Optional, defaults to true."},"details":{"type":"object","description":"Any additional information to include the record. Optional."}},"example":{"message":"the quick fox","service":"admin","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1","details":{"color":"red"}}}}],"responses":{"201":{"description":"Successful audit event creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"color":"red"},"message":"the quick fox","service":"admin","requestId":"f47ac10b-58cc-4372-a567-0e02b2c3d479","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1"}}}}}},"/v1/audit/records/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns an audit record. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"color":"red"},"message":"the quick fox","service":"admin","requestId":"f47ac10b-58cc-4372-a567-0e02b2c3d479","success":true,"username":"admin","severity":"info","clientIP":"10.164.76.56","source":"KS_SJ_node1"}}}}}},"/v1/audit/client-records":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns 0 or more client records. Query parameter 'details' must contain valid JSON.","tags":["Records"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"client","in":"query","type":"string","x-nullable":true,"description":"Filters results to specified client value\n"},{"name":"event","in":"query","type":"string","x-nullable":true,"description":"Filters results to specified event\n"},{"name":"severity","in":"query","type":"string","x-nullable":true,"collectionFormat":"multi","description":"Filters results on severity eg: info, warning\n"},{"name":"client_type","in":"query","type":"string","x-nullable":true,"description":"Filters results on the client type eg: CTE\n"},{"name":"details","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only client records whose 'details' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"event":{"type":"string","description":"The audit message wished to be recorded on the client."},"client_type":{"type":"string","description":"The type of client, typically `CTE`, ..."},"severity":{"type":"string","description":"the severity field in client records as per standard guidelines eg:critical, warning, error, info"},"client":{"type":"string","description":"indicates the real identifier of the client which triggered the event. It can be the Id, name or hostname of the client"},"details":{"type":"object","description":"Additional data included in the client record."},"time_stamp":{"type":"object","description":"the time stamp when the event occured on the client"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"log":"red","mid":"CGA3193I","pid":9414,"args":{"gp":"/opt/ path3"},"message":"Successfully guarded [/opt/path3]","version":"7.0.0.9003","filename":"SecFS_upload_test-client-1.179","hostname":"test-client-1","client_id":"9d94db93-30c5-4e14-96e9-39e280257f61"},"event":"Grd Success","client_type":"CTE","severity":"info","client":"Client1","time_stamp":"2020-06-12 08:40:45.716+00"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/audit/client-records/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns an audit record. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"event":{"type":"string","description":"The audit message wished to be recorded on the client."},"client_type":{"type":"string","description":"The type of client, typically `CTE`, ..."},"severity":{"type":"string","description":"the severity field in client records as per standard guidelines eg:critical, warning, error, info"},"client":{"type":"string","description":"indicates the real identifier of the client which triggered the event. It can be the Id, name or hostname of the client"},"details":{"type":"object","description":"Additional data included in the client record."},"time_stamp":{"type":"object","description":"the time stamp when the event occured on the client"}}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","details":{"log":"red","mid":"CGA3193I","pid":9414,"args":{"gp":"/opt/ path3"},"message":"Successfully guarded [/opt/path3]","version":"7.0.0.9003","filename":"/var/log/client_logs/SecFS_upload_test-client-1.179","hostname":"test-client-1","client_id":"9d94db93-30c5-4e14-96e9-39e280257f61"},"event":"Grd Success","client_type":"CTE","severity":"info","client":"Client1","time_stamp":"2020-06-12 08:40:45.716+00"}}}}}},"/v1/audit/loki/api/v1/query_range":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns 0 or more audit logs. This api is calling Loki to get local node audit logs. See Loki api docs, \"https://grafana.com/docs/loki/latest/api/#get-lokiapiv1query_range\", for syntax and usage.","tags":["Records"],"parameters":[{"name":"start","in":"query","required":false,"type":"string","description":"The start time for the query as a nanosecond Unix epoch. The timestamps can also be written in RFC3339 and RFC3339Nano format, as supported by Go's time package. Defaults to one hour ago."},{"name":"end","in":"query","required":false,"type":"string","description":"The end time for the query as a nanosecond Unix epoch. The timestamps can also be written in RFC3339 and RFC3339Nano format, as supported by Go's time package. Defaults to now."},{"name":"query","in":"query","required":true,"type":"string","description":"The LogQL query to perform. This parameter is required, use {job=\"server_audit_records\"} for basic server audit log query or {job=\"client_audit_records\"} for basic client audit log query."},{"name":"limit","in":"query","required":false,"type":"integer","description":"The max number of entries to return."},{"name":"step","in":"query","required":false,"type":"string","description":"Query resolution step width in duration format or float number of seconds. \"duration\" refers to Prometheus duration string of form [0-9]+[smhdwy]."},{"name":"interval","in":"query","required":false,"type":"string","description":"Only return entries at (or greater than) the specified internval, can be a duration format or float number of seconds. \"duration\" refers to Prometheus duration string of form [0-9]+[smhdwy]."},{"name":"direction","in":"query","required":false,"type":"string","description":"Determines the sort order of logs. Supported values are forward or backward. Defaults to backward."}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"message":{"type":"string","description":"The audit message wished to be recorded."},"service":{"type":"string","description":"The service category for the record, typically `anon`, `keys`, ..."},"requestId":{"type":"string","description":"The unique identifier for tracing a request through the services."},"success":{"type":"boolean","description":"To indicate an event's outcome; true if the event completed or the action was permitted, false if the event errored or the action was denied."},"username":{"type":"string","description":"indicates the kylo user by who the operation/event is done , username is retrived from the JWT"},"severity":{"type":"string","description":"this severity field in records as per standard guidelines, critical,warning, error , info"},"clientIP":{"type":"string","description":"indicates the real clientIP which triggered the event"},"source":{"type":"string","description":"indicates the CipherTrust Manager server name"},"details":{"type":"object","description":"Additional data included in the record."},"principal":{"type":"object","description":"The claims in the authentication token related to the request."}}}]},"examples":{"status":"success","data":{"resultType":"streams","result":[{"stream":{"account":"kylo:kylo:admin:accounts:kylo","filename":"/audit-logs/cm.audit.log","job":"server_audit_records"},"values":[["1644433794613530000","{\"principal\":{\"acc\":\"kylo\",\"acct\":\"kylo:kylo:admin:accounts:kylo\",\"iss\":\"kylo\",\"sub\":\"local|6156717d-9bda-4b90-b509-031dd4b1448f\"},\"details\":{\"auth_domain\":\"\",\"client_id\":\"7b95deda-dc0d-423a-a3e7-b45ccd807403\",\"connection\":\"local_account\",\"domain\":\"\",\"grant_type\":\"password\",\"refresh_token_counts\":{\"labels\":{},\"no_label\":4,\"total\":4},\"refresh_token_id\":\"457c97ee-b5e0-4e02-80bb-ce22f3bd4101\",\"renew_refresh_token\":false,\"user_id\":\"local|6156717d-9bda-4b90-b509-031dd4b1448f\",\"username\":\"admin\"},\"message\":\"Create Token\",\"service\":\"kylo\",\"requestId\":\"392c1588-0597-4f84-a4e7-aefd10e21c00\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"source\":\"ubuntu1804\",\"domain_id\":\"00000000-0000-0000-0000-000000000000\",\"createdAt\":\"2022-02-09T19:09:54.61353Z\",\"account\":\"kylo:kylo:admin:accounts:kylo\",\"id\":\"551eace7-69e6-4b6d-8443-625b9416c2d8\"}"],["1644433458160450000","{\"principal\":{\"acc\":\"kylo\",\"acct\":\"kylo:kylo:admin:accounts:kylo\",\"iss\":\"kylo\",\"sub\":\"local|6156717d-9bda-4b90-b509-031dd4b1448f\"},\"details\":{\"auth_domain\":\"\",\"client_id\":\"24053daa-b7ef-48e5-914c-57094ea00b7a\",\"connection\":\"local_account\",\"domain\":\"\",\"grant_type\":\"password\",\"refresh_token_counts\":{\"labels\":{},\"no_label\":3,\"total\":3},\"refresh_token_id\":\"7e4a5c00-c265-4bf8-a805-1605f9463e52\",\"renew_refresh_token\":false,\"user_id\":\"local|6156717d-9bda-4b90-b509-031dd4b1448f\",\"username\":\"admin\"},\"message\":\"Create Token\",\"service\":\"kylo\",\"requestId\":\"44b4fcb0-03c1-40ab-81ac-f9d53bd4e21d\",\"success\":true,\"username\":\"admin\",\"severity\":\"info\",\"source\":\"ubuntu1804\",\"domain_id\":\"00000000-0000-0000-0000-000000000000\",\"createdAt\":\"2022-02-09T19:04:18.16045Z\",\"account\":\"kylo:kylo:admin:accounts:kylo\",\"id\":\"67b70e6d-3d19-4e01-93da-7bf4f7753c46\"}"]]}],"stats":{"summary":{"bytesProcessedPerSecond":5604120,"linesProcessedPerSecond":10196,"totalBytesProcessed":11542,"totalLinesProcessed":21,"execTime":0.002059556},"store":{"totalChunksRef":0,"totalChunksDownloaded":0,"chunksDownloadTime":0,"headChunkBytes":0,"headChunkLines":0,"decompressedBytes":0,"decompressedLines":0,"compressedBytes":0,"totalDuplicates":0},"ingester":{"totalReached":1,"totalChunksMatched":1,"totalBatches":1,"totalLinesSent":2,"headChunkBytes":11542,"headChunkLines":21,"decompressedBytes":0,"decompressedLines":0,"compressedBytes":0,"totalDuplicates":0}}}}}}}},"/v1/audit/alarm-configs":{"post":{"summary":"Create","description":"Create a configuration to generate alarms for either audit or client records. \nAlarms are generated with the given name, description and severity whenever the chosen record type matches the\ncondition, and the number of records hits a threshold within the given time interval in seconds. Conditions are defined in\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/).\nBoth records and triggered alarms can have one of the following severity levels:\n\n* critical\n* error\n* warning\n* info\n\nWhen no severity or description is defined in alarm configuration, then triggered alarms inherit them from records.\nWhen threshold and time interval is not defined in alarm configuration, then the default values for both will be 0\nand CM will not check for threshold. The interval value should be specified in seconds.\n\nThe following example shows an alarm configuration whose condition is satisfied by the provided record and threshold\nhits (since it is set to 1) so it generates an alarm.\n\nAlarm configuration:\n```\n {\n \"name\": \"RSA key too small\",\n \"source_type\": \"server_record\",\n \"description\": \"RSA key should be 2048 bits or higher\"\n \"severity\": \"critical\",\n \"condition\": \"input.success\\ninput.message == \\\"Create Key\\\"\\ninput.details.algorithm == \\\"RSA\\\"\\ninput.details.size <= 1024\",\n \"threshold\": 1,\n \"interval\" : 10\n }\n```\n* The properties `name`, `source_type`, `description` and `severity` are used to\n populate properties with the same name in the generated alarm.\n* To have alarms triggered from the audit records either omit `source_type` or set it to \"server_record\". To trigger\n an alarm off of a client record then set it to \"client_record\"\n* The `condition` is a set of assertions that must evaluate to true in\n order to generate an alarm. The first assertion `input.success` says\n that given the input document, which is the record, test if the\n record's `success` property is true. See OPA's \n [input document](https://www.openpolicyagent.org/docs/latest/how-does-opa-work/#the-input-document) for more information.\n* The properties `threshold` and `interval` are used to raise alarm if the number of records fetched within a current time interval hits threshold.\n\nMatching record:\n```\n {\n \"id\": \"059015dc-f476-4e56-9b5f-d5e766b5c139\",\n \"uri\": \"kylo:kylo:audit:records:059015dc-f476-4e56-9b5f-d5e766b5c139\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2019-08-09T15:23:44.085148Z\",\n \"message\": \"Create Key\",\n \"service\": \"minerva\",\n \"requestId\": \"735625dd-0673-43fd-8d74-aa1269a34420\",\n \"success\": true,\n \"username\": \"admin\",\n \"details\": {\n \"id\": \"9a0c147806055a5ab6be5215e217e934d740ca8d838cfe61fd1a6a07bd1de242\",\n \"uri\": \"kylo:kylo:vault:keys:mykey-v0\",\n \"name\": \"mykey\",\n \"size\": 1024,\n \"ownerId\": \"local|9e7f69ef-5bb4-4160-a5d1-7ab3fdb605cd\",\n \"algorithm\": \"RSA\",\n \"usageMask\": 3,\n \"objectType\": \"Private Key\"\n },\n \"principal\": {\n \"acc\": \"kylo\",\n \"iss\": \"kylo\",\n \"sub\": \"local|9e7f69ef-5bb4-4160-a5d1-7ab3fdb605cd\",\n \"acct\": \"kylo:kylo:admin:accounts:kylo\"\n }\n }\n```\n\nResulting alarm:\n```\n {\n \"id\": \"00fea201-aaaa-44ef-a97d-723c1bd38147\",\n \"uri\": \"kylo:kylo:alarms:00fea201-aaaa-44ef-a97d-723c1bd38147\",\n \"createdAt\": \"2019-08-08T20:49:01.907543Z\",\n \"createdBy\": \"admin\",\n \"clearedAt\": \"\",\n \"clearedBy\": \"\",\n \"acknowledgAt\": \"\",\n \"acknowledgBy\": \"\",\n \"account\": \" kylo:kylo:admin:accounts:kylo\",\n \"application\": \" ncryptify:gemalto:admin:apps:kylo\",\n \"dev_account\": \" ncryptify:gemalto:admin:accounts:gemalto\",\n \"name\": \"RSA key too small\",\n \"source_type\": \"server_record\",\n \"state\": \"on\",\n \"description\": \"RSA key should be 2048 bits or higher\"\n \"severity\": \"critical\",\n \"service\": \"Kylo\",\n \"source\": \"10.3.201.41\",\n \"details\": {\n \"id\": \"059015dc-f476-4e56-9b5f-d5e766b5c139\",\n \"uri\": \"kylo:kylo:audit:records:059015dc-f476-4e56-9b5f-d5e766b5c139\",\n \"account\": \"kylo:kylo:admin:accounts:kylo\",\n \"application\": \"ncryptify:gemalto:admin:apps:kylo\",\n \"devAccount\": \"ncryptify:gemalto:admin:accounts:gemalto\",\n \"createdAt\": \"2019-08-09T15:23:44.085148Z\",\n \"message\": \"Create Key\",\n \"service\": \"minerva\",\n \"requestId\": \"735625dd-0673-43fd-8d74-aa1269a34420\",\n \"success\": true,\n \"username\": \"admin\",\n \"details\": {\n \"id\": \"9a0c147806055a5ab6be5215e217e934d740ca8d838cfe61fd1a6a07bd1de242\",\n \"uri\": \"kylo:kylo:vault:keys:mykey-v0\",\n \"name\": \"mykey\",\n \"size\": 1024,\n \"ownerId\": \"local|9e7f69ef-5bb4-4160-a5d1-7ab3fdb605cd\",\n \"algorithm\": \"RSA\",\n \"usageMask\": 3,\n \"objectType\": \"Private Key\"\n },\n \"principal\": {\n \"acc\": \"kylo\",\n \"iss\": \"kylo\",\n \"sub\": \"local|9e7f69ef-5bb4-4160-a5d1-7ab3fdb605cd\",\n \"acct\": \"kylo:kylo:admin:accounts:kylo\"\n }\n }\n }\n```\n","tags":["Records"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"required":["name","condition"],"example":{"application/json":{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024","threshold":20,"interval":10}},"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}}],"responses":{"201":{"description":"Successful alarm config creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]},"examples":{"application/json":{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024","id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:audit:records:24aae5e5-b627-4b0e-964a-f48af998ee2b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","updatedAt":"2016-12-01T23:00:10.072423Z","threshold":20,"interval":10}}}}},"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns 0 or more alarm configurations.","tags":["Records"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"source_type","in":"query","type":"string","description":"Filter on alarm configuration source type. Valid values are 'server_record' and 'client_record'"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024","id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:audit:records:24aae5e5-b627-4b0e-964a-f48af998ee2b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","updatedAt":"2016-12-01T23:00:10.072423Z","threshold":20,"interval":10}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/audit/alarm-configs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns an alarm configuration. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]},"examples":{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024","id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:audit:records:24aae5e5-b627-4b0e-964a-f48af998ee2b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","updatedAt":"2016-12-01T23:00:10.072423Z","threshold":20,"interval":10}}}},"patch":{"summary":"Update","description":"Updates an alarm configuration. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","required":true,"schema":{"example":{"application/json":{"source_type":"server_record","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 2048","threshold":30,"interval":15}},"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"allOf":[{"properties":{"severity":{"type":"string","enum":["critical","error","warning","info"],"description":"Alarm severity level"}}},{"type":"object","properties":{"name":{"type":"string","description":"The name of this config. This value will also be used as the name property of the generated alarms."},"source_type":{"type":"string","description":"The source type to trigger an alarm from. Defaults to \"server_record\"","enum":["server_record","client_record"]},"description":{"type":"string","description":"The description of this config which will also be used as the `description` property of the generated alarms when it is set.\nIf it not set, `message` property of the `records` will be used as alarms `description`.\n"},"condition":{"type":"string","description":"The condition is a set of assertions that must evaluate to true\nin order to generate an alarm. It is defined using\n[Open Policy Agent's query language Rego](https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/)\nwhich let's you compose complex rules to evaluate against an\naudit record.\n\nNote: all record properties must be prefixed with `input`\n(e.g. `input.success` or `input.details.size`) because a record\nis the input document in OPA's document model.\n\nExample: generate an alarm when a weak RSA key is created. (All double quotes and newlines must be escaped when inserted as a JSON string.)\n\n```\ninput.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 1024\n```\n"},"threshold":{"type":"integer","description":"The threshold is an integer value which defines the limit for raising alarm by observing the number of records fetched in given time interval.\nIf it is not set then the default value will be 0 and it will not be used for raising alarm.\n"},"interval":{"type":"integer","description":"The interval is an integer value which defines the time interval in seconds and it is used for raising alarms if a threshold hits within this time interval.\n"}}}]}]},"examples":{"name":"RSA key too small","source_type":"server_record","description":"RSA key should be 2048 bits or higher","severity":"critical","condition":"input.success\ninput.message == \"Create Key\"\ninput.details.algorithm == \"RSA\"\ninput.details.size <= 2048","id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:audit:records:24aae5e5-b627-4b0e-964a-f48af998ee2b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","updatedAt":"2016-12-01T23:20:10.072423Z","threshold":20,"interval":10}}}},"delete":{"summary":"Delete","description":"Deletes an alarm configuration. `id` can be either the `id`, `uri` or `slug` returned during record creation.","tags":["Records"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of alarm config."}}}},"/v1/usermgmt/groupmaps/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of groupmaps. Query parameters can be\nused to filter the results. Results are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\n","tags":["Groupmaps"],"parameters":[{"name":"connection_name","in":"query","description":"Filter by the connection name. A * character can be used as a wildcard.\n","required":false,"type":"string"},{"name":"connection_group_name","in":"query","description":"Filter by the connection group name. A * character can be used as a wildcard.\nThis attribute replaces the deprecated `ldap_group_name` attribute.\n","required":false,"type":"string"},{"name":"group_name","in":"query","description":"Filter by the CipherTrust Manager group name. A * character can be used as a wildcard.\n","required":false,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}]}}}}},"post":{"summary":"Create","tags":["Groupmaps"],"parameters":[{"name":"body","in":"body","schema":{"description":"Parameters needed to create a mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Create Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."}}}}],"responses":{"201":{"description":"Successful groupmap creation.","schema":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}},"examples":{"application/json":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}}}}},"/v1/usermgmt/groupmaps/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","type":"string","required":true,"description":"the group map ID, returned when the group map was created"}],"get":{"summary":"Get","tags":["Groupmaps"],"responses":{"200":{"description":"OK","schema":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}},"examples":{"application/json":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","tags":["Groupmaps"],"responses":{"204":{"description":"No Content | Successful deletion of group map."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"The only thing you can update on a groupmap is the CipherTrust Manager group name `group_name`.\n","tags":["Groupmaps"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"description":"Parameters needed to update a mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Update Groupmap","required":["group_name"],"properties":{"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A mapping between a connection group and a local CipherTrust Manager group","type":"object","title":"Groupmap","required":["connection_name","connection_group_name","group_name"],"properties":{"connection_name":{"type":"string","description":"Connection name. This must be an existing connection."},"connection_group_name":{"type":"string","description":"Group within the connection. This attribute replaces the deprecated `ldap_group_name` attribute."},"group_name":{"type":"string","description":"Local CipherTrust Manager group name. This must be an existing group."},"id":{"type":"string","description":"A unique ID associated with the mapping between the connection group and local CipherTrust Manager group."},"created_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was created"},"updated_at":{"type":"string","format":"timestamp","readOnly":true,"description":"when the mapping was last updated"}},"example":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}},"examples":{"application/json":{"connection_name":"ldap_connection","connection_group_name":"ldap_group_name","group_name":"key_secure_group_name","id":"76fddd1e-7a44-417d-9d34-58254c5a96ed","created_at":"2016-12-05T15:13:49.543Z","updated_at":"2016-12-05T15:13:49.543Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Info","description":"Returns the called node's view of the cluster status.","tags":["Cluster"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"nodeID":"a6d995ff-3382-40a9-a04a-7985d8f6f1f5","status":{"code":"r","description":"ready"},"nodeCount":1}}}}},"delete":{"summary":"Delete","description":"Deletes cluster configurations from this node. This node must not be a part of a cluster or is the only member of the cluster.","tags":["Cluster"],"responses":{"204":{"description":"No Content | Successful removal of the node."},"400":{"description":"Bad Request | A node can't remove itself","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Invalid ID","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster/new":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"New","description":"Initializes a new cluster with the called node as the initial member. All cluster members (including this one) must be able to resolve and reach localNodeHost.","tags":["Cluster","Enterprise"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Initialize Cluster","required":["localNodeHost"],"properties":{"localNodeHost":{"type":"string","description":"The hostname or IP of this node. Must be reachable by all nodes in the cluster, including this one."},"localNodePort":{"type":"integer","description":"The port of the node wanting to join, defaults to 5432"},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or public IP of this node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"}}}}],"responses":{"201":{"description":"Successful cluster initialization.","schema":{"type":"string"},"examples":{"application/json":{"nodeID":"a6d995ff-3382-40a9-a04a-7985d8f6f1f5","status":{"code":"r","description":"ready"},"nodeCount":1}}},"400":{"description":"Bad Request | Cluster already created.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster/csr":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create CSR","description":"Generates a new keypair and CSR from the node that wants to join the cluster and returns the CSR. localNodeHost refers to the node that wants to join the cluster.","tags":["Cluster"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Create CSR","required":["localNodeHost"],"properties":{"localNodeHost":{"type":"string","description":"The hostname or IP of the node wanting to join. Must be reachable by all nodes in the cluster, including this one."},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or public IP of this node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"}}}}],"responses":{"201":{"description":"Successful CSR creation.","schema":{"type":"string"},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIBcjCCARcCAQAwgYMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNRDEQMA4GA1UE\nBxMHQmVsY2FtcDEbMBkGA1UECRMSNDY5MCBNaWxsZW5pdW0gRHIuMRAwDgYDVQQK\nEwdHZW1hbHRvMSYwJAYDVQQDDB1EQk1nciBDbHVzdGVyIE5vZGUga3lsbzJfcGdf\nMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJOJAqGnnxzRdlDu2Whu80uLJGVF\nFc4gGDRMaeEOh67mISkiYKyfer/pB+wlYNm+fRfmDS7epBvHxUONi7Wgj3CgMTAv\nBgkqhkiG9w0BCQ4xIjAgMB4GA1UdEQQXMBWBE3N1cHBvcnRAZ2VtYWx0by5jb20w\nCgYIKoZIzj0EAwIDSQAwRgIhAPktHcL4nUPtbzG5zCVKH/S/GH4bce88YWQomDQe\nua5MAiEAhu6vmmLxXuG3bXk1cW59GJPh9BBUjOtyzR7M2rr/5OM=\n-----END CERTIFICATE REQUEST-----\n"}}},"400":{"description":"Bad Request | Cluster already exists.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster/join":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Join","description":"Joins a node into an existing cluster. The cert, cachain and mkek_blob from a POST to /nodes are required. localNodeHost refers to the node wanting to join and memberNodeHost refers to any existing member of the cluster.","tags":["Cluster","Enterprise"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Join Cluster","required":["cert","cachain","localNodeHost","memberNodeHost","mkek_blob"],"properties":{"cert":{"type":"string","description":"The cert issued by the node already in the cluster"},"cachain":{"type":"string","description":"The cachain issued by the node already in the cluster"},"localNodeHost":{"type":"string","description":"The hostname or IP of the node wanting to join"},"localNodePort":{"type":"integer","description":"The port of the node wanting to join, defaults to 5432"},"localNodePublicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or public IP of the node wanting to join.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"memberNodeHost":{"type":"string","description":"The hostname or IP of the existing member of the cluster"},"memberNodePort":{"type":"integer","description":"The port of the existing member of the cluster, defaults to 5432"},"mkek_blob":{"type":"string","description":"Master KEK blob extracted from member to be sent to new node, possibly wrapped with HSM root key. This blob is returned back as part of the CSR sign response"},"blocking":{"type":"boolean","description":"When set to true, cluster join operation will block until finished"}}}}],"responses":{"201":{"description":"Successful cluster join.","schema":{"type":"string"},"examples":{"application/json":{"nodeID":"a6d995ff-3382-40a9-a04a-7985d8f6f1f5","status":{"code":"r","description":"ready"},"nodeCount":2}}},"400":{"description":"Bad Request | Node is already in a cluster.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/cluster/errors":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all the cluster errors.","tags":["Cluster","Enterprise"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}}}}}]}}}}},"/v1/cluster/summary":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Info","description":"Returns the summary of the cluster.","tags":["Cluster"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}}}}}]}}}}},"/v1/nodes":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all the cluster nodes.","tags":["Cluster Nodes"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}}}}}]}}}},"post":{"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Sign CSR Request","required":["csr","newNodeHost"],"properties":{"csr":{"type":"string","description":"The CSR that was issued by the node wanting to join the cluster"},"shared_hsm_partition":{"type":"boolean","description":"When true, wrap the CipherTrust Manager master KEK blob with the HSM root key. This feature will only work if the nodes are using the same HSM or HSM cluster as they would share the same HSM root key. If possible it is recommended to use this feature as it will increase the security of the master KEK during transport"},"newNodeHost":{"type":"string","description":"The hostname or IP of the node wanting to join the cluster"},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or public IP of this node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"}}}}],"summary":"Sign Cert","description":"Signs a CSR on an existing node within the cluster and returns the signed certificate along with CA chain and master KEK blob.\n\nThis call must be made to any existing cluster member.\n","tags":["Cluster Nodes"],"produces":["application/json"],"responses":{"201":{"description":"Sucessful resource creation.","schema":{"type":"string"},"examples":{"application/json":{"cert":"-----BEGIN CERTIFICATE-----\nMIICWDCCAf6gAwIBAgIRAKF31H7269dPEkqFy7C2TjEwCgYIKoZIzj0EAwIwdjEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRswGQYD\nVQQJExI0NjkwIE1pbGxlbml1bSBEci4xEDAOBgNVBAoTB0dlbWFsdG8xGTAXBgNV\nBAMTEERCTWdyIENsdXN0ZXIgQ0EwHhcNMTcwMTI0MTg0NjE4WhcNMjcwMTI0MTg0\nNjE4WjCBgzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxj\nYW1wMRswGQYDVQQJExI0NjkwIE1pbGxlbml1bSBEci4xEDAOBgNVBAoTB0dlbWFs\ndG8xJjAkBgNVBAMMHURCTWdyIENsdXN0ZXIgTm9kZSBreWxvMl9wZ18xMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAE3PXsHIWdDdpIxCE6ckkVg6T+QdFbJ4ndh0UQ\n1HtoUmqDNo4gioHG9FNP1r59aWg1JoKpSyTPsj19/aJ7e9EEE6NfMF0wDgYDVR0P\nAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB\nAf8EAjAAMB4GA1UdEQQXMBWBE3N1cHBvcnRAZ2VtYWx0by5jb20wCgYIKoZIzj0E\nAwIDSAAwRQIgQrPF73bbkJUx4/ekD60F9DIjQXweg1GwLDgD9kzonG4CIQDqLToJ\nMK+sX0CQaRHifi+rYrEEXFksM2tUrio8vUtzhg==\n-----END CERTIFICATE-----\n","cachain":"-----BEGIN CERTIFICATE-----\nMIICLTCCAdSgAwIBAgIRAIGuqyHParpLc/AyDK0kLb8wCgYIKoZIzj0EAwIwdjEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRswGQYD\nVQQJExI0NjkwIE1pbGxlbml1bSBEci4xEDAOBgNVBAoTB0dlbWFsdG8xGTAXBgNV\nBAMTEERCTWdyIENsdXN0ZXIgQ0EwHhcNMTcwMTI0MTgxNjUzWhcNMzcwMTI0MTgx\nNjUzWjB2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUQxEDAOBgNVBAcTB0JlbGNh\nbXAxGzAZBgNVBAkTEjQ2OTAgTWlsbGVuaXVtIERyLjEQMA4GA1UEChMHR2VtYWx0\nbzEZMBcGA1UEAxMQREJNZ3IgQ2x1c3RlciBDQTBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABGuwRSlXglcBIpLz4kQF0ngifNpD3Y1lV7+OQ6pioi8EmZtmaVU2q1jl\nHwFUdS9TQNdt381Bbep1xvNCaWwZL3ujQzBBMA4GA1UdDwEB/wQEAwIBhjAPBgNV\nHRMBAf8EBTADAQH/MB4GA1UdEQQXMBWBE3N1cHBvcnRAZ2VtYWx0by5jb20wCgYI\nKoZIzj0EAwIDRwAwRAIgPFEgfMxslyl208ZpYJezYjksK9K+cj28AN/N2Q3gs70C\nIEZs2HLxg85JxXguUJkEveUDvRhoZm+g64kFmY3KgqyZ\n-----END CERTIFICATE-----\n","mkek_blob":"ZXhhbXBsZSBtYXN0ZXIga2V5IGJsb2IK"}}},"400":{"description":"Bad Request | This node is not in a cluster.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"409":{"description":"Resource confict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/nodes/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns node information for the given node.","tags":["Cluster Nodes"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the node properties. This method can be used to update the public address of the node.","tags":["Cluster Nodes"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"The node properties to change.","schema":{"type":"object","title":"Update node","properties":{"publicAddress":{"type":"string","description":"The public address of the node. Specify an empty string to clear existing value."}},"example":{"publicAddress":"node5.example.com"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Removes given node from the cluster. This API call must be made to a node other than the one being removed. Once removed, a node can be re-joined by making the Cluster Delete API call from that node.","tags":["Cluster Nodes"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful removal of the node."},"400":{"description":"Bad Request | A node can't remove itself","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/nodes/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Delete","description":"Removes given node from the cluster. This API call must be made to a node other than the one being removed. Once removed, a node can be re-joined by making the Cluster Delete API call from that node.","tags":["Cluster Nodes"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Delete Node","required":["force"],"properties":{"force":{"type":"boolean","description":"With force set to false the node deletion is replicated across the cluster. This is similar to the DELETE operation.\nWith force set to true the given node is deleted only on the local node, and delete must be called with force set to true on\nall remaining cluster nodes. Force delete is required only if majority of nodes are unavailable at the time of\nremoving a node from the cluster.\n"}}}}],"responses":{"204":{"description":"No Content | Successful removal of the node."},"400":{"description":"Bad Request | A node can't remove itself","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/backups":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Start a Backup","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain.\n\nFollowing resources of CCKM are in tech-Preview for domain backup-restore:\n- Google EKM Endpoints\n- Projects\n- Cryptospaces\n"},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the backup can only be restored to instances that use the same HSM partition.\nValid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup,\nand is returned while retrieving the backup information, or while listing backups.\nFor example, users can include a backup name or description, or the ID of the HSM the backup is tied to.\n"}}}}],"summary":"Create","description":"Starts a new asynchronous backup.","tags":["Backups/Backup-Restore"],"responses":{"201":{"description":"Successful backup creation.","schema":{"type":"string"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","createdAt":"2017-01-24T21:46:48.219287427Z","status":"In Progress","tiedToHSM":false,"backupKey":"0afa3896-0c2f-4b2f-936c-2b7407a5c072","productVersion":"v1.10.0-beta1.4242"}}}}},"get":{"summary":"List","description":"Returns a list of all backups.","tags":["Backups/Backup-Restore"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"scope","in":"query","type":"string","description":"Backup scope - system or domain."}],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"skip":0,"limit":2,"total":2,"resources":[{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","createdAt":"2017-01-24T21:46:48.219287427Z","status":"Completed","tiedToHSM":true,"backupKey":"0afa3896-0c2f-4b2f-936c-2b7407a5c072","productVersion":"v1.10.0-beta1.4242"},{"scope":"domain","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"cc8888e8-4eb8-4744-aa55-d1a809a90796","createdAt":"2020-02-04T21:48:48.219287427Z","status":"Completed","tiedToHSM":false,"backupKey":"0afa3896-0c2f-4b2f-936c-2b7407a5c072","productVersion":"v1.10.0-beta1.4242"}]}}}}}},"/v1/backups/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns info for a specific backup based on the id.","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","createdAt":"2017-01-24T21:46:48.219287427Z","status":"Completed","tiedToHSM":false,"backupKey":"0afa3896-0c2f-4b2f-936c-2b7407a5c072","productVersion":"v1.10.0-beta1.4242"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}},"delete":{"summary":"Delete","description":"Deletes a specific backup based on the id.","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"204":{"description":"No Content | Successful removal of the backup.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"summary":"Download","x-interactive":false,"description":"Downloads a specific backup based on the id to a file.","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/scp/public-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the public key for the SCP connection.\nUser must upload it to the destination machines authorized keys in the \"/home/user/.ssh/\" directory.\n","tags":["Backups/SCP Backup"],"responses":{"200":{"description":"OK.","schema":{"type":"string"},"examples":{"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDiBnZfS+7NfNiRJIawBC/JxByHPYsjiOkF+uQ2wVPBVY1uHKVeRJxMb//GXu0xfqHD7RWDifJsnv4wkerBFOo9zrh4xdmCpraKP3cpNLYwud9uD/+FH5dOoTsb6UJ7g3dwUPsSHXVbzhWOvKtus1Hx3PDCpwcibYsCt/jhJSpYf4mY2W6q1ma+Pb6fsb6JtT/Zu/l6FD/n9W9StnE/wF2ideOpk9X1Ylm4tGd8uGvA/5ZjmZdAH3wx+AWRtdrGJkKfKWcjRAQiyas9iRXztkcnbTsVztqvckAnjVIRSboYeUcccqAnLRSnIbpWGMfolyqqrCUaok/gldsUfQJvUpfkCX89nXByVPIMvKaycOfRaqklJta+t==":null}},"404":{"description":"Resource not found."}}}},"/v1/scp/public-key/rotate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"POST","description":"Rotates the public key for the SCP connection. This will break SCP operation, if any, in database_backup scheduler.\nUser must upload the new key to the destination machines authorized keys in the \"/home/user/.ssh/\" directory.\n","tags":["Backups/SCP Backup"],"responses":{"201":{"description":"OK.","schema":{"type":"string"},"examples":{"success":true}},"404":{"description":"Resource not found."}}}},"/v1/backups/{id}/scp":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"parameters":[{"name":"body","in":"body","schema":{"allOf":[{"type":"object","allOf":[{"type":"object","required":["host","username","auth_method","path_to"],"properties":{"host":{"type":"string","description":"Hostname or FQDN of remote machine used for SCP operation."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}},{"type":"object","description":"Sensitive parameters specific to a SCP connection.","required":["public_key"],"properties":{"password":{"type":"string","description":"Password for SCP."},"public_key":{"type":"string","description":"Public key for SCP. It will be used to verify the host's identity by verifying key fingerprint. It can be retrieved from \"/etc/ssh/\" of remote host machine."}}}]}]}}],"summary":"SCP","description":"Initiates a secure copy of the specified backup to the host machine.\nThe status of the secure copy can be checked using the scp-status API.\nOnly system backups are supported.\n","tags":["Backups/SCP Backup"],"produces":["application/json"],"responses":{"202":{"description":"Successful SCP of a backup.","schema":{"type":"string"},"examples":{"application/json":{"id":"3ab568fb-3f43-4d99-ad77-9e13df5c376d","uri":"kylo:kylo:scp:backups:3ab568fb-3f43-4d99-ad77-9e13df5c376d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-05-16T17:23:13.706771675Z","updatedAt":"2021-05-16T17:23:13.703198137Z","connection_status":"in_progress"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/scp/{connection_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"connection_id","in":"path","description":"Name or ID of the SCP connection which stores the details for SCP server.\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"connection_id","in":"path","description":"Name or ID of the SCP connection which stores the details for SCP server.\n","required":true,"type":"string"}],"summary":"SCP","description":"Initiates a secure copy of the specified backup to the host machine. The host information is retrieved from the specified scp connection.\nThe status of the secure copy can be checked using the scp-status API.\nOnly system backups are supported.\n","tags":["Backups/SCP Backup"],"produces":["application/json"],"responses":{"202":{"description":"Successful SCP of a backup.","schema":{"type":"string"},"examples":{"application/json":{"id":"3ab568fb-3f43-4d99-ad77-9e13df5c376d","uri":"kylo:kylo:scp:backups:3ab568fb-3f43-4d99-ad77-9e13df5c376d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-05-16T17:23:13.706771675Z","updatedAt":"2021-05-16T17:23:13.703198137Z","connection_status":"in_progress"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/scp-status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"summary":"Recent SCPs status of the provided backup","description":"Gets the recent status of the SCPs of a specific backup based on the id.","tags":["Backups/SCP Backup"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":[{"id":"60b3ccef-0658-4e59-86cf-b4d81998d2d6","host":"54.147.179.159","connection_status":"completed","createdAt":"2021-05-26T10:10:43.895088892Z","updatedAt":"2021-05-26T10:10:57.305288048Z"},{"id":"57b2e4cc-e530-4ed0-816f-77fcd142096d","host":"54.147.179.159","connection_status":"completed","createdAt":"2021-05-26T10:15:27.998122254Z","updatedAt":"2021-05-26T10:16:03.695139245Z"}]}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/scp-status/{scp_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"scp_id","in":"path","description":"SCP id is used to determine the status of\nasynchronous SCP process.\n","required":true,"type":"string"}],"get":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"scp_id","in":"path","description":"SCP id is used to determine the status of\nasynchronous SCP process.\n","required":true,"type":"string"}],"summary":"SCP Status","description":"Gets the status of the backup transferred via SCP of a given backup id.","tags":["Backups/SCP Backup"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"id":"3ab568fb-3f43-4d99-ad77-9e13df5c376d","uri":"kylo:kylo:scp:backups:3ab568fb-3f43-4d99-ad77-9e13df5c376d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-05-16T17:23:13.706771675Z","updatedAt":"2021-05-16T17:23:13.703198137Z","connection_status":"completed"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backups/{id}/restore":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Start Restoring a Backup","properties":{"force":{"type":"boolean","description":"If false, version check is performed to prevent restoring backups from a newer release or an too old release; if true, no version check is performed."}}}}],"summary":"Restore","description":"Restores a specific backup based on the id.","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"200":{"description":"Successful restore of a backup.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}},"409":{"description":"Version check prevented restoring a backup.","schema":{"type":"string"}}}}},"/v1/uploadBackup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"scope","required":false,"in":"query","type":"string","description":"Scope of the backup or backup key - system (default) or domain. Scope must be specified for a domain scoped backup.\n"},{"name":"chunked","required":false,"in":"query","description":"When set to `true`, indicates that the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"start","required":false,"in":"query","description":"Set to `true` for the first chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"done","required":false,"in":"query","description":"Set to `true` for the last chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"uploadID","required":false,"in":"query","description":"This parameter is used when the file is uploaded in multiple chunks.\nFor the first chunk request, when upload_start is `true`, you can set an upload ID via this parameter.\nIf an upload ID is not set in the first chunk request, an upload ID is assigned and returned in the response.\nThe upload ID is required as a query parameter for the remaining chunk requests.\n","type":"string"}],"summary":"Upload","x-interactive":false,"description":"Uploads a backup file. A backup file can be uploaded via a single HTTP request, or in multiple requests.\nMultiple (chunked) requests are useful when the backup file is large enough that a single request would make the JWT expire\nbefore the upload is complete. The body of the HTTP request contains the data from the file.\nQuery parameters are used to chunk the backup.\n","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"201":{"description":"Successful upload of a backup","schema":{"type":"string"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"v0.0.1","id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","createdAt":"2017-01-24T21:46:48.219287427Z","status":"Ready"}}}}}},"/v1/backupStatus":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Gets the status of an last asynchronous backup operation (create or restore).","tags":["Backups/Backup-Restore"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","operation":"Backup restore","id":"ba97c7b6-216d-4b23-b42f-d30c28d6827b","started":"2018-05-25T18:08:26.17540688Z","finished":"2018-05-25T18:09:03.677208895Z","status":"Completed"}}}}}},"/v1/backupkeys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create a backup key to encrypt backup files.","tags":["Backup Keys"],"produces":["application/json"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Create a backup key","properties":{"scope":{"type":"string","description":"Scope of the backup key - system (default) or domain.\nDomain scope must be specified for the key to be used with a domain scoped backup.\n"},"isDefault":{"type":"boolean","description":"Set this backup key as default. The default backup key cannot be deleted."}}}}],"responses":{"201":{"description":"Successful backup key creation.","schema":{"type":"string"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"1","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":false}}}}},"get":{"summary":"List","description":"Returns a list of all backup keys","tags":["Backup Keys"],"parameters":[{"name":"scope","in":"query","type":"string","description":"Backup scope - system or domain."},{"name":"default","in":"query","type":"boolean","description":"Set to true to return only the default backup key."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"properties":{"scope":{"type":"string","description":"Scope of the backup key - system or domain\n"},"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource\n"},"version":{"type":"string","description":"The version of the key\n"},"createdAt":{"type":"string","format":"date-time","description":"Date/time the key was created\n"},"state":{"type":"string","description":"Usability of the key - active or inactive\n"},"isDefault":{"type":"boolean","description":"Is default key of the system; The default backup key cannot be deleted\n"}}},"examples":{"application/json":{"skip":0,"limit":2,"total":2,"resources":[{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"1","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":true,"state":"active"},{"scope":"domain","account":"kylo:kylo:admin:accounts:kylo","version":"3","id":"9d3b78a8-399b-2640-6499-36af4939de82","createdAt":"2020-02-14T15:52:15.083533997Z","isDefault":true,"state":"active"}]}}}}}},"/v1/backupkeys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns info of a specific backup key based on the id.","tags":["Backup Keys"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"properties":{"scope":{"type":"string","description":"Scope of the backup key - system or domain\n"},"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource\n"},"account":{"type":"string","format":"URI","description":"The account which owns this resource\n"},"version":{"type":"string","description":"The version of the key\n"},"createdAt":{"type":"string","format":"date-time","description":"Date/time the key was created\n"},"state":{"type":"string","description":"Usability of the key - active or inactive\n"},"isDefault":{"type":"boolean","description":"Is default key of the system; The default backup key cannot be deleted\n"}}},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"1","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":false,"state":"active"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}},"delete":{"summary":"Delete","description":"Deletes a specific backup key based on the id. Default backup key can not be deleted.","tags":["Backup Keys"],"produces":["application/json"],"responses":{"204":{"description":"No Content | Successful removal of the backup key.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backupkeys/{id}/default":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Default","description":"Set a specific backup key as default based on the id.","tags":["Backup Keys"],"produces":["application/json"],"responses":{"201":{"description":"Successful resource update.","schema":{"type":"string"},"examples":{"application/json":{"scope":"system","account":"kylo:kylo:admin:accounts:kylo","version":"3","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":true}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/backupkeys/{id}/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"parameters":[{"name":"body","in":"body","description":"Parameters `password` and optionally `passwordHint` to encrypt the backup key.","schema":{"type":"object","required":["password"],"properties":{"password":{"type":"string","description":"The password used to encrypt the backup key."},"passwordHint":{"type":"string","description":"The password hint that is stored as the key metadata."}}}}],"summary":"Download","x-interactive":false,"description":"Downloads a specific backup key by its id and encrypting it with the given password.","tags":["Backup Keys"],"produces":["text/plain"],"responses":{"201":{"description":"Successful download of a backup key.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}},"422":{"description":"Validation error."}}}},"/v1/backupkeys/upload":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"body","in":"body","description":"The `key` value is the downloaded backup key. The `password` value decrypts the backup key.","schema":{"type":"object","required":["password","key"],"properties":{"key":{"type":"string","description":"The encrypted backup key (in base64 encoded form)."},"password":{"type":"string","description":"The password used to encrypt the backup key."}}}}],"summary":"Upload","x-interactive":false,"description":"Uploads a backup key.","tags":["Backup Keys"],"produces":["application/json"],"responses":{"201":{"description":"Successful backup key upload.","schema":{"type":"object"},"examples":{"application/json":{"account":"kylo:kylo:admin:accounts:kylo","version":"3","id":"8c3b78a8-299b-4640-9499-36af4939de80","createdAt":"2017-05-26T15:52:15.083533997Z","isDefault":false}}}}}},"/v1/migrations":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"parameters":[{"name":"chunked","required":false,"in":"query","description":"When set to `true`, indicates that the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"start","required":false,"in":"query","description":"Set to `true` for the first chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"done","required":false,"in":"query","description":"Set to `true` for the last chunk request, when the file is uploaded in multiple chunks.\n","type":"boolean","default":false},{"name":"uploadID","required":false,"in":"query","description":"This parameter is used when the file is uploaded in multiple chunks.\nFor the first chunk request, when upload_start is `true`, you can set an upload ID via this parameter.\nIf an upload ID is not set in the first chunk request, an upload ID is assigned and returned in the response.\nThe upload ID is required as a query parameter for the remaining chunk requests.\n","type":"string"},{"name":"description","in":"query","type":"string","required":false,"description":"A description of the KeySecure Classic or DSM backup file.\nIf provided, it is stored in the file metadata. It can be read via the GET or LIST APIs.\n"},{"name":"passwordHint","in":"query","required":false,"type":"string","description":"Hint to the password needed for decrypting a KeySecure Classic backup file.\nIf provided, it is stored in the file metadata. It can be read via the GET or LIST APIs.\n"},{"name":"checksum","in":"query","required":false,"type":"string","description":"The SHA256 checksum of the file.\nIf provided, the server validates the SHA256 checksum of the uploaded file with this value.\n"}],"summary":"Upload","x-interactive":false,"description":"Upload a 'KeySecure Classic' or DSM backup file to the device.\nThe backup file can be uploaded via a single http request, or in multiple requests.\nMultiple (chunked) requests are useful when the file is large enough to make the JWT expire\nbefore the upload is complete. The body of the http request contains the data from the file.\nQuery parameters are used to orchestrate chunking of the backup.\nThe CipherTrust Manager CLI is convenient for uploading via `ksctl migrations upload ...`.\n","tags":["Migrations"],"produces":["application/json"],"responses":{"201":{"description":"Successful upload of the backup file.","schema":{"type":"string"},"examples":{"application/json":{"id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","description":"keysecure-classic backup file description","password_hint":"keysecure-classic backup file decryption password hint","file_size":"keysecure-classic backup file size","createdAt":"2017-01-24T21:46:48.219287427Z"}}}}},"get":{"summary":"List","description":"Obtain a list of the previously uploaded backup files.\nThis API can also search for a file having a specific description.\n","tags":["Migrations"],"parameters":[{"name":"description","in":"query","type":"string","description":"Search for a backup file with a matching description."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"skip":"0","limit":"1","total":"1","resources":{"id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","description":"keysecure-classic backup file description","password_hint":"keysecure-classic backup file decryption password hint","file_size":"keysecure-classic backup file size","createdAt":"2017-01-24T21:46:48.219287427Z"}}}}}}},"/v1/migrations/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Obtain information about a specific backup file.","tags":["Migrations"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","description":"keysecure-classic backup file description","password_hint":"keysecure-classic backup file decryption password hint","file_size":"keysecure-classic backup file size","createdAt":"2017-01-24T21:46:48.219287427Z"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}},"delete":{"summary":"Delete","description":"Delete a specific backup file.","tags":["Migrations"],"produces":["application/json"],"responses":{"204":{"description":"No Content | Successful removal of the backup file.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/{id}/migrate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Migrate","description":"Migrate a KeySecure Classic or DSM backup file.\nThis is the main operation associated with this API.\nBe sure to upload the appropriate Migration Split Key before migrating a DSM backup file.\n","tags":["Migrations"],"parameters":[{"name":"body","in":"body","description":"Information needed to perform the migration.","schema":{"properties":{"password":{"type":"string","description":"This field is used only while migrating KeySecure Classic backup files, and is mandatory for those files.\nIt specifies the password needed to decrypt the KeySecure Classic backup file.\n"},"usersType":{"type":"string","description":"This field is used only while migrating KeySecure Classic backup files, and is mandatory for those files.\nIt specifies the type of user accounts being migrated - local or ldap.\n"},"ldapConnectionName":{"type":"string","description":"This optional field is used only while migrating KeySecure Classic backup files.\nIt specifies the name for the LDAP connection being migrated.\nIt is required only if usersType is set to 'ldap'.\n"},"privateKey":{"type":"string","description":"It specifies the name or id of the CM key.\nIt is required only for the cckm product.\n"},"domains":{"type":"array","items":{"type":"string"},"description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify an array of domains.\nAll the domains are migrated if this is left empty.\n"},"containers":{"type":"array","items":{"type":"string"},"description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify an array of containers.\n"},"groupName":{"type":"string","description":"This optional field is used only while migrating DSM backup files.\nIt can be used to specify the name of a key-sharing group.\nThis group is created in all the domains that are migrated.\nThe keys in the migrated domains will be accessible to all the members of this group.\n"},"autoCTEGroups":{"type":"boolean","description":"This optional parameter used only while migrating DSM backup files.\nIt can be used to control how CTE keys get migrated.\nOn the DSM, if a key has the \"Source\" field set to \"From DSM\" or an\nempty string, and this flag is set to true, the key is migrated so that\nit is fully accessible to members of the \"CTE Clients\" group.\n"},"migrateCCKMSourceKeys":{"type":"boolean","description":"This optional parameter used only while migrating CCKM Enterprise Keys.\nIf this flag is set to true, the key created in DSM from CCKM enterprise\nwill be migrated to CipherTrust Manager.\n"}},"example":{"password":"a133cdfe","usersType":"ldap","privateKey":"12a9758f","ldapConnectionName":"someldapconnection","domains":["domain1","domain2"],"containers":["container1","container2"],"groupName":"key-sharing-group","autoCTEGroups":true,"migrateCCKMSourceKeys":true}}}],"produces":["application/json"],"responses":{"202":{"description":"Successful start of asynchronous migration of the backup file","schema":{"type":"string"},"examples":{"application/json":{"id":"bb8888e8-4eb8-4744-aa55-d1a809a90795","description":"keysecure-classic backup file description","password_hint":"keysecure-classic backup file decryption password hint","file_size":"keysecure-classic backup file size","createdAt":"2017-01-24T21:46:48.219287427Z","status":"In progress"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Migration Data Download","description":"Download migration data.\n","tags":["Migrations"],"parameters":[{"name":"body","in":"body","description":"Information needed to download the migration data.","schema":{"required":["userName","password","ip","certificate","publicKey"],"properties":{"userName":{"type":"string","description":"This specifies the userName for the cckm enterprise.\n"},"password":{"type":"string","description":"This specifies the password for the cckm enterprise.\n"},"ip":{"type":"string","description":"This is the IP of cckm enterprise.\n"},"certificate":{"type":"string","description":"This specifies the certificate for the cckm enterprise.\n"},"publicKey":{"type":"string","description":"ID of the CipherTrust Manager key to be used for encrypting migration data.\n"}},"example":{"ip":"127.0.0.1","userName":"cckm-username","password":"cckm-password","certificate":"cckm-certificate","publicKey":"key-id"}}}],"produces":["text/plain"],"responses":{"200":{"description":"OK","schema":{"type":"file"}}}}},"/v1/migrations/generate-migration":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate and upload DSM key migration file","description":"Generates and uploads the _migration file_ for migrating DSM keys to the CipherTrust Manager.\n","tags":["Migrations"],"parameters":[{"name":"body","in":"body","description":"Information needed to download the migration data.","schema":{"required":["publicKey"],"properties":{"publicKey":{"type":"string","description":"ID of the CipherTrust Manager key to be used for encrypting migration data.\n"},"KeySource":{"type":"string","description":"Specifies the key source. Default key source is `dsm`. \n","enum":["dsm","cm"]}},"example":{"publicKey":"key-id","keySource":"dsm"}}}],"produces":["application/json"],"responses":{"201":{"description":"Successful start of asynchronous migration of the backup file","schema":{"type":"string"},"examples":{"application/json":{"status":"In progress"}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/{id}/log":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Log","description":"Returns the log of the ongoing or last migration for this backup. An\nempty body is returned when the backup has never been migrated.\n","tags":["Migrations"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"text/plain":"Migration started\nIgnored migrating user 'jdoe': warnings [already exists]\nMigration finished\n"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Returns status about the ongoing or last migration.","tags":["Migrations"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"string"},"examples":{"application/json":{"id":"12a9758f-d6c5-4190-a1e4-0f543f31f652","overall_status":"Completed","users_status":{"status":"Completed","num_processed":10,"num_failed":0,"num_ignored":0},"groups_status":{"status":"Completed","num_processed":5,"num_failed":0,"num_ignored":0},"user_groups_status":{"status":"Completed","num_processed":1000,"num_failed":0,"num_ignored":0}}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/migrations/{id}/containers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Containers from migration file","description":"List CCKM containers from migration file.\n","tags":["Migrations"],"produces":["application/json"],"responses":{"202":{"description":"List CCKM containers from migration file","schema":{"type":"string"},"examples":{"application/json":{"Containers":[{"Type":"azure","Name":"vmencrypt-keyvault","Tenant":"8cc92a18-12e6-4fb9-a4a9-24cf1768e5mns"},{"Type":"azure","Name":"jimmy-hsm-kv","Tenant":"8cc92a18-12e6-4fb9-a4a9-24cf1768e5mns"},{"Type":"azure","Name":"jimmy-kv-west-europe","Tenant":"8cc92a18-12e6-4fb9-a4a9-24cf1768e5mns"},{"Type":"azure","Name":"jhan-key-vault","Tenant":"8cc92a18-45e6-4fb9-a4a9-24cf1768e2cf"}]}}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/licensing/lockdata":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the license lock data. Use the license lock code on Thales’ Virtual CipherTrust Manager License portal to get a license code.","tags":["Licensing"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"code":{"type":"string"},"cluster_code":{"type":"string"}}},"examples":{"application/json":{"code":"*1NV CUHX DL2F 5ABN","cluster_code":"*1TH CCGB KTLC Y9M9"}}}}}},"/v1/licensing/licenses/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Retrieves all of the installed licenses.","tags":["Licensing"],"parameters":[{"name":"bind_type","in":"query","type":"string","description":"Filter on license bind type. Can be either 'instance' or 'cluster'."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Licenses object","type":"object","properties":{"id":{"type":"string","description":"ID of the license"},"hash":{"type":"string","description":"Hash of the license"},"type":{"type":"string","description":"License type - Normal or Trial"},"state":{"type":"string","description":"State of the license - active or inactive"},"start":{"type":"string","format":"date","description":"Start date/time of the license"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"feature":{"type":"string","description":"Feature name associated with this license"},"version":{"type":"string","description":"Version of the feature"},"license_count":{"type":"integer","description":"Number of licenses"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":0,"total":1,"resources":[{"id":"3522E6F949C7C962","hash":"3522E6F949C7C962","type":"normal","state":"active","start":"2006-01-01T00:00:00Z","expiration":"no expiration","feature":"Base","license_count":5}]}}}}},"post":{"summary":"Add","description":"Add a license string.","tags":["Licensing"],"parameters":[{"name":"body","in":"body","description":"License string.","required":true,"schema":{"type":"object","required":["license"],"properties":{"license":{"type":"string","description":"License string."},"bind_type":{"type":"string","description":"Binding type for this license. Can be either 'instance' or 'cluster'.\nIf omitted, then CM attempts to bind the license to the cluster. If this step fails with a lock code error,\nit will attempt to bind to the instance.\n"}},"example":{"license":"16 Virtual_KeySecure Ni LONG NORMAL STANDALONE EXCL 5_KEYS INFINITE_KEYS 16 JUN 2017 0 0 16 JUN 2017 19 0 NiL SLM_CODE CL_ND_LCK NiL *16QLW6DGSG8JSRX400 NiL NiL NiL 5_MINS NiL 0 JuuF6Bf5XnSmUEKsRB1D3SKZ:vwndBx1Bvj:EaN,Clf2G5moq,efLcwePrXzXd4tfDvYjtu4LTQwzvhHGwl:LvfV##AID=0d8b304a-435d-4436-82f2-db8994773438"}}}],"responses":{"201":{"description":"Successful license string addition."},"409":{"description":"Conflict | License string already exists."},"422":{"description":"Validation error | License string is invalid, expired or not locked to this instance."}}}},"/v1/licensing/licenses/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Gets a license by id.","tags":["Licensing"],"responses":{"200":{"description":"OK","schema":{"description":"Licenses object","type":"object","properties":{"id":{"type":"string","description":"ID of the license"},"hash":{"type":"string","description":"Hash of the license"},"type":{"type":"string","description":"License type - Normal or Trial"},"state":{"type":"string","description":"State of the license - active or inactive"},"start":{"type":"string","format":"date","description":"Start date/time of the license"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"feature":{"type":"string","description":"Feature name associated with this license"},"version":{"type":"string","description":"Version of the feature"},"license_count":{"type":"integer","description":"Number of licenses"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"}}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a license string.","tags":["Licensing"],"parameters":[{"name":"id","in":"path","type":"string","required":true,"description":"ID of the license. For example 1F66552EAE96D7ED."}],"responses":{"204":{"description":"No Content | Successful deletion of license."},"404":{"description":"Resource not found."},"409":{"description":"Conflict | License is in use by one or more client."}}}},"/v1/licensing/features/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Retrieves the features of all the licenses.","tags":["Licensing"],"parameters":[{"name":"bind_type","in":"query","type":"string","description":"Filter on license bind type. Can be either 'instance' or 'cluster'."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Features object","type":"object","properties":{"name":{"type":"string","description":"Feature name"},"version":{"type":"string","description":"Version of the feature"},"status":{"type":"string","description":"Status of the feature - active or inactive"},"details":{"type":"string","description":"Additional details provided when the feature is inactive (optional)"},"license_count":{"type":"integer","description":"Number of licenses"},"expiration":{"type":"string","format":"date","description":"End date/time of the license or \"no expiration\" if it never\nexpires. Please note that the expiration is different from trial\nseconds remaining. For trial licenses only trial seconds remaining\nshould be used and for other licenses expiration should be used.\n"},"trial_seconds_remaining":{"type":"string","description":"For trial licenses only, the number of seconds until the trial duration ends"},"bind_type":{"type":"string","description":"License bind type, 'instance' or 'cluster'"},"total_usage_count":{"type":"number","description":"Total count of used licenses"},"domains_usage":{"type":"array","description":"Array of domains for licenses usage","items":{"type":"object","properties":{"domain_id":{"type":"string","description":"Domain id"},"name":{"type":"string","description":"Domain name"},"parent_domain_id":{"type":"string","description":"Parent domain id"},"usage_count":{"type":"number","description":"Licenses usage"}}}}}}}}}]},"examples":{"application/json":{"skip":0,"limit":0,"total":1,"resources":[{"name":"Virtual_KeySecure","status":"active"}]}}}}}},"/v1/licensing/trials/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Retrieves the available trials.","tags":["Licensing"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"CipherTrust Manager Full Trial","id":"0dc8bce6-5279-418d-b12f-a3d71e024e77","description":"90 day trial including support for all CipherTrust Manager connectors and Enterprise features","status":"activated","activated_at":"2022-02-17T20:26:38.51622Z"}]}}}}}},"/v1/licensing/trials/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Gets a trial by id.","tags":["Licensing"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},{"type":"object","properties":{"features":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Sentinel RMS feature name"},"friendly_name":{"type":"string","description":"Display friendly name"},"product":{"type":"string","description":"Product name this feature belongs to"},"bind_type":{"type":"string","description":"License bind type, either 'instance' or 'cluster'"}}}}}}]}},"404":{"description":"Resource not found."}}}},"/v1/licensing/trials/{id}/activate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Activate","description":"Activates a trial. A trial can be activated more than once. Trial licenses will be only be valid for the\ntrial period starting from the first activation.\n","tags":["Licensing"],"responses":{"201":{"description":"Successful trial activation.","schema":{"allOf":[{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},{"type":"object","properties":{"features":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Sentinel RMS feature name"},"friendly_name":{"type":"string","description":"Display friendly name"},"product":{"type":"string","description":"Product name this feature belongs to"},"bind_type":{"type":"string","description":"License bind type, either 'instance' or 'cluster'"}}}}}}]}}}}},"/v1/licensing/trials/{id}/deactivate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Deactivate","description":"Deactivates a trial. A trial can be re-activated but the trial period will continue from the original activation date.","tags":["Licensing"],"responses":{"201":{"description":"Successful trial deactivation.","schema":{"allOf":[{"description":"Trial object","type":"object","properties":{"name":{"type":"string","description":"Trial name"},"id":{"type":"string","description":"Unique identifier for resource"},"description":{"type":"string","description":"Trial description"},"status":{"type":"string","description":"Current status of the trial, can be \"available\", \"activated\", or \"deactivated\"","enum":["available","activated","deactivated"]},"activated_at":{"type":"string","format":"date-time","description":"Time the trial was activated, omitted if it has never been activated"},"deactivated_at":{"type":"string","format":"date-time","description":"Time the trial was deactivated, omitted if it has never been deactivated"}}},{"type":"object","properties":{"features":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Sentinel RMS feature name"},"friendly_name":{"type":"string","description":"Display friendly name"},"product":{"type":"string","description":"Product name this feature belongs to"},"bind_type":{"type":"string","description":"License bind type, either 'instance' or 'cluster'"}}}}}}]}},"409":{"description":"Conflict | can only deactivate an activated trial"}}}},"/v1/vault/links/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all links. Results can be refined with query params.","tags":["Links"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"source","in":"query","type":"string","description":"Filters results to links with matching link source. Provide ID, URI or Name of a cryptographic resource.\n"},{"name":"target","in":"query","type":"string","description":"Filters results to links with matching link target. Provide ID, URI or Name of a cryptographic resource.\n"},{"name":"type","in":"query","type":"string","description":"Filters results to links with matching link type(s). Use query format type=previous,child or type=previous&type=child.\n"},{"name":"index","in":"query","type":"integer","description":"Filters results to links with matching index. Typically combined with filter on source as the combination (source, index) is unique.\n"}],"responses":{"200":{"description":"OK","examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d59bb9be-1a8a-4fcf-9089-6f64f091a24e","uri":"kylo:kylo:vault:links:d59bb9be-1a8a-4fcf-9089-6f64f091a24e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-08T21:42:15.793839Z","updatedAt":"2017-09-08T21:42:15.793839Z","type":"child","source":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v0","target":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v3"}]}}}}},"post":{"summary":"Create","description":"Creates a new link","tags":["Links"],"parameters":[{"name":"body","in":"body","description":"Type of link to create between two cryptographic resources.\n","required":true,"schema":{"title":"Create Link","example":{"application/json":{"type":"previous","source":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v0","target":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v3"}},"properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. Required for Create.","enum":["privateKey","publicKey","certificate","derivationBaseObject","derivedKey","replacementObject","replacedObject","parent","child","previous","next","pkcs12Password","pkcs12Certificate"]},"source":{"type":"string","description":"The source resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."},"target":{"type":"string","description":"The target resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."}}}}],"responses":{"201":{"description":"Successful link creation.","examples":{"application/json":{"id":"d59bb9be-1a8a-4fcf-9089-6f64f091a24e","uri":"kylo:kylo:vault:links:d59bb9be-1a8a-4fcf-9089-6f64f091a24e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-08T21:42:15.793839Z","updatedAt":"2017-09-08T21:42:15.793839Z","type":"child","source":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v0","target":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v3"}}},"409":{"description":"Conflict | Could not create link as it already exists"}}}},"/v1/vault/links/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns information about the link.\n","tags":["Links"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"d59bb9be-1a8a-4fcf-9089-6f64f091a24e","uri":"kylo:kylo:vault:links:d59bb9be-1a8a-4fcf-9089-6f64f091a24e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-08T21:42:15.793839Z","updatedAt":"2017-09-08T21:42:15.793839Z","type":"child","source":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v0","target":"kylo:kylo:vault:keys:testvkeysgeneral-14ce4ddc-d736-41a6-8d20-923bb7383bca-v3"}}}}},"patch":{"summary":"Update","description":"Updates the link properties. This can be used to update the link type, source and target.\n","tags":["Links"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"title":"Update Link","properties":{"type":{"type":"string","description":"Type of link between two cryptographic resource. Required for Create.","enum":["privateKey","publicKey","certificate","derivationBaseObject","derivedKey","replacementObject","replacedObject","parent","child","previous","next","pkcs12Password","pkcs12Certificate"]},"source":{"type":"string","description":"The source resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."},"target":{"type":"string","description":"The target resource of a link. Provide ID, URI or Name of a cryptographic resource. Required for Create."}},"example":{"type":"next","source":"key1","target":"key2"}}}],"responses":{"201":{"description":"Successful resource update."}}},"delete":{"summary":"Delete","description":"Deletes a Link.","tags":["Links"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of link."}}}},"/v1/ca/csr":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"CSR","description":"Creates a Certificate Signing Request (CSR) and its corresponding\nprivate key. This API does not store any state on the server as\neverything is returned back in the result. This means that both the CSR\nand the private key must be stored securely on the client side.\n\nThe private key can optionally be encrypted with a password. It is\nstrongly recommended to encrypt the private key.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"CSR parameters","schema":{"type":"object","title":"CSR Request","required":["cn"],"properties":{"name":{"type":"string","description":"A unique name of CSR."},"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"emailAddresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPS\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"},"password":{"type":"string","description":"Password to PEM-encrypt the private key. If not specified, the private key is not encrypted in return."},"encryptionAlgo":{"type":"string","description":"Private key encryption algorithm. AES256 (default), AES192, AES128, TDES"},"privateKeyBytes":{"type":"string","description":"Private Key bytes of the key which is to be used while creating CSR(Algorithm and size should be according to this key). If not given will generate key internally as per algorithm and size."},"copy_from_ca":{"type":"string","description":"ID of any Local CA. If given, the csr properties are copied from the given CA."}},"example":{"name":"sample-csr","algorithm":"RSA","size":2048,"cn":"kylo.com","dnsNames":["*.thalesgroup.com","*.thalesgroup.net"],"emailAddresses":["contact@thalesgroup.com"],"ipAddresses":["1.1.1.1"],"names":[{"O":"Thales Group","OU":"RnD","C":"US","ST":"MD","L":"Belcamp"}]}}}],"responses":{"200":{"description":"Successful CSR creation.","schema":{"type":"object"},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHNMHUCAQAwEzERMA8GA1UEAxMIVGVzdCBDU1IwWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATndOIgsTp7m4bOuixxuAt2XQ3oZqp8th/woAo51z7RiAAGdm7IfB1w\n7uWr8o5PWKBatXIgvPp8hvRWHQPHCfcLoAAwCgYIKoZIzj0EAwIDSAAwRQIgVyvz\nhFGCKV460fNJC0vC48gI268B68Xr6osFoy9Ouw8CIQCWN1LtcyxPIvul3XF1Pj7l\navEeIqDBcfD6VHhbnpO2Ag==\n-----END CERTIFICATE REQUEST-----","key":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIOx4fmUGuAp0i/aAxHPVyCiHYTnumQaTM3CJAwg9+bqroAoGCCqGSM49\nAwEHoUQDQgAE53TiILE6e5uGzroscbgLdl0N6GaqfLYf8KAKOdc+0YgABnZuyHwd\ncO7lq/KOT1igWrVyILz6fIb0Vh0Dxwn3Cw==\n-----END EC PRIVATE KEY-----"}}}}}},"/v1/ca/external-cas":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload external CA","description":"Uploads an external CA certificate. These certificates can later be\ntrusted by services inside the system for verification of client\ncertificates.\n\nThe uploaded certificate must have \"CA:TRUE\" as part of the\n\"X509v3 Basic Constraints\" to be accepted.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"External CA certificate parameters","schema":{"type":"object","title":"Upload External CA Request","required":["cert"],"properties":{"name":{"type":"string","description":"A unique name of CA, if not provided, will be set to externalca-."},"cert":{"type":"string","description":"External CA certificate in PEM format"},"parent":{"type":"string","description":"URI reference to a parent external CA certificate. This\ninformation can be used to build a certificate\nhierarchy.\n"}},"example":{"name":"sample-ex-CA","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}}],"responses":{"201":{"description":"Successful external CA upload.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-ex-CA","id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","serialNumber":"0","subject":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","issuer":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","notBefore":"2017-08-02T22:42:23Z","notAfter":"2047-07-26T22:42:23Z","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}}}},"get":{"summary":"List external CAs","description":"Returns a list of external CA certificates. The results can be\nfiltered, using the query parameters.\n","tags":["Certificate Authority"],"parameters":[{"name":"subject","in":"query","required":false,"type":"string","description":"Filter by the subject"},{"name":"issuer","in":"query","required":false,"type":"string","description":"Filter by the issuer"},{"name":"serialNumber","in":"query","required":false,"type":"string","description":"Filter by the serial number"},{"name":"cert","in":"query","required":false,"type":"string","description":"Filter by the cert"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object"}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"name":"sample-ex-CA","id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","serialNumber":"0","subject":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","issuer":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","notBefore":"2017-08-02T22:42:23Z","notAfter":"2047-07-26T22:42:23Z","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}}}}}},"/v1/ca/external-cas/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get external CA","description":"Returns a single external CA certificate.","tags":["Certificate Authority"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-ex-CA","id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","serialNumber":"0","subject":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","issuer":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","notBefore":"2017-08-02T22:42:23Z","notAfter":"2047-07-26T22:42:23Z","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete external CA","description":"Deletes an external CA certificate.","tags":["Certificate Authority"],"responses":{"204":{"description":"No Content | Successful deletion of external CA.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update External CA","description":"Update an external CA.","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"External CA update certificate parameters","schema":{"type":"object","title":"Update CA params","properties":{"allow_client_authentication":{"type":"boolean","description":"If set to true, the certificates signed by the specified CA can be used for client authentication."},"allow_user_authentication":{"type":"boolean","description":"If set to true, the certificates signed by the specified CA can be used for user authentication."}},"example":{"allow_client_authentication":false,"allow_user_authentication":false}}}],"responses":{"200":{"description":"Update successful.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-ex-CA","id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----","serialNumber":"0","subject":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","issuer":"/C=US/ST=TX/L=Austin/O=Thales/OU=RnD/CN=ca.kylo.thalesgroup.com","notBefore":"2017-08-02T22:42:23Z","notAfter":"2047-07-26T22:42:23Z","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ca/local-cas":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create local CA","description":"Creates a pending local CA. This operation returns a CSR\nthat either can be self-signed by calling local-cas/{id}/self-sign or\nsigned by another CA and installed by calling local-cas/{id}/install. A\nlocal CA keeps the corresponding private key inside the system and can\nissue certificates for clients, servers or intermediate CAs.\nThe local CA can also be trusted by services inside the system for\nverification of client certificates.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Local CA certificate parameters","schema":{"type":"object","title":"Create Local CA Request","required":["cn"],"properties":{"name":{"type":"string","description":"A unique name of CA, if not provided, will be set to localca-."},"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"emailAddresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"Local CA Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales\", \"OU\": \"RnD\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}},"example":{"name":"sample-CA","algorithm":"RSA","size":2048,"cn":"kylo.com","dnsNames":["*.thalesgroup.com","*.thalesgroup.net"],"emailAddresses":["contact@thalesgroup.com"],"ipAddresses":["1.1.1.1"],"names":[{"O":"Thales","OU":"RnD","C":"US","ST":"MD","L":"Belcamp"}]}}}],"responses":{"201":{"description":"Successful local CA creation.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"cd3435f1-11aa-4e67-adba-73a14b3a552d","uri":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:28:51.470Z","updatedAt":"2017-10-02T14:28:51.470Z","state":"pending","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHJMHECAQAwDzENMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABBQSwzCdcmzEUK6S9lj3V32oMbZysm05TtfnMhVy9Ic63ZnOjSa2uH/NQw80\nA4KX0b/IWTq+MajEmNJMoLNN2nigADAKBggqhkjOPQQDAgNIADBFAiEA7HWFmyzr\nIWsyiAfky6yhZltJ5Z3gYTTO0zgyGtD9ex8CIALcV6ZFSRz1a3PTaJuPrX7fU6fk\n4atNxIoedOcU3Srm\n-----END CERTIFICATE REQUEST-----","notBefore":"1901-01-01T00:00:00.000Z","notAfter":"1901-01-01T00:00:00.000Z"}}}}},"get":{"summary":"List local CAs","description":"Returns a list of local CA certificates. The results can be\nfiltered, using the query parameters.\n","tags":["Certificate Authority"],"parameters":[{"name":"subject","in":"query","required":false,"type":"string","description":"Filter by the subject"},{"name":"issuer","in":"query","required":false,"type":"string","description":"Filter by the issuer"},{"name":"state","in":"query","required":false,"type":"string","description":"Filter by the state; active or pending"},{"name":"cert","in":"query","required":false,"type":"string","description":"Filter by the cert"},{"name":"id","in":"query","required":false,"type":"string","description":"Filter by the id"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object"}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}}}}}},"/v1/ca/local-cas/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get local CA","description":"Returns a single local CA certificate.","tags":["Certificate Authority"],"parameters":[{"name":"chained","in":"query","required":false,"type":"boolean","description":"When set to true, the full CA chain is returned with the certificate."}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete local CA","description":"Deletes a local CA certificate.","tags":["Certificate Authority"],"responses":{"204":{"description":"No Content | Successful deletion of local CA.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update local CA","description":"Update a local CA.","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Local CA update certificate parameters","schema":{"type":"object","title":"Update CA params","properties":{"allow_client_authentication":{"type":"boolean","description":"If set to true, the certificates signed by the specified CA can be used for client authentication."},"allow_user_authentication":{"type":"boolean","description":"If set to true, the certificates signed by the specified CA can be used for user authentication."}},"example":{"allow_client_authentication":false,"allow_user_authentication":false}}}],"responses":{"200":{"description":"Update successful.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ca/local-cas/{id}/self-sign":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Self-sign a local CA","description":"Self-sign a local CA certificate. This is used to create a root CA. Either duration or notAfter date must be specified.\nIf both notAfter and duration are given, then notAfter date takes precedence over duration. If duration is given \nwithout notBefore date, ceritificate is issued starting from server's current time for the specified duration. \n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Local CA certificate parameters","schema":{"type":"object","title":"Self-sign Request","properties":{"duration":{"type":"integer","description":"Duration in days of certificate. Either duration or notAfter date must be specified."},"notBefore":{"type":"string","description":"Start date of certificate."},"notAfter":{"type":"string","description":"End date of certificate. Either notAfter date or duration must be specified. notAfter overrides duration if both are given."}},"example":{"duration":365,"notBefore":"2016-12-02Z","notAfter":"2026-12-02Z"}}}],"responses":{"201":{"description":"Successful self-sign of local CA.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}}}}},"/v1/ca/local-cas/{id}/install":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Install a local CA","description":"Installs a certificate signed by other CA to act as a local CA. Issuer\ncan be both local or external CA. Typically used for intermediate CAs.\n\nThe CA certificate must match the earlier created CA CSR, have\n\"CA:TRUE\" as part of the \"X509v3 Basic Constraints\", and have\n\"Certificate Signing\" as part of \"X509v3 Key Usage\" in order to be\naccepted.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Local CA certificate parameters","schema":{"type":"object","title":"Install Local CA Request","required":["cert","parentId"],"properties":{"cert":{"type":"string","description":"Signed certificate in PEM format to install as a local CA\n"},"parentId":{"type":"string","description":"An identifier of the parent resource. The resource can be\neither a local or an external CA. The identifier can be\neither the ID (a UUIDv4) or the URI.\n"}},"example":{"cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","parentId":"25af621e-dddd-4147-8c95-519a095b893c"}}}],"responses":{"201":{"description":"Successful install of local CA.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-CA","id":"25af621e-dddd-4147-8c95-519a095b893c","uri":"kylo:kylo:naboo:localca:25af621e-dddd-4147-8c95-519a095b893c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:18:21.644Z","updatedAt":"2017-10-02T14:18:54.339Z","state":"active","cert":"-----BEGIN CERTIFICATE-----\nMIIBPzCB5aADAgECAhAw+e7jP0aueBVpHHpWiL6qMAoGCCqGSM49BAMCMA8xDTAL\nBgNVBAMTBFRlc3QwHhcNMTcxMDAyMTQxODU0WhcNMTcxMDAyMTQxODU0WjAPMQ0w\nCwYDVQQDEwRUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFwDtc+JXlLQq\n2RZhX9p964AR6rrja6uUH5HKM9dZTDqiJ4bCwKRzTJoIIuUEc6cAoHcPucyanux3\nc6R+nZ0706MjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI\nKoZIzj0EAwIDSQAwRgIhAKvSZNyrG1z6XYLff9nQNwAijbhwdd3Y7vFpY0AaFbL1\nAiEArODxqQmg3SpfoSg+aaRD2OFy/a28bKG1PPteh+2AEX4=\n-----END CERTIFICATE-----","serialNumber":"65100670933312698147490232854133653162","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:18:54.000Z","notAfter":"2017-10-02T14:18:54.000Z","sha1Fingerprint":"1A0547A1F8560E6EE8887B07ECD325585788C3EB","sha256Fingerprint":"E2500B6FF4B946BC50B24DA9113E03A8218681A5A5CEBE5C08E776EEA9B0E095","sha512Fingerprint":"FF1AC34C7D82396E954F9CDD63C91E01395B6EDDBB9C2FEAF6AF5551ED790916319BAFE84FEDF5C65CF6D29E585646A4E076DA3EF5E6701B666A986D46AA17A0","purpose":{"client_authentication":"Enabled","user_authentication":"Enabled"}}}}}}},"/v1/ca/local-cas/{caid}/certs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"caid","in":"path","description":"An identifier of the issuer CA resource. This can be either the ID (a\nUUIDv4), the name, the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true}],"post":{"summary":"Issue certificate","description":"Issues a certificate by signing the provided CSR with the CA. This is typically used\nto issue server, client or intermediate CA certificates. Either duration or notAfter date must be specified.\nIf both notAfter date and duration are given, then notAfter takes precedence over duration. If duration is given \nwithout notBefore date, ceritificate is issued starting from server's current time for the specified duration.\n","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Certificate parameters","schema":{"type":"object","title":"Issue Certificate Request","required":["csr","purpose"],"properties":{"name":{"type":"string","description":"A unique name of Certificate, if not provided, will be set to cert-."},"csr":{"type":"string","description":"CSR in PEM format"},"purpose":{"type":"string","description":"server, client or ca"},"duration":{"type":"integer","description":"Duration in days of certificate. Either duration or notAfter date must be specified."},"notBefore":{"type":"string","description":"Start date of certificate"},"notAfter":{"type":"string","description":"End date of certificate. Either notAfter or duration must be specified. notAfter overrides duration if both are given."}},"example":{"name":"sample-cert","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHMMHQCAQAwEjEQMA4GA1UEAxMHbXkgY2VydDBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABBJCi5oqg7DT9erDtUS0Si9t4lxP6qvcZbJ0Dsu6+h7q/2ogtzUWY8TT\nE4W2Xc+YHE7z5AaMpb2OvTLnk8CLDv2gADAKBggqhkjOPQQDAgNIADBFAiAH3+2h\nVpMB+PPIJXrCsnqK4UScMQPUakSqKbGasqW33AIhALZ6aSD0EghCyBxBAhVKLsNh\nysB/i0c6R/O7USFQJQTr\n-----END CERTIFICATE REQUEST-----","purpose":"server","duration":365,"notBefore":"2016-12-02Z","notAfter":"2026-12-02Z"}}}],"responses":{"201":{"description":"Successful certificate issue.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-cert","id":"fe7ba3b3-5f77-461b-a357-b98045b159d6","uri":"kylo:kylo:naboo:certs:fe7ba3b3-5f77-461b-a357-b98045b159d6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:44:59.080Z","updatedAt":"2017-10-02T14:44:59.080Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBUTCB+KADAgECAhEAoJIuJYnCF4moxtJKCPDlZDAKBggqhkjOPQQDAjAPMQ0w\nCwYDVQQDEwRUZXN0MB4XDTE3MTAwMjE0NDQ1OVoXDTE3MTAwMjE0NDQ1OVowDzEN\nMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNA2m18mNW8j\n7ZEJGQT/X8pF5mgixDzvVAr3qlau9C3hXsIVvpSx45synuMiZaRcAZz3V6pNmXD/\nr+WTv3qjQkWjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD\nATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCTxSTwxA6J7f7DV4xz\nRtrUxBJrqXAWJuKm0+fBORz+uwIgeOVnowlN9nZv2aJ2FKqGEyeH93T/ukasevOv\ntngmUug=\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","revoked_at":"1901-01-01T00:00:00.000Z","sha1Fingerprint":"1F1631E7EDA1475983AEF10A92141CB04D1FAD57","sha256Fingerprint":"8C6EC21FF9B93FB5C1D75D086DD0371A0E54BF1073A2B07369B60F26948A79E8","sha512Fingerprint":"256AB3E47CD03A791CE6FC2A8F8F4161C0461C42B2BEB27D83C6D48148BB42EEA1281876DF658EAF629C4CAFE4AFD387C56363BC05F66FEF976323CA20F8035C","serialNumber":"213435490631850494611318770278023095652","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:44:59.000Z","notAfter":"2017-10-02T14:44:59.000Z"}}}}},"get":{"summary":"List certificates","description":"Returns a list of certificates issued by given CA. The results can be filtered,\nusing the query parameters.\n","tags":["Certificate Authority"],"parameters":[{"name":"subject","in":"query","required":false,"type":"string","description":"Filter by the subject"},{"name":"issuer","in":"query","required":false,"type":"string","description":"Filter by the issuer"},{"name":"cert","in":"query","required":false,"type":"string","description":"Filter by the cert"},{"name":"id","in":"query","required":false,"type":"string","description":"Filter by the ID or URI"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object"}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"name":"sample-cert","id":"fe7ba3b3-5f77-461b-a357-b98045b159d6","uri":"kylo:kylo:naboo:certs:fe7ba3b3-5f77-461b-a357-b98045b159d6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:44:59.080Z","updatedAt":"2017-10-02T14:44:59.080Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBUTCB+KADAgECAhEAoJIuJYnCF4moxtJKCPDlZDAKBggqhkjOPQQDAjAPMQ0w\nCwYDVQQDEwRUZXN0MB4XDTE3MTAwMjE0NDQ1OVoXDTE3MTAwMjE0NDQ1OVowDzEN\nMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNA2m18mNW8j\n7ZEJGQT/X8pF5mgixDzvVAr3qlau9C3hXsIVvpSx45synuMiZaRcAZz3V6pNmXD/\nr+WTv3qjQkWjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD\nATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCTxSTwxA6J7f7DV4xz\nRtrUxBJrqXAWJuKm0+fBORz+uwIgeOVnowlN9nZv2aJ2FKqGEyeH93T/ukasevOv\ntngmUug=\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","revoked_at":"1901-01-01T00:00:00.000Z","sha1Fingerprint":"1F1631E7EDA1475983AEF10A92141CB04D1FAD57","sha256Fingerprint":"8C6EC21FF9B93FB5C1D75D086DD0371A0E54BF1073A2B07369B60F26948A79E8","sha512Fingerprint":"256AB3E47CD03A791CE6FC2A8F8F4161C0461C42B2BEB27D83C6D48148BB42EEA1281876DF658EAF629C4CAFE4AFD387C56363BC05F66FEF976323CA20F8035C","serialNumber":"213435490631850494611318770278023095652","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:44:59.000Z","notAfter":"2017-10-02T14:44:59.000Z"}}}}}}},"/v1/ca/local-cas/{caid}/certs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"caid","in":"path","description":"An identifier of the issuer CA resource. This can be either the ID (a\nUUIDv4), the name, the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true},{"name":"id","in":"path","description":"An identifier of the certificate resource. This can be either the ID (a\nUUIDv4), the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true}],"get":{"summary":"Get certificate","description":"Returns a single local certificate.","tags":["Certificate Authority"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-cert","id":"7fd13837-4d41-4394-85f3-7e7443fdc345","uri":"kylo:kylo:naboo:certs:7fd13837-4d41-4394-85f3-7e7443fdc345","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-03T15:34:30.242Z","updatedAt":"2017-10-03T15:34:30.242Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBpDCCAUugAwIBAgIRALyT9RceYiOKmn9/wg9RB+AwCgYIKoZIzj0EAwIwWjEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYD\nVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgcm9vdCBDQTAeFw0xNzEw\nMDMxNTM0MzBaFw0yNzEwMDExNTM0MzBaMBcxFTATBgNVBAMTDEtNSVAgQ2xpZW50\nMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOAfvDG7tTwwK/5dOHvXOjHETKQN\n10S/CSpfpOwOJdkqi5Ln/vQ1kNxUXWqDlXhkg2w+l4khYAv3PVGc5HjO/iCjNTAz\nMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8E\nAjAAMAoGCCqGSM49BAMCA0cAMEQCIBHUDGpetRKXpOHVkQc52uPGd7nCbPXnN2No\nhl3KsilTAiAnUOVEUlaGNoiNZxEItuDfN1lMFU15z+bTibMp88tU2A==\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:e38a9148-c0ad-46ae-8adc-bb74d9bb11ca","revoked_at":"1901-01-01T00:00:00.000Z","sha1Fingerprint":"2A2985534D2E528DBA7724D5D145714747C40FE2","sha256Fingerprint":"A28420E3967E06A13D974122E6C4D2FFD6CE8E6FB9A1AB82AE0403873DED9843","sha512Fingerprint":"C4D07E74EB61FFE34F28C924DB8EC9A6D3C3DFC6E6CC034EB9EAABB09DDDDB6B08DE0CCC264DCDC227920DDDFB702857E5CE908A63831D39897F850D5BD304B8","serialNumber":"250663101867772629119216267626881812448","subject":"/CN=KMIP Client1","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales/CN=CipherTrust Manager root CA","notBefore":"2017-10-03T15:34:30.000Z","notAfter":"2027-10-01T15:34:30.000Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete certificate","description":"Deletes a local certificate.","tags":["Certificate Authority"],"responses":{"204":{"description":"No Content | Successful deletion of certificate.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ca/local-cas/{caid}/certs/{id}/revoke":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"caid","in":"path","description":"An identifier of the issuer CA resource. This can be either the ID (a\nUUIDv4), the name, the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true},{"name":"id","in":"path","description":"An identifier of the certificate resource. This can be either the ID (a\nUUIDv4), the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true}],"post":{"summary":"Revoke certificate","description":"Revoke certificate with a given specific reason.","tags":["Certificate Authority"],"parameters":[{"name":"body","in":"body","description":"Certificate revoke parameters","schema":{"type":"object","title":"Revoke Certificate Request","required":["reason"],"properties":{"reason":{"type":"string","description":"Specify one of the reason. Reasons to revoke a certificate according to RFC 5280 are -","enum":["unspecified","keyCompromise","cACompromise","affiliationChanged","superseded","cessationOfOperation","certificateHold","removeFromCRL","privilegeWithdrawn","aACompromise"]}},"example":{"reason":"certificateHold"}}}],"responses":{"200":{"description":"Successful certificate revoke.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-cert","id":"fe7ba3b3-5f77-461b-a357-b98045b159d6","uri":"kylo:kylo:naboo:certs:fe7ba3b3-5f77-461b-a357-b98045b159d6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:44:59.080Z","updatedAt":"2017-10-02T14:44:59.080Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBUTCB+KADAgECAhEAoJIuJYnCF4moxtJKCPDlZDAKBggqhkjOPQQDAjAPMQ0w\nCwYDVQQDEwRUZXN0MB4XDTE3MTAwMjE0NDQ1OVoXDTE3MTAwMjE0NDQ1OVowDzEN\nMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNA2m18mNW8j\n7ZEJGQT/X8pF5mgixDzvVAr3qlau9C3hXsIVvpSx45synuMiZaRcAZz3V6pNmXD/\nr+WTv3qjQkWjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD\nATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCTxSTwxA6J7f7DV4xz\nRtrUxBJrqXAWJuKm0+fBORz+uwIgeOVnowlN9nZv2aJ2FKqGEyeH93T/ukasevOv\ntngmUug=\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","revoked_at":"2017-10-02T14:44:59.080Z","revoked_reason":"certificateHold","state":"revoked","sha1Fingerprint":"1F1631E7EDA1475983AEF10A92141CB04D1FAD57","sha256Fingerprint":"8C6EC21FF9B93FB5C1D75D086DD0371A0E54BF1073A2B07369B60F26948A79E8","sha512Fingerprint":"256AB3E47CD03A791CE6FC2A8F8F4161C0461C42B2BEB27D83C6D48148BB42EEA1281876DF658EAF629C4CAFE4AFD387C56363BC05F66FEF976323CA20F8035C","serialNumber":"213435490631850494611318770278023095652","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:44:59.000Z","notAfter":"2017-10-02T14:44:59.000Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/ca/local-cas/{caid}/certs/{id}/resume":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"caid","in":"path","description":"An identifier of the issuer CA resource. This can be either the ID (a\nUUIDv4), the name, the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true},{"name":"id","in":"path","description":"An identifier of the certificate resource. This can be either the ID (a\nUUIDv4), the URI, or the slug (which is the last\ncomponent of the URI).\n","type":"string","required":true}],"post":{"summary":"Resume certificate","description":"Certificate can be resumed only if it is revoked with reason certificatehold.","tags":["Certificate Authority"],"responses":{"200":{"description":"Successful certificate resume.","schema":{"type":"object"},"examples":{"application/json":{"name":"sample-cert","id":"fe7ba3b3-5f77-461b-a357-b98045b159d6","uri":"kylo:kylo:naboo:certs:fe7ba3b3-5f77-461b-a357-b98045b159d6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-10-02T14:44:59.080Z","updatedAt":"2017-10-02T14:44:59.080Z","cert":"-----BEGIN CERTIFICATE-----\nMIIBUTCB+KADAgECAhEAoJIuJYnCF4moxtJKCPDlZDAKBggqhkjOPQQDAjAPMQ0w\nCwYDVQQDEwRUZXN0MB4XDTE3MTAwMjE0NDQ1OVoXDTE3MTAwMjE0NDQ1OVowDzEN\nMAsGA1UEAxMEVGVzdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNA2m18mNW8j\n7ZEJGQT/X8pF5mgixDzvVAr3qlau9C3hXsIVvpSx45synuMiZaRcAZz3V6pNmXD/\nr+WTv3qjQkWjNTAzMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcD\nATAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0gAMEUCIQCTxSTwxA6J7f7DV4xz\nRtrUxBJrqXAWJuKm0+fBORz+uwIgeOVnowlN9nZv2aJ2FKqGEyeH93T/ukasevOv\ntngmUug=\n-----END CERTIFICATE-----","ca":"kylo:kylo:naboo:localca:cd3435f1-11aa-4e67-adba-73a14b3a552d","revoked_at":"1901-01-01T00:00:00.000Z","state":"active","sha1Fingerprint":"1F1631E7EDA1475983AEF10A92141CB04D1FAD57","sha256Fingerprint":"8C6EC21FF9B93FB5C1D75D086DD0371A0E54BF1073A2B07369B60F26948A79E8","sha512Fingerprint":"256AB3E47CD03A791CE6FC2A8F8F4161C0461C42B2BEB27D83C6D48148BB42EEA1281876DF658EAF629C4CAFE4AFD387C56363BC05F66FEF976323CA20F8035C","serialNumber":"213435490631850494611318770278023095652","subject":"/CN=Test","issuer":"/CN=Test","notBefore":"2017-10-02T14:44:59.000Z","notAfter":"2017-10-02T14:44:59.000Z"}}},"400":{"description":"Bad Request | Cannot resume certificate.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/ntp/servers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of previously configured NTP servers.\n","tags":["NTP Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"host":{"type":"string"},"key":{"type":"string"}}}}}},"examples":{"application/json":{"resources":[{"host":"foo.example.com","key":"key1"}]}}}}},"post":{"summary":"Add","description":"Adds a new NTP server to be used by the system.\n","tags":["NTP Servers"],"parameters":[{"name":"body","in":"body","description":"NTP servers parameters","schema":{"type":"object","title":"Add NTP servers Request","required":["host"],"properties":{"host":{"type":"string","description":"Host (hostname/ip) of NTP server to add"},"key":{"type":"string","description":"Symmetric key value to be used for authenticated NTP servers"}},"example":{"host":"foo.example.com","key":"key1"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"host":"foo.example.com","key":"key1"}}}}}},"/v1/system/ntp/servers/{host}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"host","in":"path","required":true,"type":"string","description":"Host (hostname/ip) of NTP server"}],"get":{"summary":"Get","description":"Returns the details of a single NTP server.","tags":["NTP Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"host":"foo.example.com","key":"key1"}}},"404":{"description":"NTP server not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes an NTP server.","tags":["NTP Servers"],"responses":{"204":{"description":"No Content | Successful deletion of NTP server.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/ntp/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Returns the status of all NTP servers in the system","tags":["NTP Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"ntpq -p":" remote refid st t when poll reach delay offset jitter\n==============================================================================\n tick.gemalto.co .POOL. 16 p - 64 0 0.000 0.000 0.000\n tock.gemalto.co .POOL. 16 p - 64 0 0.000 0.000 0.000\n absdnsvwp50.gem 10.42.179.243 6 u 6 64 1 130.365 -486.28 0.000\n crodnsvwp50.gem 10.42.176.35 6 u 3 64 1 134.071 -354.54 0.000\n","ntpq -c as":"ind assid status conf reach auth condition last_event cnt\n===========================================================\n 1 21100 8811 yes none none reject mobilize 1\n 2 21101 8811 yes none none reject mobilize 1\n 3 21102 1014 no yes none reject reachable 1\n 4 21103 1014 no yes none reject reachable 1\n"}}},"404":{"description":"NTP server not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/hsm/setup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Setup","description":"Performs the initial setup of the system to use HSM.\n\nA `reset` operation is required. This means that all existing data in\nthe system will be wiped and CipherTrust Manager will be started from a clean\nslate.\n\nNote:\n This is a long running operation and could take some time, the\n browser might timeout before the operation completes. If you get a\n timeout error then the operation started successfully and you will\n need to `list` to determine if it has completed\n\nNote:\n It is important that time is in sync when using HSM. Please ensure\n the system time is correct before.\n","tags":["HSM Servers","Enterprise"],"parameters":[{"name":"body","in":"body","description":"HSM setup parameters","schema":{"type":"object","title":"Setup HSM Request","required":["type","connInfo"],"properties":{"type":{"type":"string","description":"Type of HSM server to setup, supported types are \"luna\", \"lunapci\", \"lunatct\", \"aws\", \"dpod\", \"nshield\" and \"ibmhpcs\". \"luna\" refers to the Luna Network HSM version 5, 6, or 7, \"lunapci\" refers to the embedded Luna PCIe HSM, \"lunatct\" refers to the Luna T-Series HSMs, \"aws\" refers to AWS CloudHSM, \"dpod\" refers to Thales Data Protection on Demand's HSM on Demand service, \"nshield\" refers to Entrust nShield Connect HSM, and \"ibmhpcs\" refers to IBM HPCS HSM.\n"},"connInfo":{"type":"string","description":"Connection information for initial HSM to setup. The expected content of this parameter depends on the specific HSM type used.\n\nIt must be a JSON document. Required attributes are:\n- \"partition_name\"\n The name of the HSM partition to use for Luna Network/PCIe HSM (including TCT).\n For CloudHSM use the value \"cavium\".\n For DPoD HSM on Demand Service, the name of the partition configured during partition initialization.\n\n- \"softcard_name\"\n For Entrust nShield Connect HSM, the name of the softcard to use to protect the keys.\n\n- \"partition_password\"\n\n For Luna Network/PCIe HSM (including TCT), the password of the initial partition to use. For Luna PCIe, Luna Network 7.x and most Luna Network 6.x devices, this will be the Crypto Officer role password or challenge secret. For Luna Network 5.x and some 6.x, this will be the generic partition password or challenge secret. Luna documentation describes in detail how to set up a password for an application to access a partition.\n\n- \"api_key\"\n For IBM HPCS HSM, the api key for IBM HPCS instance.\n\n For AWS CloudHSM specify the credentials of a cryptouser in the form of \"username:password\"\n\n For DPoD HSM on Demand Service, the password of the Crypto Officer.\n\n For IBM HPCS HSM on IBM HPCS Service, the password is the api key.\n\n- \"softcard_password\"\n For Entrust nShield Connect HSM, the password of the softcard.\n\n This password will also be used if more servers and high-availability (HA) mode is used for Luna Network HSMs, in which case all HSMs must have the same password.\n\nLuna Network/PCIe HSM (including TCT) example:\n\n\"{\\\"partition_name\\\": \\\"kylo-partition\\\", \\\"partition_password\\\": \\\"sOmeP@ssword\\\"}\"\n\nAWS CloudHSM (Cavium) example:\n\n\"{\\\"partition_name\\\": \\\"cavium\\\", \\\"partition_password\\\": \\\"hsmuser:sOmeP@ssword\\\"}\"\n\nDPoD example:\n\n\"{\\\"partition_name\\\": \\\"partition-name\\\", \\\"partition_password\\\": \\\"sOmeP@ssword\\\"}\"\n\nEntrust nShield Connect HSM example:\n\n\"{\\\"softcard_name\\\": \\\"softcard-name\\\", \\\"softcard_password\\\": \\\"sOmeP@ssword\\\"}\"\n\nIBM HPCS HSM example:\n\n\"{\\\"api_key\\\": \\\"api-key\\\"}\"\n"},"initialConfig":{"type":"object","description":"A free form JSON opaque blob. The expected content of this parameter depends on the specific HSM type used.\n\nFor Luna Network HSM (including TCT) the required attributes are:\n- \"host\"\n IP or hostname\n- \"serial\"\n Serial number of the partition to use\n- \"server-cert\"\n Server certificate in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n- \"client-cert\"\n Client certificate in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n- \"client-cert-key\"\n Client private key in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n\nFor Luna Network HSM using the STC protocol, the required attributes are:\n- \"host\"\n IP or hostname\n- \"serial\"\n Serial number of the partition to use\n- \"server-cert\"\n Server certificate in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n- \"stc-par-identity\"\n STC partition identity encoded as a base64 string without line breaks (base64 -w0 1234567890123.pid)\nNote that this instance's STC client identity (see /system/hsm/clients/stcidentity) must be registered externally prior to invoking this API.\n\nLuna PCIe HSM (including TCT) does not require any attribute. initialConfig shall be omitted.\n\nFor AWS CloudHSM (Cavium) the required attributes are:\n- \"host\"\n ENI IP Address of cloudhsm cluster.\n- \"server-cert\"\n CloudHSM cluster certificate in PEM format. Line breaks in PEM string must be replaced with \"\\n\".\n\nFor Entrust nShield Connect HSM the required attributes are:\n- \"host\"\n IP Address of the Entrust nShield Connect HSM.\n- \"serial\"\n Electronic Serial Number (ESN) of the Entrust nShield Connect HSM.\n- \"hkneti\"\n Hash of the KNETI key (HKNETI) of the Entrust nShield Connect HSM.\n- \"rfs_host\"\n IP Address of the Entrust nShield Connect HSM's Remote File System (RFS).\n\nFor Entrust nShield Connect HSM the optional attributes are:\n- \"port\"\n Port number of the nShield Connect HSM. If not specified, default to 9004.\n- \"rfs_port\"\n Port number of the nShield Connect HSM's RFS. If not specified, default to 9004.\n\nFor IBM HPCS HSM the required attributes are:\n- \"host\"\n Host name or IP Address of cloudhsm server.\n- \"port\"\n Port number of cloudhsm server .\n- \"instance_id\"\n Instance ID of IBM HPCS instance.\n- \"token_space_id\"\n IBM HPCS token space ID.\n\nLuna Network HSM (including TCT) example:\n\n {\n \"host\": \"172.20.32.11\",\n \"serial\": \"1234\",\n \"server-cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"client-cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"client-cert-key\": \"-----BEGIN RSA PRIVATE KEY-----\\n...\\n-----END RSA PRIVATE KEY-----\"\n }\n\nAWS CloudHSM example:\n\n {\n \"host\": \"172.20.32.11\",\n \"server-cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\"\n }\n\nDPoD example:\n\n Legacy DPoD client:\n\n {\n \"server_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"partition_ca_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"partition_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"cv_app_specific_data\": \"Chrystoki-conf-CVAppSpecificData\",\n \"cv_partition_data\": \"Chrystoki-conf-PartitionData00\"\n }\n\n Cloud HSMoD (new DPoD) client:\n\n {\n \"server_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"partition_ca_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"partition_cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\",\n \"cv_partition_data\": \"Chrystoki-conf-PartitionData00\",\n \"auth_token_config_uri\": \"Chrystoki-conf-AuthTokenConfigURI\",\n \"auth_token_client_id\": \"Chrystoki-conf-AuthTokenClientId\",\n \"auth_token_client_secret\": \"Chrystoki-conf-AuthTokenClientSecret\"\n }\n\nEntrust nShield Connect HSM example:\n\n {\n \"host\": \"10.194.173.39\",\n \"serial\": \"AB03-02E0-D947\",\n \"hkneti\": \"4a7b4d770abc415654cd2b50a25dd38aafce8d60\",\n \"rfs_host\": \"10.194.173.70\"\n }\n\nIBM HPCS HSM example:\n\n\n {\n \"host\": \"ep11.us-south.hs-crypto.cloud.ibm.com\"\n \"port\": \"9253\",\n \"instance_id\": \"4ec51d44-d94d-4200-bc2c-fcfb04b1287c`\"\n \"token_space_id\": \"12c2c67d-9bfe-4e73-a97f-9902913daf6f\"\n }\n\nNote: JSON does not allow line-breaks, it needs to be replaced with \\n. Use \"sed -z 's/\\n/\\\\n/g' cert-file.pem\" command to format the certificate.\n"},"reset":{"type":"boolean","description":"If true CipherTrust Manager will perform a reset operation after the initial HSM setup.\n\nCurrently a reset is required for this operation to succeed.\n\nWARNING - Reset is a destructive operation and will wipe all\ndata in the CipherTrust Manager.\n"},"delay":{"type":"integer","description":"Delay in seconds before reset, defaults to 5 seconds"}},"example":{"type":"luna","connInfo":"{\"partition_name\": \"kylo-partition\", \"partition_password\": \"sOmeP@ssword\"}","initialConfig":{"host":"172.20.32.11","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----","client-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----","client-cert-key":"-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----"},"reset":true,"delay":5}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","type":"luna","config":{"host":"172.20.32.11","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}}}}}},"/v1/system/hsm/servers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add","description":"Adds a new HSM server for high-availability (HA) and load balancing. Only supported for Luna Network HSM (including TCT) and Entrust nShield Connect HSM.\nFor AWS CloudHSM, AWS cloudhsm clustering feature should be used directly instead to add new HSM instances to the existing hsm cluster. No change is required on CipherTrust Manager.\n\nLuna Network HSM (including TCT) specific notes:\n- The partition password as provided during HSM setup must be the same for all servers in the same HA group\n- The call will fail if the partition on the joining node contains objects. It must be manually cleared using the Luna toolset, or either one of the forceClear or forceCopy optional attributes specified for this operation to succeed. Refer to CipherTrust Manager Administration Guide for more details.\n\nEntrust nShield Connect HSM specific note:\n- The new HSM server being added must belong to the same Security World as existing setup or added HSM server(s).\n\nNote:\n This is a long running operation and could take some time, the\n browser might timeout before the operation completes. If you get a\n timeout error then the operation started successfully and you will\n need to `list` to determine if it has completed\n","tags":["HSM Servers"],"parameters":[{"name":"body","in":"body","description":"HSM servers parameters","schema":{"type":"object","title":"Add HSM servers Request","required":["config"],"properties":{"config":{"type":"object","description":"Connection information for the HSM to add as a free form JSON opaque blob. The expected content of this parameter depends on the specific HSM type being added.\n\nFor Luna Network HSM (including TCT) the required attributes are:\n- \"host\"\n IP or hostname\n- \"server-cert\"\n Server certificate in PEM format\n- \"serial\"\n Serial number of the partition to use, this is used to ensure the correct partition is added to the HA group\n\nFor Luna Network HSM (including TCT) the optional attributes are:\n- \"forceClear\"\n When set to \"true\", forcefully clears all existing data on the partition of the joining node before adding it to the HA group. Use with caution. Refer to CipherTrust Manager Administration Guide for more details.\n- \"forceCopy\"\n When set to \"true\", all existing objects on the joining partition are retained and propagated within the HA group. Use with caution. Refer to CipherTrust Manager Administration Guide for more details.\n- \"stc-par-identity\"\n Specify this parameter to use the STC protocol to the Luna Network HSM partition. The STC partition identity must encoded as a base64 string without line breaks (base64 -w0 1234567890123.pid)\n Note that this instance's STC client identity (see /system/hsm/clients/stcidentity) must be registered externally prior to invoking this API.\n\nFor Entrust nShield Connect HSM the required attributes are:\n- \"host\"\n IP Address of the Entrust nShield Connect HSM.\n- \"serial\"\n Electronic Serial Number (ESN) of the Entrust nShield Connect HSM.\n- \"hkneti\"\n Hash of the KNETI key (HKNETI) of the Entrust nShield Connect HSM.\n\nFor Entrust nShield Connect HSM the optional attribute is:\n- \"port\"\n Port number of the nShield Connect HSM. If not specified, default to 9004.\n\nLuna Network HSM (including TCT) example:\n\n {\n \"host\": \"1.2.3.4\",\n \"serial\": \"1234\",\n \"server-cert\": \"-----BEGIN CERTIFICATE-----\\n...\\n-----END CERTIFICATE-----\"\n }\n\nEntrust nShield Connect HSM example:\n\n {\n \"host\": \"10.194.173.39\",\n \"serial\": \"AB03-02E0-D947\",\n \"hkneti\": \"4a7b4d770abc415654cd2b50a25dd38aafce8d60\"\n }\n"}},"example":{"config":{"host":"1.2.3.4","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","type":"luna","config":{"host":"1.2.3.4","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}}}}},"get":{"summary":"List","description":"Returns a list of previously configured HSM servers.\n","tags":["HSM Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"host":{"type":"string"},"config":{"type":"string"}}}}}},"examples":{"application/json":{"resources":[{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","type":"luna","config":{"host":"172.20.32.11","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}]}}}}}},"/v1/system/hsm/servers/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"ID of HSM server"}],"get":{"summary":"Get","description":"Returns the details of a single HSM server.","tags":["HSM Servers"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","type":"luna","config":{"host":"172.20.32.11","serial":"1234","server-cert":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"}}}},"404":{"description":"HSM server not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a HSM server.\n\nA `reset` operation is required when the last HSM server is deleted.\nThis means that all existing data in the system will be wiped and\nCipherTrust Manager will be started from a clean slate.\n","tags":["HSM Servers"],"parameters":[{"name":"body","in":"body","description":"HSM server delete parameters","schema":{"type":"object","title":"Delete HSM server Request","properties":{"reset":{"type":"boolean","description":"If true CipherTrust Manager will perform a reset operation after adding the HSM server.\n\nCurrently a reset is required for this operation to succeed.\n\nWARNING - Reset is a destructive operation and will wipe all\ndata in the CipherTrust Manager.\n"},"delay":{"type":"integer","description":"Delay in seconds before reset, defaults to 5 seconds"}},"example":{"reset":true,"delay":5}}}],"responses":{"204":{"description":"No Content | Successful deletion of HSM server.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/hsm/clients/stcidentity/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Luna STC client identity file download","x-interactive":false,"description":"This API returns the Luna STC client identity file. The STC protocol is an alternative to the default NTLS\nprotocol. The partition Security Officer supplies the downloaded file during the 'stcconfig clientregister'\nlunacm command which must be done before invoking the /system/hsm/setup API (see the schema property\ninformation for initialConfig of the /system/hsm/setup API)\n","tags":["HSM Clients"],"produces":["application/octet-stream"],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"type":"string"}}}}},"/v1/system/services/reset":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Reset","description":"Resets the CipherTrust Manager instance.\n\nWARNING - This is a destructive operation and will wipe all data in the\nCipherTrust Manager.\n","tags":["Services"],"parameters":[{"name":"body","in":"body","description":"Reset CipherTrust Manager parameters","schema":{"type":"object","title":"Reset CipherTrust Manager Request","properties":{"delay":{"type":"integer","description":"Delay in seconds before reset, defaults to 5 seconds"}},"example":{"delay":5}}}],"responses":{"202":{"description":"Accept","schema":{"type":"object"},"examples":{"application/json":null}}}}},"/v1/system/services/restart":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Restart","description":"Restarts the CipherTrust Manager service.\n","tags":["Services"],"parameters":[{"name":"body","in":"body","description":"Restart CipherTrust Manager parameters","schema":{"type":"object","title":"Restart CipherTrust Manager Request","properties":{"delay":{"type":"integer","description":"Delay in seconds before restart, defaults to 5 seconds"},"services":{"type":"array","items":{"type":"string"},"description":"An array of services to restart. If this parameter is ommitted, the entire application is restarted. Options include - nae-kmip, web\n"}},"example":{"delay":5,"services":["nae-kmip"]}}}],"responses":{"202":{"description":"Accept","schema":{"type":"object"},"examples":{"application/json":null}}}}},"/v1/system/services/status":{"get":{"summary":"Status","description":"Returns the status of CipherTrust Manager instance and services.\n","produces":["application/json"],"parameters":[{"name":"service_names","in":"query","description":"Filter by CipherTrust Manager service name nae-kmip.","type":"string"},{"name":"status","in":"query","description":"Filter by CipherTrust Manager service status, valid status are started, starting, bootstrap and error.","type":"string"}],"tags":["Services"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"type":"string","description":"Overall status of the system (started, starting, error, bootstrap)"},"services":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Name of service"},"status":{"type":"string","description":"Status of service (started, starting, error)"}}}},"messages":{"type":"array","items":{"type":"string","description":"An optional list of human readable error messages from server"}}}},"examples":{"application/json":{"status":"started","services":[{"name":"nae-kmip","status":"started"},{"name":"web","status":"started"}]}}}}}},"/v1/system/info":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns this system's info attributes.\n","tags":["Info"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string"}}}]},"examples":{"application/json":{"name":"production1","version":"1.2.3.1111","model":"CipherTrust Manager k170v"}}}}},"patch":{"summary":"Set","description":"Set the system info. Only the name can be set - other attributes in the body are invalid.\n","tags":["Info"],"parameters":[{"name":"body","in":"body","description":"Set Info parameters","schema":{"type":"object","title":"Set Info Request","required":["name"],"properties":{"name":{"type":"string","description":"New user friendly name for the system. Will be returned by subsequent calls to GET."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"name":{"type":"string"}}}]},"examples":{"application/json":{"name":"production1","version":"1.2.3.1111","model":"CipherTrust Manager k170v"}}}}}},"/v1/system/ssh/keys":{"post":{"summary":"Add","description":"Adds an SSH public key to use for authentication. This operation is allowed only during CipherTrust Manager service bootstrap\nwhen there are no SSH public keys configured on the system or only the default SSH public key is present.\nThe default SSH key will be removed if it exists. CipherTrust Manager service will not start unless the default SSH public key is replaced.\n","tags":["SSH Keys"],"parameters":[{"name":"body","in":"body","description":"Add SSH public key parameters","schema":{"type":"object","title":"Add SSH public key Request","required":["key"],"properties":{"key":{"type":"string","description":"SSH public key to add"}},"example":{"key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIVGP8Ojyum6d7/r2Q1oihXfEcmEgzKUOCcNue2ovIRaxnqdFBTIEVnPBu6R0kMvBHvhyYpqQaLyCa6QhYgmzLA16A7M0+QSdBz+pFC6cMF6VK9b/lXgLek3aD4s+ynCc+/RF+n2AcS5j+JmkvQeOntY/WhmvCwJJpk6cmNfpnqfF/C8ExvGC3IPBCaVtHU2eIHvT0rIVwGYNZulrryeoPQZ2vH4cUPCDHxFeWTGCjXxPvy0JSoY0Z5mKJtxWLnEgIFzTUYiDueKM7HTrj5LPzov3ohB5bhNdiA+wLljFL7da8OvNhXp6aqCgg9ezs8df3bNSkWiaf24R/28sTeDuF"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"2stB4YDM5bz0uGez/EVhY6tX77E+taz0E6oL6m0Uv1g","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIVGP8Ojyum6d7/r2Q1oihXfEcmEgzKUOCcNue2ovIRaxnqdFBTIEVnPBu6R0kMvBHvhyYpqQaLyCa6QhYgmzLA16A7M0+QSdBz+pFC6cMF6VK9b/lXgLek3aD4s+ynCc+/RF+n2AcS5j+JmkvQeOntY/WhmvCwJJpk6cmNfpnqfF/C8ExvGC3IPBCaVtHU2eIHvT0rIVwGYNZulrryeoPQZ2vH4cUPCDHxFeWTGCjXxPvy0JSoY0Z5mKJtxWLnEgIFzTUYiDueKM7HTrj5LPzov3ohB5bhNdiA+wLljFL7da8OvNhXp6aqCgg9ezs8df3bNSkWiaf24R/28sTeDuF"}}}}}},"/v1/system/network/ping":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Ping a host","description":"Returns a ping response of the specified system using the interface contained in the call","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Ping submission parameters","schema":{"type":"object","title":"Test the reachability of a host","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces"},"count":{"type":"integer","description":"Number of packets to send"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for response"}},"example":{"destination":"www.google.com","count":1,"timeout_secs":2}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Test the reachability of a host","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces"},"count":{"type":"integer","description":"Number of packets to send"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for response"}},"example":{"destination":"www.google.com","count":1,"timeout_secs":2}},"examples":{"application/json":{"response":{"ip_address":"172.217.1.228","hostname":"www.google.com","packets_sent":1,"packets_received":1,"packets_lost":0,"min_rtt":60187,"max_rtt":176342,"avg_rtt":99607}}}},"422":{"description":"Interface not found / Host not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/network/traceroute":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Tracerouting a host","description":"Returns a traceroute response of the specified system using the interface contained in the call","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Traceroute submission parameters","schema":{"type":"object","title":"Trace the possible routes and measure delays that an IP packet takes to its destination","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"port":{"type":"integer","description":"The destination port to use"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"tcp":{"type":"boolean","description":"Use TCP SYN for tracerouting"},"udp":{"type":"boolean","description":"Use UDP to particular port for tracerouting"},"sendwait":{"type":"integer","description":"Minimum time interval between probes"},"max_ttl":{"type":"integer","description":"The max number of hops"},"first_ttl":{"type":"integer","description":"Start from the first_ttl hop"},"nqueries":{"type":"integer","description":"The number of probes per each hop"}},"example":{"destination":"www.google.com","max_ttl":5}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Trace the possible routes and measure delays that an IP packet takes to its destination","required":["destination"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"port":{"type":"integer","description":"The destination port to use"},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"tcp":{"type":"boolean","description":"Use TCP SYN for tracerouting"},"udp":{"type":"boolean","description":"Use UDP to particular port for tracerouting"},"sendwait":{"type":"integer","description":"Minimum time interval between probes"},"max_ttl":{"type":"integer","description":"The max number of hops"},"first_ttl":{"type":"integer","description":"Start from the first_ttl hop"},"nqueries":{"type":"integer","description":"The number of probes per each hop"}},"example":{"destination":"www.google.com","max_ttl":5}},"examples":{"application/json":{"response":["traceroute to 127.0.0.1 (127.0.0.1), 30 hops max, 60 byte packets","1 localhost (127.0.0.1) 0.045 ms 0.017 ms 0.012 ms"]}}},"422":{"description":"Interface not found / Host not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/network/checkport":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Check if a port is available on a remote system","description":"Returns the response after attempting to connect to a remote system using the (optional) interface contained in the call","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Checkport submission parameters","schema":{"type":"object","title":"Connect if a specific TCP port is open or not on the specified remote host","required":["destination","port"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"port":{"type":"integer","description":"Port number"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for the response"}},"example":{"destination":"www.google.com","port":80,"timeout_secs":2}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Connect if a specific TCP port is open or not on the specified remote host","required":["destination","port"],"properties":{"destination":{"type":"string","description":"Hostname, domain name or IP Address"},"interface":{"type":"string","description":"Network interface to use. Refer List network interfaces api for available interfaces."},"ipv4":{"type":"boolean","description":"use IPv4 only. Cannot be used with ipv6"},"ipv6":{"type":"boolean","description":"use IPv6 only. Cannot be used with ipv4"},"port":{"type":"integer","description":"Port number"},"timeout_secs":{"type":"integer","description":"Number of seconds to wait for the response"}},"example":{"destination":"www.google.com","port":80,"timeout_secs":2}},"examples":{"application/json":{"response":{"response":"connection successful"}}}},"422":{"description":"Interface not found / Host not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/network/interfaces":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of network interfaces and their states. When an\ninterface is configured with DHCP then its actual addresses are\nreturned.\n","tags":["Network"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"object","title":"Interface","required":["name"],"properties":{"name":{"type":"string","description":"The network interface name, e.g. \"ens3\"."},"force_gateway":{"type":"boolean","description":"Force system default gateway update, i.e. overwrite system default gateway when this device is brought up. By default a network interface will only set the system default gateway if is not already set. This feature can be used to force a specific network interface to be used for outgoing traffic initiated from the machine itself.\n\ntrue to enable, false to disable, and absent to use the existing\nvalue.\n"},"inet":{"description":"IPv4 specific settings.","type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"description":"IPv6 specific settings.","type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"description":"Bond specific settings.","type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}}},"example":{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]}}}}},"examples":{"application/json":{"skip":0,"limit":10,"total":4,"resources":[{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]},"inet6":{"method":"auto","ip":"2005:1000::a00:27ff:febb:5083","netmask":64,"gateway":"fe80::cad7:19ff:feff:774d"},"bond":{"options":"auto","master":"bond0"}},{"name":"bond0","inet":{"method":"dhcp","ip":"192.168.1.3","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]},"inet6":{"method":"none"},"bond":{"options":"mode=balance-rr"}},{"name":"ens4","inet":{"method":"none"},"inet6":{"method":"none"},"bond":{"master":"bond0"}},{"name":"ens5","inet":{"method":"none"},"inet6":{"method":"none"},"bond":{"master":"bond0"}}]}}}}}},"/v1/system/network/interfaces/{interface}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"interface","in":"path","required":true,"type":"string","description":"Name of the network interface"}],"get":{"summary":"Get","description":"Returns the state of the network interface. When the interface is configured with DHCP then its actual addresses are returned.","tags":["Network"],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Interface","required":["name"],"properties":{"name":{"type":"string","description":"The network interface name, e.g. \"ens3\"."},"force_gateway":{"type":"boolean","description":"Force system default gateway update, i.e. overwrite system default gateway when this device is brought up. By default a network interface will only set the system default gateway if is not already set. This feature can be used to force a specific network interface to be used for outgoing traffic initiated from the machine itself.\n\ntrue to enable, false to disable, and absent to use the existing\nvalue.\n"},"inet":{"description":"IPv4 specific settings.","type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"description":"IPv6 specific settings.","type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"description":"Bond specific settings.","type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}}},"example":{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]}}},"examples":{"application/json":{"name":"ens3","inet":{"ip":"10.10.105.32","netmask":"255.255.252.0","gateway":"10.10.105.1","dns":["8.8.8.8"]},"inet6":{"ip":"2001:0db8:85a3:0000:0000:8a2e:0370:7334","netmask":64,"dns":["2001:4860:4860:0:0:0:0:8888"]}}}},"404":{"description":"Network interface not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Modify the network interface configuration asynchronously. Since the final result is not known, GET with the same path can be used periodically to check if the change is applied successfully.\nWhen inet or inet6 has existing values and the request method is 'static' then any property absent from the request inherits the existing value. For example, if the interface is configured to use DHCP and the modify request only contains 'ip' and 'dns', then the existing values for netmask and gateway are applied as part of the static configuration.\nIf 'bond' is provided then it is ignored. These values can only be modified via the console or ssh using 'nmcli'.\nPlease note there is a risk that modifying a network interface remotely using this API may make communication with the node impossible without console access.","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Update interface with static IPv4","required":true,"schema":{"type":"object","title":"Interface","required":["name"],"properties":{"name":{"type":"string","description":"The network interface name, e.g. \"ens3\"."},"force_gateway":{"type":"boolean","description":"Force system default gateway update, i.e. overwrite system default gateway when this device is brought up. By default a network interface will only set the system default gateway if is not already set. This feature can be used to force a specific network interface to be used for outgoing traffic initiated from the machine itself.\n\ntrue to enable, false to disable, and absent to use the existing\nvalue.\n"},"inet":{"description":"IPv4 specific settings.","type":"object","title":"inet","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in dot-decimal notation (e.g. 255.255.255.0). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"inet6":{"description":"IPv6 specific settings.","type":"object","title":"inet6","required":["method"],"properties":{"method":{"type":"string","description":"Method for obtaining an IP.\n\n* auto - obtain all settings via stateless autoconfiguration\n* dhcp - obtain all settings via DHCP (ignores other values in request)\n* none - turn off IPv4\n* static - use values from request (requires 'ip', 'netmask')\n"},"ip":{"type":"string","description":"New static IP address. Required if method is 'static'."},"netmask":{"type":"string","description":"New netmask in bits (e.g. 64). Required if method is 'static'."},"gateway":{"type":"string","description":"Optional gateway IP address. If \"\" requested then the gateway is removed."},"dns":{"type":"array","description":"Optional DNS IP addresses. If [] requested then the system wide DNS is used.","items":{"type":"string"}}}},"bond":{"description":"Bond specific settings.","type":"object","title":"bond","properties":{"options":{"type":"string","description":"Read only. Bond configuration's 'options' field. See https://developer.gnome.org/NetworkManager/stable/nmcli.html table 11. Only applies to the interface that bonded other interfaces."},"master":{"type":"string","description":"Read only. The name of the network interface that bonded this interface."}}}},"example":{"name":"ens3","inet":{"method":"static","ip":"192.168.1.2","netmask":"255.255.255.0","gateway":"192.168.1.0","dns":["8.8.8.8","8.8.4.4"]}}}}],"responses":{"202":{"description":"Accepted - request started but a response cannot be provided because the IP address may change. There is no guarantee the request is applied successfully."},"409":{"description":"Conflict - when the existing configuration uses DHCP but the request does not have 'ip'.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/network/lookup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Query the mapping between domain name and ipaddress or other dns records.","description":"When looking up a host name, a list of IP addresses associated with the host name are returned.\nWhen looking up an IP address, a list of host names associated with the IP address are returned.\n","tags":["Network"],"parameters":[{"name":"body","in":"body","description":"Lookup parameters","schema":{"type":"object","title":"Query the mapping between domain name and IP address or other dns records","required":["target"],"properties":{"target":{"type":"string","description":"An IP address or host name to lookup.\nThe IP address can be an IPv4 or IPv6 address.\n"}},"example":{"target":"1.1.1.1"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"hosts":{"type":"array","description":"List of host names mapping to the supplied IP address, or,\nlist of IP addresses mapping to the host name.\n","items":{"type":"string"}}}},"examples":{"application/json":{"response":{"hosts":["www.abc.com","www.def.com"]}}}},"422":{"description":"Address or host name not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/mkeks":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of Master KEKs. Results can be refined with query params.\n","parameters":[{"name":"default","in":"query","type":"boolean","description":"true to get only the default Mkek, false for otherwise.(default is true)\n"}],"tags":["MKek"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","description":"Mkek ID."},"name":{"type":"string","description":"Secret Name"},"is_default":{"type":"boolean","description":"If this is the default Mkek"},"created_at":{"type":"string","format":"date-time","description":"Creation time of the Master KEK"},"sealer_name":{"type":"string","description":"name of the sealer"},"kek_name":{"type":"string","description":"Name of the secret i.e. KEK."}}}]}}}},"examples":{"application/json":{"total":1,"info":[{"id":"5f266878-ca45-4576-9e21-e1c5f106d04f","name":"sampleMkek","is_default":true,"created_at":"2021-02-25T06:57:50.15507095Z","sealer_name":"none"}]}}}}}},"/v1/system/mkeks/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"ID of the Master KEK"}],"get":{"summary":"Get MKek","description":"Get the details of a Master KEK given by ID.","tags":["MKek"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"id":{"type":"string","description":"Mkek ID."},"name":{"type":"string","description":"Secret Name"},"is_default":{"type":"boolean","description":"If this is the default Mkek"},"created_at":{"type":"string","format":"date-time","description":"Creation time of the Master KEK"},"sealer_name":{"type":"string","description":"name of the sealer"},"kek_name":{"type":"string","description":"Name of the secret i.e. KEK."}}}}}}},"/v1/system/mkeks/rotate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Rotate MKek","description":"Rotates the default mkek on the CipherTrust Manager. It will be replicated across all the nodes in a cluster.","tags":["MKek"],"parameters":[{"in":"body","name":"body","schema":{"type":"object","allOf":[{"type":"object","description":"Custom name of the Master KEK","properties":{"name":{"type":"string","description":"Custom name of the Master KEK."}}}],"example":{"application/json":{"name":"mkek_sample_name"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"id":{"type":"string","description":"Mkek ID."},"name":{"type":"string","description":"Secret Name"},"is_default":{"type":"boolean","description":"If this is the default Mkek"},"created_at":{"type":"string","format":"date-time","description":"Creation time of the Master KEK"},"sealer_name":{"type":"string","description":"name of the sealer"},"kek_name":{"type":"string","description":"Name of the secret i.e. KEK."}}}}}}},"/v1/system/metrics/prometheus":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get metrics","description":"This endpoint is typically used by a Prometheus client.\nIt must use the API token to authenticate itself to the CipherTrust Manager.\nThe API token can be obtained by enabling Prometheus metrics collection (POST to\n/v1/system/metrics/prometheus/enable), or by\ngetting the status of Prometheus metrics server on the CM (GET to\n/v1/system/metrics/prometheus/status).\n\nHere is a curl command that can be used for fetching Prometheus metrics:\n\ncurl -k 'https:///api/v1/system/metrics/prometheus' -H 'Authorization: Bearer ' --compressed\n","tags":["Prometheus Metrics"],"produces":["text/plain"],"responses":{"200":{"description":"OK"}}}},"/v1/system/metrics/prometheus/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Enable metrics collection","description":"This enables collection of Prometheus metrics.\nIt also returns an API token that can be used by a Prometheus client to scrape the CM for metrics.\n","tags":["Prometheus Metrics"],"responses":{"201":{"description":"OK","schema":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}}}}}},"/v1/system/metrics/prometheus/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Disable metrics collection","tags":["Prometheus Metrics"],"responses":{"201":{"description":"OK","schema":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}}}}}},"/v1/system/metrics/prometheus/renew-token":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Renew metrics collection token","description":"This renews the token used by Prometheus clients to scrape the CM for metrics.\n","tags":["Prometheus Metrics"],"responses":{"201":{"description":"OK","schema":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}}}}}},"/v1/system/metrics/prometheus/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"get configuration","description":"Determine whether Prometheus metrics collection is enabled, and also get\nthe API token that can be used for scraping metrics.\n","tags":["Prometheus Metrics"],"responses":{"200":{"description":"OK","schema":{"type":"object","description":"Status of metrics collection","properties":{"enabled":{"type":"boolean","description":"This determines whether Prometheus metrics collection is enabled (true) or disabled (false).\n"},"token":{"type":"string","description":"This token can be used by the Prometheus client to get metrics from the CM.\n"}}}}}}},"/v1/system/rot-keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of root of trust keys.","tags":["Root of Trust Keys"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."},"created_at":{"type":"string","format":"date-time","description":"Creation time of the root of trust key."},"is_active_key":{"type":"boolean","description":"Specifies whether this root of trust key is the active key."}}}]}}}},"examples":{"skip":0,"limit":10,"count":1,"rotkeys":[{"id":"DARKSTARKEY_37e16cb1-8fc6-406f-b3b8-a08d9f529926","created_at":"2021-12-10T00:38:42.000488Z","is_active_key":true},{"id":"DARKSTARKEY","created_at":"2021-12-09T00:28:42.000758Z"}]}}}}},"/v1/system/rot-keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Gets a root of trust key by id.","tags":["Root of Trust Keys"],"responses":{"200":{"description":"OK","schema":{"properties":{"resources":{"type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."},"created_at":{"type":"string","format":"date-time","description":"Creation time of the root of trust key."},"is_active_key":{"type":"boolean","description":"Specifies whether this root of trust key is the active key."}}}]}}},"examples":{"id":"DARKSTARKEY_37e16cb1-8fc6-406f-b3b8-a08d9f529926","created_at":"2021-12-10T00:38:42.000488Z"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a root of trust key by id.","parameters":[{"name":"force","in":"query","type":"boolean","description":"true for deletion with force option, false for deletion without force option.(default is false)\n"}],"tags":["Root of Trust Keys"],"responses":{"204":{"description":"No Content | Successful deletion of the root of trust key."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/system/rotate-rot-keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Rotate","description":"This operation rotates the current (active) root of trust key to a new or pre-existing key.\n\nA new key with a randomly generated name is created when no ID is supplied.\nThe key ID can be specified in the body of the request.\nA new key with this ID is created if a key with the supplied ID doesn't exist.\n\nIf multiple CipherTrust Manager instances are configured to use the same HSM partition,\nthey end up using shared 'root of trust' keys.\nIn a \"Shared HSM\" configuration, this operation facilitates sharing\nof rotated root of trust key among various nodes in the cluster.\n","tags":["Root of Trust Keys"],"parameters":[{"in":"body","name":"body","schema":{"type":"object","title":"Root of Trust Key Details","properties":{"id":{"type":"string","description":"Root of trust key ID.\nA new RoT key is created if this parameter isn't supplied, or\na RoT key with the supplied ID doesn't exist.\n"}},"example":{"application/json":{"id":"DARKSTARKEY_37e16cb1-8fc6-406f-b3b8-a08d9f529926"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"id":{"type":"string","description":"Root of trust key ID."},"created_at":{"type":"string","format":"date-time","description":"Creation time of the root of trust key."},"is_active_key":{"type":"boolean","description":"Specifies whether this root of trust key is the active key."}}},"examples":{"application/json":{"id":"DARKSTARKEY_37e16cb1-8fc6-406f-b3b8-a08d9f529926","createdAt":"2021-12-16T23:17:59.329893777Z","is_active_key":true}}}}}},"/v1/snmp/info":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns SNMP info attributes.\n","tags":["SNMP"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"engine_id":{"type":"string"}}}]},"examples":{"application/json":{"engine_id":"0x80001f880422353539353933584e4d5272317956486922"}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/communities":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"List the SNMP communities configured for SNMP v1 and v2c management.\n","tags":["SNMP"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"createdAt":{"type":"string"},"updatedAt":{"type":"string"},"name":{"type":"string"},"source":{"type":"string"},"mib_accesses":{"type":"array","items":{"type":"string"}},"read_write":{"type":"boolean"}}}}}},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"public","mib_accesses":["standard","enterprise"],"read_write":false},{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10912","createdAt":"2019-03-17T14:57:08.989757Z","updatedAt":"2019-03-17T14:57:08.989757Z","name":"private","mib_accesses":["enterprise"],"read_write":true}]}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API. \n"}}},"post":{"summary":"Add","description":"Add SNMP community configuration to use with versions v1 and v2c. Valid community names must contain 1 non-space character and must not contain any\nof these characters: double quote (\"), single quote ('), slash (/), back slash (\\\\), carriage return (\\r) and line feed (\\n).\n","tags":["SNMP"],"parameters":[{"name":"body","in":"body","description":"SNMP Community configuration","schema":{"type":"object","title":"SNMP Community configuration.","required":["name"],"properties":{"name":{"type":"string","description":"Community name"},"source":{"type":"string","description":"SNMP Management station IP or hostname or range of addresses to be allowed.\nDefault value is 'default' which will allow all management stations.\n"},"mib_accesses":{"type":"array","items":{"type":"string"},"description":"Access to MIB object groups 'standard', 'enterprise', or both. Default is 'standard' only.\n"},"read_write":{"type":"boolean","description":"Read-write or read-only access to the MIB objects. Default is read-only."}},"example":{"application/json":{"name":"public","source":"10.10.0.0/16","mib_accesses":["standard","enterprise"],"read_write":true}}}}],"responses":{"201":{"description":"SNMP community configuration has been saved and loaded to SNMP agent.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"public","source":"10.10.0.0/16","mib_accesses":["standard","enterprise"],"read_write":true}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/communities/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"Resource identifier. ID of the SNMP Community configuration."}],"get":{"summary":"Get","description":"Get a Community configuration info.","tags":["SNMP"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","source":"1.1.1.15","mib_accesses":["standard","enterprise"],"read_write":true}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"patch":{"summary":"Update","description":"Update a SNMP community configuration. Valid community names must contain 1 non-space character and must not contain any\nof these characters: double quote (\"), single quote ('), slash (/), back slash (\\\\), carriage return (\\r) and line feed (\\n).\n","tags":["SNMP"],"parameters":[{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"},{"name":"body","in":"body","description":"SNMP Community configuration","schema":{"type":"object","title":"SNMP Community configuration.","required":["name"],"properties":{"name":{"type":"string","description":"Community name"},"source":{"type":"string","description":"SNMP Management station IP or hosts to be allowed."},"mib_accesses":{"type":"array","items":{"type":"string"},"description":"Access to MIB object groups 'standard', 'enterprise', or both.\n"},"read_write":{"type":"boolean","description":"Read-write or read-only access to the MIB objects."}},"example":{"application/json":{"mib_accesses":["standard","enterprise"]}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:39:08.989757Z","updatedAt":"2019-03-17T14:45:08.989757Z","name":"public","mib_accesses":["standard","enterprise"],"read_write":false}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"delete":{"summary":"Delete","description":"Deletes a SNMP Community configuration.","tags":["SNMP"],"responses":{"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"204":{"description":"No Content | Successful deletion of SNMP management station.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/users":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"List the configured SNMP USM users.\n","tags":["SNMP"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"createdAt":{"type":"string"},"updatedAt":{"type":"string"},"engine_id":{"type":"string"},"name":{"type":"string"},"security_level":{"type":"string"},"auth_protocol":{"type":"string"},"auth_password":{"type":"string"},"priv_protocol":{"type":"string"},"priv_password":{"type":"string"},"mib_accesses":{"type":"array","items":{"type":"string"}},"read_write":{"type":"boolean"}}}}}},"examples":{"application/json":{"resources":[{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","security_level":"authPriv","auth_protocol":"SHA","priv_protocol":"AES","mib_accesses":["standard","enterprise"],"read_write":false},{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10912","createdAt":"2019-03-17T14:57:08.989757Z","updatedAt":"2019-03-17T14:57:08.989757Z","name":"rob","security_level":"authNoPriv","auth_protocol":"MD5","priv_protocol":"SHA","mib_accesses":["enterprise"],"read_write":false}]}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"post":{"summary":"Add","description":"Add a SNMP USM user to use with SNMP v3 management or notifications (traps and informs). User names or passwords must not contain any\nof these characters: double quote (\"), single quote ('), slash (/), back slash (\\\\), carriage return (\\r) and line feed (\\n).\n","tags":["SNMP"],"parameters":[{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"},{"name":"body","in":"body","description":"SNMP user configuration","schema":{"type":"object","title":"Add a SNMP user configuration","required":["name","security_level"],"properties":{"engine_id":{"type":"string","description":"Engine ID of the notification receiver for inform and it is optional.\nIt will be discovered for inform if not set.\n"},"name":{"type":"string","description":"Name of the user. It is also called as security name. Max 32."},"security_level":{"type":"string","description":"Security level. Valid values are noAuthNoPriv, authNoPriv and authPriv."},"auth_protocol":{"type":"string","description":"Authentication protocol. MD5, SHA, SHA-224, SHA-256, SHA-384, SHA-512 are supported.\nRequired for authNoPriv and authPriv security levels.\n"},"auth_password":{"type":"string","description":"Authentication password. Required with authentication protocol. Size must be 8 - 32"},"priv_protocol":{"type":"string","description":"Privacy protocol. DES, AES, AES-192, AES-192-C, AES-256, AES-256-C are supported. Algorithms AES, AES-192 and AES-256 use the Blumenthal Internet-Draft. Algorithms AES-192-C and AES-256-C (Cisco) use the key localization procedure for 3DES (Reeder Internet-Draft)."},"priv_password":{"type":"string","description":"Privacy password. Required with privacy protcol. Size must be 8 - 32."},"mib_accesses":{"type":"array","items":{"type":"string"},"description":"Access to MIB object groups 'standard', 'enterprise', or both.\nDo not set if the user will be used only for notifications.\n"},"read_write":{"type":"boolean","description":"Read-write or read-only access to the MIB objects. Default is read only.\n"}},"example":{"name":"john","security_level":"authPriv","auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}}],"responses":{"201":{"description":"Successful SNMP user creation and loaded to SNMP agent.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","security_level":"authPriv","auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/users/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"Resource identifier. ID of the SNMP user."}],"get":{"summary":"Get","description":"Get a SNMP user configuration info.","tags":["SNMP"],"parameters":[{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","security_level":"authPriv","auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"patch":{"summary":"Update","description":"Update a SNMP user configuration. Passwords must not contain any of these characters: double quote (\"), single quote ('), slash (/), back slash (\\\\), carriage return (\\r) and line feed (\\n).\n","tags":["SNMP"],"parameters":[{"name":"fields","in":"query","type":"string","description":"A hint to the server indicating fields the client is interested in. The server\nwill include these fields in the response.\n\nThe value should be a comma-delimited list of fields.\n\nCurrently, the supported fields are \"auth_password\" and \"priv_password\". These fields are not \nincluded in response by default and so this query parameter is necessary if those fields are needed.\n"},{"name":"body","in":"body","description":"SNMP user configuration","schema":{"type":"object","title":"SNMP user configuration","properties":{"security_level":{"type":"string","description":"Security level. Valid values are noAuthNoPriv, authNoPriv and authPriv."},"auth_protocol":{"type":"string","description":"Authentication protocol. MD5, SHA, SHA-224, SHA-256, SHA-384, SHA-512 are supported.\nRequired for authNoPriv and authPriv security levels.\n"},"auth_password":{"type":"string","description":"Authentication password. Required with authentication protocol. Size must be 8 - 32"},"priv_protocol":{"type":"string","description":"Privacy protocol. DES, AES, AES-192, AES-256 are supported. Required for authPriv security level."},"priv_password":{"type":"string","description":"Privacy password. Required with privacy protcol. Size must be 8 - 32."},"mib_accesses":{"type":"array","items":{"type":"string"},"description":"Access to MIB object groups 'standard', 'enterprise', or both.\nDo not set if the user will be used only for notifications.\n"},"read_write":{"type":"boolean","description":"Read-write or read-only access to the MIB objects. Default is read only.\n"}},"example":{"auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f10911","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","name":"john","security_level":"authPriv","auth_protocol":"SHA","auth_password":"AuthPass@1","priv_protocol":"AES","priv_password":"PrivPass@1","mib_accesses":["standard","enterprise"],"read_write":true}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"delete":{"summary":"Delete","description":"Deletes a SNMP user configuration.","tags":["SNMP"],"responses":{"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later."},"204":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/management-stations":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"List the SNMP management stations configured for receiving notifications (traps, informs).\n","tags":["SNMP"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"notification_type":{"type":"string"},"host":{"type":"string"},"port":{"type":"integer"},"version":{"type":"string"},"security_name":{"type":"string"}}}}}},"examples":{"application/json":{"resources":[{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","notification_type":"trap","host":"192.168.1.5","port":162,"version":"1","security_name":"public"},{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091f","createdAt":"2019-03-17T14:56:08.989757Z","updatedAt":"2019-03-17T14:56:08.989757Z","notification_type":"inform","host":"192.168.1.5","port":1162,"version":"3","security_name":"john"}]}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API. \n"}}},"post":{"summary":"Add","description":"Add a SNMP Management Station to receive SNMP notifications (traps, informs).\n","tags":["SNMP"],"parameters":[{"name":"body","in":"body","description":"SNMP Management Station configuration","schema":{"type":"object","title":"SNMP Management Station","required":["host","version","security_name"],"properties":{"notification_type":{"type":"string","description":"Notification type 'trap' or 'inform'. Default is 'trap'."},"host":{"type":"string","description":"Hostname or IPAddress of the SNMP trap receiver."},"port":{"type":"integer","description":"Port to receive the notification. Default is 162."},"version":{"type":"string","description":"SNMP version 1, 2c or 3"},"security_name":{"type":"string","description":"Security name is Community name for versions 1 / 2c, and User name for version 3.\nUser must be already configured for version 3.\n"}},"example":{"host":"192.168.1.5","version":"1","security_name":"public"}}}],"responses":{"200":{"description":"SNMP management station configuration has been saved and loaded to SNMP agent.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","notification_type":"trap","host":"192.168.1.5","port":162,"version":"1","security_name":"public"}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later."},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/snmp/management-stations/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"Resource identifier. ID of the management station configuration."}],"get":{"summary":"Get","description":"Get a management station configuration info.","tags":["SNMP"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","notification_type":"trap","host":"192.168.1.5","pprt":162,"version":"1","security_name":"public"}}},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"patch":{"summary":"Update Management Station","description":"Update a SNMP management station configuration\n","tags":["SNMP"],"parameters":[{"name":"body","in":"body","description":"SNMP management station configuration","schema":{"type":"object","title":"Update a SNMP Management station","properties":{"security_name":{"type":"string","description":"Security name is Community name for versions 1 / 2c, and User name for version 3.\nUser must be already configured for version 3.\n"}},"example":{"security_name":"public"}}}],"responses":{"200":{"description":"SNMP management station configuration has been updated and loaded to SNMP agent.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","createdAt":"2019-03-17T14:59:08.989757Z","updatedAt":"2019-03-17T14:59:08.989757Z","notification_type":"trap","host":"192.168.1.5","port":162,"version":"1","security_name":"public"}}},"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"404":{"description":"Resource not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}},"delete":{"summary":"Delete","description":"Deletes a SNMP management station configuration.","tags":["SNMP"],"responses":{"202":{"description":"Configuration is saved but not loaded to SNMP agent. It will be loaded later when the\nSNMP agent becomes available.\n"},"204":{"description":"No Content | Successful deletion of SNMP USM user.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"500":{"description":"Error 'Upstream host lookup failed' means SNMP interface is not enabled.\nSNMP interface must be added before using this API.\n"}}}},"/v1/locker/diskenc/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Returns the encryption status of a server\n","tags":["Disk Encryption"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"encryptionStatus":{"type":"string"},"hasDEK":{"type":"boolean"},"attendedBoot":{"type":"boolean"}}}]},"examples":{"application/json":{"data":{"encryptionStatus":"not encrypted","hasDEK":false,"attendedBoot":false}}}}}}},"/v1/locker/diskenc/setup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Encrypt","description":"Encrypt server on next reboot\n","tags":["Disk Encryption"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","properties":{"attendedBoot":{"type":"boolean","description":"Requires the user to explicitly issue the command 'secureboot' to unlock the encrypted disk. When the value is false then the encrypted disk is automatically unlocked during boot. Default value is `true`."},"reencrypt":{"type":"boolean","description":"Reencrypt using a new random master key. Use this when the disk is already encrypted."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"status":{"type":"string"}}}]},"examples":{"application/json":{"data":{"status":"Configuration success. Please reboot appliance to start encryption."}}}}}}},"/v1/client-management/regtokens/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Client registration token.\n","tags":["Client-Management/Tokens"],"parameters":[{"name":"body","in":"body","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default.","schema":{"type":"object","title":"Create Client registration token","properties":{"ca_id":{"description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process. By default local Certificate Authority will be used to issue certificates.","type":"string"},"lifetime":{"type":"string","description":"Duration in minutes/hours/days for which this token can be used for registering CipherTrust Manager clients. No limit by default. For 'x' amount of time, it should formatted as xm for x minutes, xh for hours and xd for days."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager client's certificate is valid, default (730)."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"label":{"type":"object","description":"Label is the key value pair. In case of KMIP client registration, Key is KmipClientProfile and in case of PA client registration Key is ClientProfile. Value for the key is the profile name of protectapp/Kmip client profile to be mapped with the token for protectapp/Kmip client registration."},"name_prefix":{"type":"string","description":"Prefix for the client name. For a client registered using this registration token, name_prefix, if specified, client name will be constructed as 'name_prefix{nth client registered using this registation token}', If name_prefix is not specified, CipherTrust Manager server will generate a random name for the client.","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager client's certificate is valid, default (730)."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."}}}]}},"example":{"ca_id":"d94ef496-5e43-4424-a6e7-f4213c108415","lifetime":"10h","cert_duration":730,"max_clients":100,"name_prefix":"test_client","label":{"ClientProfile":"profilename"}}}}],"responses":{"201":{"description":"Successful client registration token creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":-1,"cert_duration":730,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"}}}}}},"get":{"summary":"List","description":"Returns a list of client registraton tokens. The results can be filtered using the query parameters.\n","tags":["Client-Management/Tokens"],"parameters":[{"name":"id","in":"query","required":false,"type":"string","description":"Filter the results by id of client registration token."},{"name":"token","in":"query","required":false,"type":"string","description":"Filter the results by token of client registration token."},{"name":"label","in":"query","required":false,"type":"string","format":"JSON","description":"Filter the results by label of client registration token."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager client's certificate is valid, default (730)."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":-1,"cert_duration":730,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"}}]}}}}}},"/v1/client-management/regtokens/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a client registration token with the given `id`.","tags":["Client-Management/Tokens"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager client's certificate is valid, default (730)."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."}}}]},"examples":{"application/json":{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":-1,"cert_duration":730,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates details of a client registration token.","tags":["Client-Management/Tokens"],"parameters":[{"name":"body","in":"body","description":"The client registration token properties to change. The properties will be merged with the client registration token resource.\n","schema":{"type":"object","title":"Update Client registration token","properties":{"lifetime":{"type":"string","description":"Extended lifetime of client registration token from current time in days."},"max_clients":{"type":"integer","description":"Modify maximum number of clients that can be registered using this registration token."}},"example":{"lifetime":"10h","max_clients":100}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"cert":{"description":"Client certificate issued by CipherTrust Manager.","type":"string"},"sha256_fingerprint":{"description":"Client certificate's sha256_fingerprint.","type":"string"},"issuer":{"description":"CipherTrust Manager CA used for issuing the client certificate.","type":"string"}}}]},"examples":{"application/json":{"id":"80c46422-aed1-4ad3-b03d-919967b16d4b","uri":"kylo:kylo:munshi:tokens:80c46422-aed1-4ad3-b03d-919967b16d4b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T00:15:51.726926788Z","updatedAt":"2018-12-18T00:15:51.726926788Z","token":"zRErxzHRBCdhwfWXFvQhbFI9kMPyZvWMamCaRQUzbBlrWLlZHG2mi1GmZ9yAWsOK","valid_until":"0001-01-01T00:00:00Z","max_clients":100,"cert_duration":730,"clients_registered":0,"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","name_prefix":"test_client","label":{"ClientProfile":"profilename"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a client registration token.","tags":["Client-Management/Tokens"],"responses":{"204":{"description":"No Content | Successful deletion of client registration token.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/webcert-fingerprint/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Web Certificate Fingerprint","description":"Returns fingerprint of the web server certificate.","tags":["Client-Management/Tokens"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"token":{"type":"string","description":"Client registration token."},"lifetime":{"type":"string","description":"Duration in days for which this token can be used for registering CipherTrust Manager clients. No limit by default."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager client's certificate is valid, default (730)."},"max_clients":{"type":"integer","description":"Maximum number of clients that can be registered using this registration token. No limit by default."},"ca_id":{"type":"string","description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process."}}}]},"examples":{"application/json":{"interface":"web","sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","sha512_fingerprint":"A9A764382F934E192325E23C79FC2223FFC04A97BE3788219BAE0E24FD0F7AE7A6C3C4212B08A07516197EC6A3150A3C52BA797AC082F6F8F89EF9446C3F4DAF"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/clients/":{"post":{"summary":"Register","description":"Adds a new CipherTrust Manager client on the CipherTrust Manager. Specify the following details.\n- Name for the CipherTrust Manager client (optional).\n- Client Registration Token.\n- Client Type (optional).\n- Specify any one of the following fields\n - Certificate signing request.\n - CSR params.\n - Client Certificate in case when clients bring their own certs.\n","tags":["Client-Management/Clients"],"parameters":[{"name":"body","in":"body","description":"CipherTrust Manager client parameters","schema":{"type":"object","title":"Register CipherTrust Manager Client","required":["registration_token"],"properties":{"name":{"type":"string","description":"Name for the CipherTrust Manager client to display on CipherTrust Manager."},"registration_token":{"type":"string","description":"CipherTrust Manager Client registration token."},"csr":{"type":"string","description":"Certificate signing request to be signed by CipherTrust Manager."},"client_type":{"type":"string","description":"CipherTrust Manager client registration type"},"subject_dn_field_to_modify":{"type":"string","description":"This field makes the Subject Distinguished Name (Subject DN) unique. It is required when the Subject DN from client's CSR is not unique.\nBy default, the `UID` is used to modify the Subject DN. However, Subject DN can be modified based on the following fields.\nIf one of these fields (except OU) is chosen, the original field values is overridden by the CipherTrust Manager.\nIf OU is chosen, the OU gets appended in the Subject DN with other attributes.\nSet the `do_not_modify_subject_dn` flag to true to avoid any modification in the Subject DN .\nTo prevent Subject DN from being modified, set the `do_not_modify_subject_dn` flag to `true`.\n","enum":["UID ('userid')","CN ('commonName')","SN ('serialNumber')","DNQ ('dnQualifier')","OU ('organizationalUnit')"]},"do_not_modify_subject_dn":{"type":"boolean","description":"Specifies if Subject DN in the CSR is allowed to be modified or not.\nIf this flag is set to true, then Subject DN must be unique across all the CipherTrust Manager clients, otherwise registration will not be allowed.\nThis flag is applicable if client is registered using a presented CSR.\n"},"csr_params":{"type":"object","title":"CSR creation request parameters","properties":{"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string","description":"Subject Alternative Names (SAN) values"}},"emailAddresses":{"type":"array","items":{"type":"string","description":"E-mail addresses"}},"ipAddresses":{"type":"array","items":{"type":"string","description":"IP addresses"}},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"CPL\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"},"password":{"type":"string","description":"Password to PEM-encrypt the private key. If not specified, the private key is not encrypted in return."},"encryptionAlgo":{"type":"string","description":"Private key encryption algorithm. AES256 (default), AES192, AES128, TDES"},"privateKeyBytes":{"type":"string","description":"Private Key bytes of the key which is to be used while creating CSR(Algorithm and size should be according to this key). If not given will generate key internally as per algorithm and size."}}},"client_cert_params":{"type":"object","title":"Client Certificate parameters, to register a client using certificate.","properties":{"certificate":{"type":"string","description":"Certificate issued by a CA known to CipherTrust Manager."}}}},"example":{"name":"Client_Windows","registration_token":"d94ef4965e4344246e7f4213c108415","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHNMHUCAQAwEzERMA8GA1UEAxMIVGVzdCBDU1IwWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATndOIgsTp7m4bOuixxuAt2XQ3oZqp8th/woAo51z7RiAAGdm7IfB1w\n7uWr8o5PWKBatXIgvPp8hvRWHQPHCfcLoAAwCgYIKoZIzj0EAwIDSAAwRQIgVyvz\nhFGCKV460fNJC0vC48gI268B68Xr6osFoy9Ouw8CIQCWN1LtcyxPIvul3XF1Pj7l\navEeIqDBcfD6VHhbnpO2Ag==\n-----END CERTIFICATE REQUEST-----","subject_dn_field_to_modify":"DNQ","do_not_modify_subject_dn":false}}}],"responses":{"201":{"description":"Successful client registration.","schema":{"type":"object"},"examples":{"application/json":{"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","cert_id":"59e23c51-fca5-44f4-9902-0ca94d851990","client_metadata":null,"created_at":"2018-12-18T00:16:26.670861+00:00","id":"1e33456b-8782-43a2-9efe-b415dc76ce52","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales Group/CN=CipherTrust Manager Root CA","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","revocation_reason":null,"sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","state":"active","updated_at":"2018-12-18T00:16:26.670861+00:00","valid_until":"2020-12-17 00:16:26 +0000 UTC","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"get":{"summary":"List","description":"Returns a list of CipherTrust Manager clients added to the CipherTrust Manager. The results can be filtered, using the query parameters.\n","tags":["Client-Management/Clients"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"query","required":false,"type":"string","description":"Filter the results by client id."},{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by client's name."},{"name":"sha256_fingerprint","in":"query","required":false,"type":"string","description":"Filter the results by clients certificate's sha256_fingerprint."},{"name":"subject","in":"query","required":false,"type":"string","description":"Filter the results by clients certificate's subject distinguished name."},{"name":"state","in":"query","required":false,"type":"string","description":"Filter the results by client's state."},{"name":"groups","in":"query","required":false,"type":"string","description":"Filter by clients in the given group name. Using 'nil' as the group name will return clients that are not part of any group."},{"name":"client_metadata","in":"query","required":false,"type":"string","description":"Filter the clients by the client type."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"cert":{"description":"Client certificate issued by CipherTrust Manager.","type":"string"},"sha256_fingerprint":{"description":"Client certificate's sha256_fingerprint.","type":"string"},"issuer":{"description":"CipherTrust Manager CA used for issuing the client certificate.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","cert_id":"59e23c51-fca5-44f4-9902-0ca94d851990","client_metadata":null,"created_at":"2018-12-18T00:16:26.670861+00:00","id":"1e33456b-8782-43a2-9efe-b415dc76ce52","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales Group/CN=CipherTrust Manager Root CA","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","revocation_reason":null,"sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","state":"active","updated_at":"2018-12-18T00:16:26.670861+00:00","valid_until":"2020-12-17 00:16:26 +0000 UTC","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n","subject":"/CN=test","hostname":"1.2.3.4"}]}}}}}},"/v1/client-management/clients/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a CipherTrust Manager client.","tags":["Client-Management/Clients"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"cert":{"description":"Client certificate issued by CipherTrust Manager.","type":"string"},"sha256_fingerprint":{"description":"Client certificate's sha256_fingerprint.","type":"string"},"issuer":{"description":"CipherTrust Manager CA used for issuing the client certificate.","type":"string"}}}]},"examples":{"application/json":{"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","cert_id":"59e23c51-fca5-44f4-9902-0ca94d851990","client_metadata":null,"created_at":"2018-12-18T00:16:26.670861+00:00","id":"1e33456b-8782-43a2-9efe-b415dc76ce52","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales Group/CN=CipherTrust Manager Root CA","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","revocation_reason":null,"sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","state":"active","updated_at":"2018-12-18T00:16:26.670861+00:00","valid_until":"2020-12-17 00:16:26 +0000 UTC","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"TBD. Updates the details of a client and/or re-register client as implemented in ProtectFile on the CipherTrust Manager.\n","tags":["Client-Management/Clients"],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"cert":{"description":"Client certificate issued by CipherTrust Manager.","type":"string"},"sha256_fingerprint":{"description":"Client certificate's sha256_fingerprint.","type":"string"},"issuer":{"description":"CipherTrust Manager CA used for issuing the client certificate.","type":"string"}}}]},"examples":{"application/json":{"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","cert_id":"59e23c51-fca5-44f4-9902-0ca94d851990","client_metadata":null,"created_at":"2018-12-18T00:16:26.670861+00:00","id":"1e33456b-8782-43a2-9efe-b415dc76ce52","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales Group/CN=CipherTrust Manager Root CA","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","revocation_reason":null,"sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","state":"active","updated_at":"2018-12-18T00:16:26.670861+00:00","valid_until":"2020-12-17 00:16:26 +0000 UTC"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a client from the CipherTrust Manager.\n\n_Note: Deleting a client removes its link with all assocated rules. This is an irreversible event._\n","tags":["Client-Management/Clients","Danger"],"responses":{"204":{"description":"No Content | Successful deletion of client.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/clients/{id}/revoke":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Revoke","description":"Revokes a CipherTrust Manager client.","tags":["Client-Management/Clients"],"parameters":[{"name":"body","in":"body","description":"CipherTrust Manager client revoke parameters","schema":{"type":"object","title":"Revoke CipherTrust Manager Client","properties":{"revocation_reason":{"type":"string","description":"Message string indicating reasson for revoking CipherTrust Manager client."}},"example":{"revocation_reason":"went rogue"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"cert":{"description":"Client certificate issued by CipherTrust Manager.","type":"string"},"sha256_fingerprint":{"description":"Client certificate's sha256_fingerprint.","type":"string"},"issuer":{"description":"CipherTrust Manager CA used for issuing the client certificate.","type":"string"}}}]},"examples":{"application/json":{"ca_id":"706ac153-d42c-4b99-bc8e-ae1c2efa49fa","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","cert_id":"59e23c51-fca5-44f4-9902-0ca94d851990","client_metadata":null,"created_at":"2018-12-18T00:16:26.670861+00:00","id":"1e33456b-8782-43a2-9efe-b415dc76ce52","issuer":"/C=US/ST=MD/L=Belcamp/O=Thales Group/CN=CipherTrust Manager Root CA","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","sha256_fingerprint":"C0BB65D8105F940C1D7A063A4E70F8FDE0799CFA6AA585291EA593B180650380","state":"revoked","revocation_reason":"went rogue","updated_at":"2018-12-18T00:16:26.670861+00:00","valid_until":"2020-12-17 00:16:26 +0000 UTC"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/clients/{id}/renew":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Renew","description":"Renews the certificate of a CipherTrust Manager client.","tags":["Client-Management/Clients"],"parameters":[{"name":"body","in":"body","description":"CipherTrust Manager client renew parameters","schema":{"type":"object","title":"Renews a CipherTrust Manager Client.","properties":{"server_csr":{"type":"object","title":"server csr","description":"Input csr parameters for the server to create a CSR and a Key.","properties":{"subject_dn_template":{"type":"object","title":"Subject DN template","description":"Subject DN template","properties":{"cn":{"type":"string","description":"Common Name"},"dns_names":{"type":"array","items":{"type":"string","description":"Subject Alternative Names (SAN) values"}},"email_addresses":{"type":"array","items":{"type":"string","description":"E-mail addresses"}},"ip_addresses":{"type":"array","items":{"type":"string","description":"IP addresses"}},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"CPL\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}},"key_gen_params":{"type":"object","title":"Key generation parameters","description":"Key generation parameters","properties":{"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"password":{"type":"string","description":"Password to PEM-encrypt the private key. If not specified, the private key is not encrypted in return."},"encryption_algo":{"type":"string","description":"Private key encryption algorithm. AES256 (default), AES192, AES128, TDES"},"private_key_bytes":{"type":"string","description":"Private Key bytes of the key which is to be used while creating CSR(Algorithm and size should be according to this key). If not given will generate key internally as per algorithm and size."}}}}},"client_csr":{"type":"object","title":"client csr","properties":{"csr":{"type":"string","description":"CSR to be signed by one of the Local CAs(the CA which is the issuer of the current client certificate) of CipherTrust Manager.\n"},"do_not_modify_subject_dn":{"type":"boolean","description":"Flag to specify if the subject distinguished name (Subject DN) in the presented CSR is allowed to be modified or not.\nIf this is flag is set to true, then the subject distinguished name must be unique across all the CipherTrust Manager clients,\notherwise the renew will not be allowed.\n"}}},"subject_dn_field_to_modify":{"type":"string","description":"This field is used in making the subject distinguished name (Subject DN) unique. This is required when the Subject DN from client's CSR is not unique in itself.\nAdmins should choose one of the following fields for this purpose. If none is chosen, by default UID is used to modify the Subject DN.\nIf the admin does not want the Subject DN to be modified, set the do_not_modify_subject_dn flag to true.\nIf one of these fields (except OU) is chosen, the original field values would be overridden by CipherTrust Manager .\nIf OU is chosen, the OU would be appended in the Subject DN with other attributes.\n","enum":["UID ('userid')","CN ('commonName')","SN ('serialNumber')","DNQ ('dnQualifier')","OU ('organizationalUnit')"]},"ext_cert":{"type":"string","description":"New client certificate signed by an external CA to renew an existing CipherTrust Manager client."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager client's renewed certificate is valid, default (730). This is valid for clients issued by Local CA."},"ca_id":{"type":"string","description":"ID of the CA to be used in the renewal. This is to override the CA in the client profile, if any."}},"example":{"server_csr":{"subject_dn_template":{"cn":"test"},"key_gen_params":{"private_key_bytes":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIEj1iesPsLdk0tM7Jv87sruegOPdmji9SY3s3ncdckxqoAoGCCqGSM49\nAwEHoUQDQgAEL8cvuduRZs6e/vsttMlhi9HxV+0FzhCg/zHUmXNmyH5KlmQgoaql\nVfwnHqQk79lf+55WSLD7uUwaxhYwGHIapw==\n-----END EC PRIVATE KEY-----","algorithm":"ecdsa","size":256}},"client_csr":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIByTCCATICAQAwgYgxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl\nMQ8wDQYDVQQHEwZNeUNpdHkxFDASBgNVBAoTC0NvbXBhbnkgTHRkMQswCQYDVQQL\nEwJJVDEVMBMGA1UEAxMMY2xpZW50QWRtaW4xMRkwFwYKCZImiZPyLGQBARMJMTIz\nNDU2Nzg5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0oG74mGfxRPVOxbup\nbdn2kdlSn4aHXw+KBZ7HZzlmoV8p5BvhAoQWmJ7nxKeP+8fj0h7tcMof+HEThOBj\nfylTej4BnyvJDKMZXwN5PTt0MGPfkIblO9f/8DLmWidEyfmxzDUB90+8Ac77KDXX\nGrPrEQ2V66kLTTcfgMis79LOzQIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAaYIN\nwzbsAYYiVmAjV1Wrcc2uqFEWl56VRPv6n8EYhsBhZd7cKGjTAaRDDjIi7pNdu7uB\nUHxlrr6Cj/jPLaJ/dAxKJP76N+A0v2MeNCecBScBv8LnAlTDUHkm4HDNi3Q9ymbv\nEsbB6DS7ejDrS6QCJ5bkgkX2Jc54dk+QG4qQyLg=\n-----END CERTIFICATE REQUEST-----"},"subject_dn_field_to_modify":"DNQ","cert_duration":730}}}],"responses":{"200":{"description":"Successful client renewal.","examples":{"client_id":"1e33456b-8782-43a2-9efe-b415dc76ce52","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n","ca_cert":"-----BEGIN CERTIFICATE-----\nMIIFoDJlbGNhbXAxEDAO\nMTUxMFowWjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRowGAYD\nVQQDExFLZXlTZWN1cmUgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC\nAgoCggIBAPgJPiSciHZcAPMnEv7dpP1/jc82V9a9pmOIU2jkE7xIvhc7wQ/xVYZX\npl0c/+9v4YEcle/GjkSl7v04hOg+klf10lpTTp2ctdUd83gECDVrwpUUMpFtdhiL\nAC/hXNGobnJxjEMZPV3/gZIkxR4jDoa8A3FiLL5xLoWc9YLn85JDlYRVE1rdcpgW\n0ElTNrOko1mUJ1g90mXBiE7TGHdHR6gtbloSNZOUBFlf0P17pQPLyzZxR3tlq3qo\n/l/+hdcYfLw/Jf323c30CbuVFFbYQzADmB6k0rZaajQMZJIhYO+EUt7HKrF/gU6E\nj0uq18yxQxsXnxs2n94fpeSWF/UfuIIkjJ8mA6yGgkgT3Nw/MoD+8eTnMeoaH04S\nbm3a1pi7nlVKYdRednFphxx9YmkIMy+2VQoWfVmKvJTxCtE7rzElZsqKQ6ZFvtPi\n71YPlt0gWwHMkWY4lFuUYPMcH7x7Zzb/adggES17DhmrqUivIEQgl4VYQSBkK/b3\nPQ64+iXhtnLDiiSneKErEvMqA81RIqWd3c6XG07+6YTFoL3peOEm5XWw0KvzDhUT\nomJkNTsh+Og4OXBtLXSCJzUVeY6yuxALb6GaSS0a90k34/iRP71BESO0EtngH3lr\nQhOVYibGMKfJDSMEEfCATbY4fBn1uj1RrAUhQ3GlauU/lLzZ8gjDAgMBAAGjYjBg\nMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/B0GA1UdDgQWBBTzcq97\nqHASsOatm3N+6Iq1TD0gIzAeBgNVHREEFzAVgRNzdXBwb3J0QGdlbWFsdG8uY29t\nMA0GCSqGSIb3DQEBCwUAA4ICAQBmwTdayCb9gBlAKJVhW5mBh+muajk53cXxaXJx/VwLe\ntyyNQZhV5r6AIgdSLuy8UPj9rWeVMeI4xWutdy/ANj6737pzr4WjNNBirVtkDhRh\nMZtV9Q==\n-----END CERTIFICATE-----\n"}},"400":{"description":"Bad Request | Cannot renew client certificate.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/clients/{id}/impersonated-users/{user_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"user_id","in":"path","required":true,"description":"the user_id of the user","type":"string"}],"post":{"summary":"Add","description":"Add Impersonated User to the Client","tags":["Client-Management/Impersonated Users"],"responses":{"204":{"description":"Successful"},"404":{"description":"Resource not found"},"409":{"description":"Conflict | Could not add user since it can already be impersonated."}}},"delete":{"summary":"Delete","description":"Delete Impersonated User from the Client","tags":["Client-Management/Impersonated Users"],"responses":{"200":{"description":"Successful"},"404":{"description":"Resource not found"}}}},"/v1/client-management/clients/{id}/impersonated-users":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Get Impersonated Users of the Client","tags":["Client-Management/Impersonated Users"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"Successful"},"404":{"description":"Resource not found"}}}},"/v1/client-management/self/client/renew":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Renew","description":"Renew the client certificate. This applies to a client, which uses client ID and grant_type as client_credential, to get the access token.","tags":["Client-Management/Clients"],"parameters":[{"name":"body","in":"body","description":"CipherTrust Manager client renew parameters","schema":{"type":"object","title":"Renews a CipherTrust Manager Client.","properties":{"server_csr":{"type":"object","title":"server csr","description":"Input csr parameters for the server to create a CSR and a Key.","properties":{"subject_dn_template":{"type":"object","title":"Subject DN template","description":"Subject DN template","properties":{"cn":{"type":"string","description":"Common Name"},"dns_names":{"type":"array","items":{"type":"string","description":"Subject Alternative Names (SAN) values"}},"email_addresses":{"type":"array","items":{"type":"string","description":"E-mail addresses"}},"ip_addresses":{"type":"array","items":{"type":"string","description":"IP addresses"}},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"CPL\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPL\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"}}},"key_gen_params":{"type":"object","title":"Key generation parameters","description":"Key generation parameters","properties":{"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"password":{"type":"string","description":"Password to PEM-encrypt the private key. If not specified, the private key is not encrypted in return."},"encryption_algo":{"type":"string","description":"Private key encryption algorithm. AES256 (default), AES192, AES128, TDES"},"private_key_bytes":{"type":"string","description":"Private Key bytes of the key which is to be used while creating CSR(Algorithm and size should be according to this key). If not given will generate key internally as per algorithm and size."}}}}},"client_csr":{"type":"object","title":"client csr","properties":{"csr":{"type":"string","description":"CSR to be signed by one of the Local CAs(the CA which is the issuer of the current client certificate) of CipherTrust Manager.\n"},"do_not_modify_subject_dn":{"type":"boolean","description":"Flag to specify if the subject distinguished name (Subject DN) in the presented CSR is allowed to be modified or not.\nIf this is flag is set to true, then the subject distinguished name must be unique across all the CipherTrust Manager clients,\notherwise the renew will not be allowed.\n"}}},"subject_dn_field_to_modify":{"type":"string","description":"This field is used in making the subject distinguished name (Subject DN) unique. This is required when the Subject DN from client's CSR is not unique in itself.\nAdmins should choose one of the following fields for this purpose. If none is chosen, by default UID is used to modify the Subject DN.\nIf the admin does not want the Subject DN to be modified, set the do_not_modify_subject_dn flag to true.\nIf one of these fields (except OU) is chosen, the original field values would be overridden by CipherTrust Manager .\nIf OU is chosen, the OU would be appended in the Subject DN with other attributes.\n","enum":["UID ('userid')","CN ('commonName')","SN ('serialNumber')","DNQ ('dnQualifier')","OU ('organizationalUnit')"]},"ext_cert":{"type":"string","description":"New client certificate signed by an external CA to renew an existing CipherTrust Manager client."},"cert_duration":{"type":"integer","description":"Duration in days for which the CipherTrust Manager client's renewed certificate is valid, default (730). This is valid for clients issued by Local CA."},"ca_id":{"type":"string","description":"ID of the CA to be used in the renewal. This is to override the CA in the client profile, if any."}},"example":{"server_csr":{"subject_dn_template":{"cn":"test"},"key_gen_params":{"private_key_bytes":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIEj1iesPsLdk0tM7Jv87sruegOPdmji9SY3s3ncdckxqoAoGCCqGSM49\nAwEHoUQDQgAEL8cvuduRZs6e/vsttMlhi9HxV+0FzhCg/zHUmXNmyH5KlmQgoaql\nVfwnHqQk79lf+55WSLD7uUwaxhYwGHIapw==\n-----END EC PRIVATE KEY-----","algorithm":"ecdsa","size":256}},"client_csr":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIIByTCCATICAQAwgYgxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl\nMQ8wDQYDVQQHEwZNeUNpdHkxFDASBgNVBAoTC0NvbXBhbnkgTHRkMQswCQYDVQQL\nEwJJVDEVMBMGA1UEAxMMY2xpZW50QWRtaW4xMRkwFwYKCZImiZPyLGQBARMJMTIz\nNDU2Nzg5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0oG74mGfxRPVOxbup\nbdn2kdlSn4aHXw+KBZ7HZzlmoV8p5BvhAoQWmJ7nxKeP+8fj0h7tcMof+HEThOBj\nfylTej4BnyvJDKMZXwN5PTt0MGPfkIblO9f/8DLmWidEyfmxzDUB90+8Ac77KDXX\nGrPrEQ2V66kLTTcfgMis79LOzQIDAQABoAAwDQYJKoZIhvcNAQELBQADgYEAaYIN\nwzbsAYYiVmAjV1Wrcc2uqFEWl56VRPv6n8EYhsBhZd7cKGjTAaRDDjIi7pNdu7uB\nUHxlrr6Cj/jPLaJ/dAxKJP76N+A0v2MeNCecBScBv8LnAlTDUHkm4HDNi3Q9ymbv\nEsbB6DS7ejDrS6QCJ5bkgkX2Jc54dk+QG4qQyLg=\n-----END CERTIFICATE REQUEST-----"},"subject_dn_field_to_modify":"DNQ","cert_duration":730}}}],"responses":{"200":{"description":"Successful client renewal.","examples":{"client_id":"1e33456b-8782-43a2-9efe-b415dc76ce52","cert":"-----BEGIN CERTIFICATE----- MIIDfTCCAWWgAwIBAgIRAPvsR8igXyZzpMAnmkgldAwwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw DgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0x ODEyMTgwMDE2MjZaFw0yMDEyMTcwMDE2MjZaMBExDzANBgNVBAMTBnRlc3RlcjB2 MBAGByqGSM49AgEGBSuBBAAiA2IABEvBmz1WRQmfiG2IGOjE7fpPyDTCNwvqSXsW HAhrVCRDOmPLuaiVn08/k7zRFum5UxcIWjwxJ5tnO7Z38Y3gKIyE42mHINqQHPOT cz9JLKqaGALwZtQCzB61M0ul7dGA5aM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1Ud JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB AK7rTYW1+woOfHOLeYjs6jobO7kROm71ffdVwcHIMS3IE0B1eLdteKdG3yy2znAy VU7Jkwo2396Z9cPofrKt95wURAkSYvtz3IpTL9ibrpqJ47XxEXLHl+OycWdYoqAm YJe4A/mW3OxdR4kPbxnDXPNMZiId2xSyzkrEqaFTBBtlkdjuljEfQraKW7TiQovd dKb8xzAgozuZ4C200GlKbgjPkRF4iEXk6sihzYikmyE0s5VBEyAGvdv+s6rv6+4n mbaLkTF/ReXJryIRLDJ1uWN/PDKIqGyU1IrB26wYUWEG+4xcT1LqBxS2HL0ko1Cr 5yeWMEo952YyGeMwW0oWzhIDMxPVRXEfRu0nG35K2Gpz4KywhFVkQ1lrd7/FLwUH mrMtMwr5LG14I1NG3kEz+UVcdwfCeYxnIGW/u9CbUSmedlklZtuXjEN6bQdP+oZi f32u0mI4MSHYK55bdMWw7Rr4IlGdKRdUDOl71uZt8nztQuWVHTrii34gN5Hvz4EY g7jpDq9ZXpb1ZtLmEq2TM8XzyBzJkdIAT304L666826cle1kOgsZQw08W72ju02B 1qj/HtqGoRXPw1vk+y2XIYIwcPP3T6YctJA6TMaFZ1lIKoWWflT0uqFo19CadC8z PylaiQwwuJGV7MmJ7lC8LmYUP2Pj2v+S+5s8j0QgY0C5 -----END CERTIFICATE----- ","csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIICVzCCAT8CAQAwEjEQMA4GA1UEAxMHa21pcDEyMjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAO93JWGgUtIJKoZNgpzYBrLQgPKxaKgn42Js9pxeIAEo\nTvDfPGk2bKgOO+7GsoKCIthRn6/4fkd5lTwR3tBK3Y2Xs9TIkBQ+gpzyAM1bIlTf\nXd8xVaHgsvNS58laY1FTqM+jlVIfAlpKJnboYkGc8n6aCt9kgWDt56lNc0AfVBj0\nTD8n5wTm7uJy1GufiwCuYbaVuEsHZbpNh3GJ1tvXpRxyp7IzdCc+244cvat2L5xZ\niDIV4BeoOG3gfddQ9WuqWY+6TVAdZNLa7JVMW+3qofib1uHyCHNw0Bec/IMA48qg\n7JNnSwDB6FXSeYr7nqFhORWOaQi7DT7F6JdY3cXXuNMCAwEAAaAAMA0GCSqGSIb3\nDQEBCwUAA4IBAQBpUtybSG6DG5J3LROkGj3/qcvu2Fdz6oCDq+B3Pnz06iJX2w4E\nFZGIGMYotq1m0DXv4xODFOMiLa8D8waef/+cN7dihPq1wKqw6Ml2I0/5nNY/51c4\ntuCRVDZ5zuBLVfw77yp93+VqwUHKP34398PcsYwtafm9jQM4lT7mLlaTjynVmyoF\nitocPLQLdXMbakAWPpu/+XJt4rGPCh35dv8ojPyChR0H43NMcXNX8sw2MzVwAHSE\nNJBcgC/6IIME8yNcljV3YTywe0VkVIJHgA5rJN9OwV3M3Hfji/9S/u3pD1Ixto48\nDJXbUwe5ubTKH9Eqo6TIu1sxdreKz1ONvlYV\n-----END CERTIFICATE REQUEST-----\n","ca_cert":"-----BEGIN CERTIFICATE-----\nMIIFoDJlbGNhbXAxEDAO\nMTUxMFowWjELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAwDgYDVQQKEwdHZW1hbHRvMRowGAYD\nVQQDExFLZXlTZWN1cmUgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC\nAgoCggIBAPgJPiSciHZcAPMnEv7dpP1/jc82V9a9pmOIU2jkE7xIvhc7wQ/xVYZX\npl0c/+9v4YEcle/GjkSl7v04hOg+klf10lpTTp2ctdUd83gECDVrwpUUMpFtdhiL\nAC/hXNGobnJxjEMZPV3/gZIkxR4jDoa8A3FiLL5xLoWc9YLn85JDlYRVE1rdcpgW\n0ElTNrOko1mUJ1g90mXBiE7TGHdHR6gtbloSNZOUBFlf0P17pQPLyzZxR3tlq3qo\n/l/+hdcYfLw/Jf323c30CbuVFFbYQzADmB6k0rZaajQMZJIhYO+EUt7HKrF/gU6E\nj0uq18yxQxsXnxs2n94fpeSWF/UfuIIkjJ8mA6yGgkgT3Nw/MoD+8eTnMeoaH04S\nbm3a1pi7nlVKYdRednFphxx9YmkIMy+2VQoWfVmKvJTxCtE7rzElZsqKQ6ZFvtPi\n71YPlt0gWwHMkWY4lFuUYPMcH7x7Zzb/adggES17DhmrqUivIEQgl4VYQSBkK/b3\nPQ64+iXhtnLDiiSneKErEvMqA81RIqWd3c6XG07+6YTFoL3peOEm5XWw0KvzDhUT\nomJkNTsh+Og4OXBtLXSCJzUVeY6yuxALb6GaSS0a90k34/iRP71BESO0EtngH3lr\nQhOVYibGMKfJDSMEEfCATbY4fBn1uj1RrAUhQ3GlauU/lLzZ8gjDAgMBAAGjYjBg\nMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/B0GA1UdDgQWBBTzcq97\nqHASsOatm3N+6Iq1TD0gIzAeBgNVHREEFzAVgRNzdXBwb3J0QGdlbWFsdG8uY29t\nMA0GCSqGSIb3DQEBCwUAA4ICAQBmwTdayCb9gBlAKJVhW5mBh+muajk53cXxaXJx/VwLe\ntyyNQZhV5r6AIgdSLuy8UPj9rWeVMeI4xWutdy/ANj6737pzr4WjNNBirVtkDhRh\nMZtV9Q==\n-----END CERTIFICATE-----\n"}},"400":{"description":"Bad Request | Cannot renew client certificate.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/client-management/profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create a new client profile","tags":["Client-Management/Profiles"],"parameters":[{"name":"body","in":"body","description":"Creates a client profile","schema":{"type":"object","properties":{"ca_id":{"description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process","type":"string"},"client_type":{"type":"string","description":"CipherTrust Manager client registration type"},"sub_client_type":{"type":"string","description":"A sub type for the specified client_type. It is not manadatory and may or may not exist depending on the client type.\nFor example, Data Protection uses sub_client_type as \"DPG\" for client type \"Application Data Protection\", \nwhile KMIP profiles do not specify any sub client type.\n"},"csr_params":{"type":"object","description":"Client certificate parameters to be updated. This field is required and cannot be empty\n- csr_cn: common name\n- csr_country: country name\n- csr_state: state name\n- csr_city: city name\n- csr_org_name: organization name\n- csr_org_unit: organizational unit\n- csr_email: email\n- csr_uid:\n"}},"example":{"ca_id":"a9c41e81-2689-4b2c-adc0-f0e1f3612215","client_type":"kmip","sub_client_type":"","csr_params":{"csr_cn":"example.com","csr_country":"example","csr_state":"example-state","csr_city":"example-city","csr_org_name":"example","csr_org_unit":"example tech","csr_email":"john.doe@example.com","csr_uid":""}}}}],"responses":{"201":{"description":"Created","schema":{"type":"object"},"examples":{"application/json":{"id":"e7af0ea2-9472-404c-b06e-5abfb36a53dd","uri":"kylo:kylo:client-management:generic-client-profiles:e7af0ea2-9472-404c-b06e-5abfb36a53dd","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-12T17:02:12.493058Z","updatedAt":"2023-01-12T17:02:12.493058Z","ca_id":"","csr_params":{"csr_city":"example-city","csr_cn":"example.com","csr_country":"example","csr_email":"john.doe@example.com","csr_org_name":"example","csr_org_unit":"example tech","csr_state":"example-state","csr_uid":""},"client_type":"kmip","sub_client_type":""}}},"404":{"description":"Resource Not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"get":{"summary":"List","description":"Returns a list of CipherTrust Manager profile added to the CipherTrust Manager. The results can be filtered, using the query parameters.\n","tags":["Client-Management/Profiles"],"parameters":[{"name":"ca_id","in":"query","required":false,"type":"string","description":"Filter results by ID of the trusted Certificate Authority"},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter results by client type"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"f2d272d4-0bd3-4839-8d62-200d7bc603fa","uri":"kylo:kylo:client-management:generic-client-profiles:f2d272d4-0bd3-4839-8d62-200d7bc603fa","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-04T20:06:26.647Z","updatedAt":"2023-01-04T20:06:26.647Z","ca_id":null,"csr_params":{"csr_cn":null,"csr_uid":null,"csr_city":null,"csr_email":null,"csr_state":null,"csr_country":null,"csr_org_name":"Thales","csr_org_unit":["Thales DIS"],"cert_user_field":"CN"},"client_type":"kmip","sub_client_type":null}]}}}}}},"/v1/client-management/profiles/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a profile with the given `id`","tags":["Client-Management/Profiles"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"ceb226b8-8151-4e26-ab6c-038b4ae797e8","uri":"kylo:kylo:client-management:generic-client-profiles:ceb226b8-8151-4e26-ab6c-038b4ae797e8","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-12T17:33:11.690693Z","updatedAt":"2023-01-12T17:33:11.690693Z","ca_id":"","csr_params":{"csr_cn":"example.com","csr_uid":"","csr_city":"example-city","csr_email":"john.doe@example.com","csr_state":"example-state","csr_country":"example","csr_org_name":"example","csr_org_unit":"example tech"},"client_type":"kmip","sub_client_type":""}}}}},"patch":{"summary":"Update","description":"Update a profile","tags":["Client-Management/Profiles"],"parameters":[{"name":"body","in":"body","description":"Updates the configurations of a given client profile","schema":{"type":"object","properties":{"ca_id":{"description":"ID of the trusted Certificate Authority that will be used to sign client certificate during registration process. By default local Certificate Authority will be used to issue certificates.","type":"string"},"client_type":{"type":"string","description":"CipherTrust Manager client registration type"},"sub_client_type":{"type":"string","description":"CipherTrust Manager client registration sub type"},"csr_params":{"type":"object","description":"Client certificate parameters to be updated.\n- csr_cn: common name\n- csr_country: country name\n- csr_state: state name\n- csr_city: city name\n- csr_org_name: organization name\n- csr_org_unit: organizational unit\n- csr_email: email\n"}},"example":{"ca_id":"localca-6682f2ad-14fc-4f93-8332-18205f9d268e","client_type":"kmip","sub_client_type":"","csr_params":{"csr_cn":"example.com","csr_country":"example","csr_state":"example-state","csr_city":"example-city","csr_org_name":"example","csr_org_unit":"example tech","csr_email":"john.doe@example.com","csr_uid":""}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"ceb226b8-8151-4e26-ab6c-038b4ae797e8","uri":"kylo:kylo:client-management:generic-client-profiles:ceb226b8-8151-4e26-ab6c-038b4ae797e8","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-12T17:33:11.690693Z","updatedAt":"2023-01-12T23:27:06.275532Z","ca_id":"localca-6682f2ad-14fc-4f93-8332-18205f9d268e","csr_params":{"csr_city":"example-city","csr_cn":"example.com","csr_country":"example","csr_email":"john.doe@example.com","csr_org_name":"example","csr_org_unit":"example tech","csr_state":"example-state","csr_uid":""},"client_type":"kmip","sub_client_type":""}}},"400":{"description":"Bad Request","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Delete a profile","tags":["Client-Management/Profiles"],"responses":{"204":{"description":"No Content","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectv/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Enroll","description":"**Deprecated**: Enrolls a CipherTrust Manager client with the ProtectV service. Specify the following details.\n- ID of a registered CipherTrust Manager client.\n- Name of a registered CipherTrust Manager client.\n- Cloud ID of the ProtectV client.\n","tags":["ProtectV/Clients","deprecated"],"parameters":[{"name":"body","in":"body","description":"ProtectV client parameters","schema":{"type":"object","title":"Enroll ProtectV Client","required":["ks_client_id","cloud_id"],"properties":{"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."}},"example":{"ks_client_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12","cloud_id":"i-1234$us-east-1"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","uri":"kylo:kylo:pvm:clients:client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-17T14:59:08.989757Z","name":"client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","updatedAt":"2018-12-17T14:59:08.989757Z","ksClientID":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","ip":"172.30.0.129","defaultKeychain":"c00d0536-dfc8-430b-aa83-790d2d4f17fe","autoKeyRead":true,"keyAcls":null,"applicationMetadata":null,"cloudLocked":true,"cloudId":[{"BiosUuid":"2j80iYTI6qHXs1MvW02DPTZ9SMqz-W4IYpKR4gy1"}],"authorizeNewInstances":false,"tags":[{"0":"a27426d4-ee5a-463a-b9c4-7e7e8ff1ce9e"}]}}}}},"get":{"summary":"List","description":"**Deprecated**: Returns a list of ProtectV clients. The results can be filtered using the query parameters.\n","tags":["ProtectV/Clients","deprecated"],"parameters":[{"name":"id","in":"query","required":false,"type":"string","description":"Filter the results by client ID."},{"name":"alarmed","in":"query","required":false,"type":"boolean","description":"Filter the results by client's alarm state."},{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by client's name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","uri":"kylo:kylo:pvm:clients:client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-17T14:59:08.989757Z","name":"client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","updatedAt":"2018-12-17T14:59:08.989757Z","ksClientID":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","ip":"172.30.0.129","defaultKeychain":"c00d0536-dfc8-430b-aa83-790d2d4f17fe","autoKeyRead":true,"keyAcls":null,"applicationMetadata":null,"cloudLocked":true,"cloudId":[{"BiosUuid":"2j80iYTI6qHXs1MvW02DPTZ9SMqz-W4IYpKR4gy1"}],"authorizeNewInstances":false,"tags":[{"0":"a27426d4-ee5a-463a-b9c4-7e7e8ff1ce9e"}],"instanceCount":1,"alarmed":false}]}}}}}},"/v1/protectv/clients/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"**Deprecated**: Returns the details of a ProtectV client with the given `id`.\n","tags":["ProtectV/Clients","deprecated"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]},"examples":{"application/json":{"id":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","uri":"kylo:kylo:pvm:clients:client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-17T14:59:08.989757Z","name":"client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","updatedAt":"2018-12-17T14:59:08.989757Z","ksClientID":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","ip":"172.30.0.129","defaultKeychain":"c00d0536-dfc8-430b-aa83-790d2d4f17fe","autoKeyRead":true,"keyAcls":null,"applicationMetadata":null,"cloudLocked":true,"cloudId":[{"BiosUuid":"2j80iYTI6qHXs1MvW02DPTZ9SMqz-W4IYpKR4gy1"}],"authorizeNewInstances":false,"tags":[{"0":"a27426d4-ee5a-463a-b9c4-7e7e8ff1ce9e"}],"instanceCount":1,"alarmed":true}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"**Deprecated**: Deletes a ProtectV client from the CipherTrust Manager.\n\n_Note: Deleting a ProtectV client will dis-associate all the rules. This is an irreversible event._\n","tags":["ProtectV/Clients","Danger","deprecated"],"responses":{"204":{"description":"No Content | Successful deletion of client.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"**Deprecated**: Updates details of a ProtectV client.\n","tags":["ProtectV/Clients","deprecated"],"parameters":[{"name":"body","in":"body","description":"Updates a ProtectV client on CipherTrust Manager.\n","schema":{"type":"object","title":"Update ProtectV Client","properties":{"applicationMetadata":{"type":"string","description":"Application metadata of ProtectV client."},"authorizeNewInstances":{"type":"boolean","description":"Permission to authorize new instance to get keys."}},"example":{"applicationMetadata":{"preboot":false},"authorizeNewInstances":true}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]},"examples":{"application/json":{"id":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","uri":"kylo:kylo:pvm:clients:client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-17T14:59:08.989757Z","name":"client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","updatedAt":"2018-12-17T14:59:08.989757Z","ksClientID":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","ip":"172.30.0.129","defaultKeychain":"c00d0536-dfc8-430b-aa83-790d2d4f17fe","autoKeyRead":true,"keyAcls":null,"applicationMetadata":{"preboot":false},"cloudLocked":true,"cloudId":[{"BiosUuid":"2j80iYTI6qHXs1MvW02DPTZ9SMqz-W4IYpKR4gy1"}],"authorizeNewInstances":true,"tags":[{"0":"a27426d4-ee5a-463a-b9c4-7e7e8ff1ce9e"}]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectv/clients/{id}/disable/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable","description":"**Deprecated**: Creates keyacls for disabling ProtectV clients.\n- ID of a registered CipherTrust Manager client.\n","tags":["ProtectV/Clients","deprecated"],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]},"examples":{"application/json":{"id":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","uri":"kylo:kylo:pvm:clients:client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-17T14:59:08.989757Z","name":"client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","updatedAt":"2018-12-17T14:59:08.989757Z","ksClientID":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","ip":"172.30.0.129","defaultKeychain":"c00d0536-dfc8-430b-aa83-790d2d4f17fe","autoKeyRead":false,"keyAcls":[{"id":"c4fbbe4d-2bcc-459a-a772-1cae13526f2c","action":"read","permit":false}],"applicationMetadata":{"preboot":false},"cloudLocked":true,"cloudId":[{"BiosUuid":"2j80iYTI6qHXs1MvW02DPTZ9SMqz-W4IYpKR4gy1"}],"authorizeNewInstances":true,"tags":[{"0":"a27426d4-ee5a-463a-b9c4-7e7e8ff1ce9e"}]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectv/clients/{id}/enable/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable","description":"**Deprecated**: Enable a ProtectV Instance on CipherTrust Manager.\n","tags":["ProtectV/Clients","deprecated"],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]},"examples":{"application/json":{"id":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","uri":"kylo:kylo:pvm:clients:client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-17T14:59:08.989757Z","name":"client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","updatedAt":"2018-12-17T14:59:08.989757Z","ksClientID":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","ip":"172.30.0.129","defaultKeychain":"c00d0536-dfc8-430b-aa83-790d2d4f17fe","autoKeyRead":true,"keyAcls":null,"applicationMetadata":{"preboot":false},"cloudLocked":true,"cloudId":[{"BiosUuid":"2j80iYTI6qHXs1MvW02DPTZ9SMqz-W4IYpKR4gy1"}],"authorizeNewInstances":true,"tags":[{"0":"a27426d4-ee5a-463a-b9c4-7e7e8ff1ce9e"}]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectv/listInstances/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Instances","description":"**Deprecated**: Returns a list of ProtectV instances. The results can be filtered using the query parameters.\n","tags":["ProtectV/Instances","deprecated"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:instances:client-1e33456b-8782-43a2-9efe-b415dc76ce52_e2abfe9f-7ef3-4b3c-b378-068a2a173b92","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","updatedAt":"2018-12-18T01:06:53.087878Z","client_id":"beba580b-082a-40dc-953f-11a67c8e9066","ip":"172.30.0.129","lastConnected":"2018-12-18T01:06:53.086195Z","applicationMetadata":null,"cloudId":[{"BiosUuid":"ocNEPm0Aw7aeOV1IH8ILepzAdJLHXuH9Za3YBdtL"}],"authorized":true,"alarmed":false,"encrypt_enabled":false}]}}}}}},"/v1/protectv/clients/{id}/instances":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","format":"UUID","description":"An identifier of ProtectV client resource.","type":"string","required":true}],"get":{"summary":"List","description":"**Deprecated**: Returns a list of ProtectV client instances. The results can be filtered using the query parameters.\n","tags":["ProtectV/Instances","deprecated"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:instances:client-1e33456b-8782-43a2-9efe-b415dc76ce52_e2abfe9f-7ef3-4b3c-b378-068a2a173b92","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","updatedAt":"2018-12-18T01:06:53.087878Z","client_id":"beba580b-082a-40dc-953f-11a67c8e9066","ip":"172.30.0.129","lastConnected":"2018-12-18T01:06:53.086195Z","applicationMetadata":null,"cloudId":[{"BiosUuid":"ocNEPm0Aw7aeOV1IH8ILepzAdJLHXuH9Za3YBdtL"}],"authorized":true,"alarmed":false,"encrypt_enabled":false}]}}}}}},"/v1/protectv/clients/{id}/instances/{instanceID}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"instanceID","in":"path","description":"An identifier of ProtectV client instance resource.","type":"string","required":true}],"get":{"summary":"Get","description":"**Deprecated**: Returns the details of a ProtectV instance of client with the given `id` and `instanceID`.\n","tags":["ProtectV/Instances","deprecated"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:instances:client-1e33456b-8782-43a2-9efe-b415dc76ce52_e2abfe9f-7ef3-4b3c-b378-068a2a173b92","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","name":"client-1e33456b-8782-43a2-9efe-b415dc76ce52","updatedAt":"2018-12-18T01:06:53.087878Z","client_id":"beba580b-082a-40dc-953f-11a67c8e9066","ip":"172.30.0.129","lastConnected":"2018-12-18T01:06:53.086195Z","applicationMetadata":null,"cloudId":[{"BiosUuid":"ocNEPm0Aw7aeOV1IH8ILepzAdJLHXuH9Za3YBdtL"}],"authorized":true,"alarmed":false,"encrypt_enabled":false}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"**Deprecated**: Deletes a ProtectV Instance from the CipherTrust Manager.\n","tags":["ProtectV/Instances","deprecated"],"responses":{"204":{"description":"No Content | Successful deletion of instance.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"**Deprecated**: Updates details of a ProtectV instance.\n","tags":["ProtectV/Instances","deprecated"],"parameters":[{"name":"body","in":"body","description":"Updates a ProtectV client's instance on CipherTrust Manager.\n","schema":{"type":"object","title":"Update ProtectV Client's Instance","properties":{"name":{"type":"string","description":"Name of ProtectV instance."},"applicationMetadata":{"type":"string","description":"Application metadata of ProtectV instance."},"authorized":{"type":"boolean","description":"Permission to authorize new instance to get keys."},"alarmed":{"type":"boolean","description":"Alarm for ProtectV instance."},"encrypt_enabled":{"type":"boolean","description":"Enable Encryption for ProtectV instance."}},"example":{"name":"ProtectV-Instance","applicationMetadata":{"preboot":false},"authorized":true,"alarmed":false,"encrypt_enabled":false}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on CipherTrust Manager.","type":"string"},"ks_client_id":{"type":"string","description":"ID of a registered CipherTrust Manager client."},"cloud_id":{"type":"string","description":"Cloud ID of the ProtectV client."},"ip":{"description":"IP address of the ProtectV client.","type":"string"}}}]},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:instances:client-1e33456b-8782-43a2-9efe-b415dc76ce52_e2abfe9f-7ef3-4b3c-b378-068a2a173b92","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","name":"ProtectV-Instance","updatedAt":"2018-12-18T01:06:53.087878Z","client_id":"beba580b-082a-40dc-953f-11a67c8e9066","ip":"172.30.0.129","lastConnected":"2018-12-18T01:06:53.086195Z","applicationMetadata":{"preboot":false},"cloudId":[{"BiosUuid":"ocNEPm0Aw7aeOV1IH8ILepzAdJLHXuH9Za3YBdtL"}],"authorized":true,"alarmed":false,"encrypt_enabled":false}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectv/settings/keystore/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Update Keystore","description":"**Deprecated**: This is to update Keystore used to get keys. Specify the following details.\n- ID of the keystore.\n- Type of keystore. For e.g. local, keysecure.\n- Configuration of the specified keystore.\n","tags":["ProtectV/Settings","deprecated"],"parameters":[{"name":"body","in":"body","description":"ProtectV keystore parameters","schema":{"type":"object","title":"Update ProtectV Keystore","required":["type"],"properties":{"type":{"type":"string","description":"Type of keystore. For e.g. local, keysecure."},"config":{"type":"object","description":"Configuration of the specified keystore.\n* If type local is specified then config is not required.\n* If type keysecure is specified then ksIP, ksPort, ksUser, ksPass, ksCA, ksClientCert, ksClientPKey, ksClientPKeyPassphrase should be provided in config.\n * ksIP - IP of keysecure.\n * ksPort - Port of keysecure.\n * ksUser - User name of keysecure.\n * ksPass - Password of keysecure.\n * ksCA - CA certificate.\n * ksClientCert - Client certificate.\n * ksClientPKey - Client private key.\n * ksClientPKeyPassphrase - Password for private key.\n"}},"example":{"type":"keysecure","config":{"ksIP":"127.0.0.1","ksPort":"9000","ksUser":"admin","ksPass":"admin","ksCA":"string","ksClientCert":"string","ksClientPKey":"string","ksClientPKeyPassphrase":"password"}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:keystore:8622ab29-dd3c-4644-bb7d-7e5b908f31db","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","name":"ProtectV-Instance","updatedAt":"2018-12-18T01:06:53.087878Z","type":"keysecure","config":{"ksIP":"127.0.0.1","ksPort":"9000","ksUser":"admin","ksPass":"admin","ksCA":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n","ksClientCert":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n","ksClientPKey":"-----BEGIN PRIVATE KEY-----\\nMIIBXD...Favxw==\\n-----END PRIVATE KEY-----\\n\n","ksClientPKeyPassphrase":"password"}}}}}},"get":{"summary":"Get Keystore","description":"**Deprecated**: Returns the information of current keystore.\n","tags":["ProtectV/Settings","deprecated"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:keystore:8622ab29-dd3c-4644-bb7d-7e5b908f31db","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","name":"ProtectV-Instance","updatedAt":"2018-12-18T01:06:53.087878Z","type":"keysecure","config":{"ksIP":"127.0.0.1","ksPort":"9000","ksUser":"admin","ksPass":"admin","ksCA":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n","ksClientCert":"-----BEGIN CERTIFICATE-----\\nMIIBXD...Favxw==\\n-----END CERTIFICATE-----\\n\n","ksClientPKey":"-----BEGIN PRIVATE KEY-----\\nMIIBXD...Favxw==\\n-----END PRIVATE KEY-----\\n\n","ksClientPKeyPassphrase":"password"}}}}}}},"/v1/protectv/settings/keymgmt/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Update Key Management","description":"**Deprecated**: Update key management settings.\n","tags":["ProtectV/Settings","deprecated"],"parameters":[{"name":"body","in":"body","description":"ProtectV KeyManagement parameters","schema":{"type":"object","title":"Update ProtectV KeyManagement","properties":{"default_encryption":{"type":"boolean","description":"Boolean to enable/disable Autoprotection. Default value of default_encryption is true.\n"},"enable_keywrapping":{"type":"boolean","description":"Boolean to enable/disable Keywrapping. Default value of enable_keywrapping is false.\n"},"enable_rekey":{"type":"boolean","description":"Boolean to enable/disable Rekey. Default value of enable_rekey is false.\n"},"rekey_interval":{"type":"string","description":"Duration of the key rotation in days. The default value is '0' days. This field is applicable when enable_rekey is set to true.\n"},"delete_keys":{"type":"boolean","description":"Boolean to enable/disable delete keys. Default value of delete_keys is false.\n"}},"example":{"default_encryption":false,"delete_keys":false,"enable_keywrapping":false,"enable_rekey":true,"rekey_interval":"1"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:keyMgmtData:8622ab29-dd3c-4644-bb7d-7e5b908f31db","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","updatedAt":"2018-12-18T01:06:53.087878Z","default_encryption":false,"enable_keywrapping":false,"enable_rekey":true,"rekey_interval":"1","delete_keys":false}}}}},"get":{"summary":"Get Key Management","description":"**Deprecated**: Returns the Key Management settings.\n","tags":["ProtectV/Settings","deprecated"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:keyMgmtData:8622ab29-dd3c-4644-bb7d-7e5b908f31db","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","updatedAt":"2018-12-18T01:06:53.087878Z","default_encryption":false,"enable_keywrapping":false,"enable_rekey":true,"rekey_interval":"1","delete_keys":false}}}}}},"/v1/protectv/settings/autoscale/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get Autoscale","description":"**Deprecated**: Returns the autoscale configuration for ProtectV clients.\n","tags":["ProtectV/Settings","deprecated"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:keyMgmtData:8622ab29-dd3c-4644-bb7d-7e5b908f31db","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","updatedAt":"2018-12-18T01:06:53.087878Z","autoscale":false}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Set Autoscale","description":"**Deprecated**: Set autoscale configuration for ProtectV clients.\n","tags":["ProtectV/Settings","deprecated"],"parameters":[{"name":"body","in":"body","description":"ProtectV Autoscale parameter.","schema":{"type":"object","title":"Update ProtectV Autoscale configuration.","properties":{"autoscale":{"type":"boolean","description":"Boolean to enable/disable Autoscale.\n"}},"example":{"autoscale":true}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","uri":"kylo:kylo:pvm:keyMgmtData:8622ab29-dd3c-4644-bb7d-7e5b908f31db","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-18T01:06:53.087878Z","updatedAt":"2018-12-18T01:06:53.087878Z","autoscale":true}}}}}},"/v1/protectv/partitions/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"**Deprecated**: Returns a list of partitions of ProtectV client instances. The results can be filtered using the query parameters.\n","tags":["ProtectV/Partitions","deprecated"],"parameters":[{"name":"instanceID","in":"query","required":true,"type":"string","description":"Filter the results by instance ID."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"description":"ID of ProtectV client partition.","type":"string"},"status":{"type":"string","description":"Status of ProtectV client partition(protected/unprotected)."},"diskName":{"type":"string","description":"Disk name of ProtectV client partition."},"systemName":{"description":"System name of ProtectV client partition.","type":"string"},"friendlyName":{"description":"Friendly name of ProtectV client partition.","type":"string"},"keyId":{"description":"Key ID of ProtectV client partition.","type":"string"},"kskeyId":{"description":"Key ID of ProtectV client partition on keystore.","type":"string"},"decrypt":{"description":"Flag to represent decrypt status of ProtectV client partition.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","status":"protected","diskName":"sda","systemName":"sda1","friendlyName":"/media/sda","keyId":"60e25e7a-0073-4e40-885b-1b4068ae79d9","kskeyId":"PV-tG8cqrM6Z8UaZnN8QrKkJ40qiiISB","decrypt":false}}}}}}},"/v1/protectv/partitions/{id}/instances/{instanceID}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"instanceID","in":"path","description":"An identifier of ProtectV client instance resource.","type":"string","required":true},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"**Deprecated**: Returns the details of a ProtectV instance partition with the given partition `id` and `instanceID`.\n","tags":["ProtectV/Partitions","deprecated"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","status":"protected","diskName":"sda","systemName":"sda1","friendlyName":"/media/sda","keyId":"60e25e7a-0073-4e40-885b-1b4068ae79d9","kskeyId":"PV-tG8cqrM6Z8UaZnN8QrKkJ40qiiISB","decrypt":false}}}}}},"/v1/protectv/partitions/{id}/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable/Disable","description":"**Deprecated**: Disables a ProtectV instance partition from accessing disk encryption key.\n","tags":["ProtectV/Partitions","deprecated"],"parameters":[{"name":"body","in":"body","description":"Disable ProtectV instance partition parameters","schema":{"type":"object","title":"Disables a ProtectV instance partition.","required":["instanceID","enable"],"properties":{"instanceID":{"type":"string","description":"ID of a registered CipherTrust Manager client instance."},"enable":{"type":"boolean","description":"Boolean to enable/disable partition."}},"example":{"instanceID":"3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12","enable":true}}}],"responses":{"201":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","uri":"kylo:kylo:pvm:clients:client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-12-17T14:59:08.989757Z","name":"client-f413ca0e-6ca9-4ebe-b002-20919a92cf67","updatedAt":"2018-12-17T14:59:08.989757Z","subject_id":"f413ca0e-6ca9-4ebe-b002-20919a92cf67","key_id":"c00d0536-dfc8-430b-aa83-790d2d4f17fe","permit":true,"action":"read"}}}}}},"/v1/protectv/partitions/{id}/encrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Encrypt/Decrypt","description":"**Deprecated**: Enable/Disable encryption for a ProtectV instance partition.\n","tags":["ProtectV/Partitions","deprecated"],"parameters":[{"name":"body","in":"body","description":"Enable/Disable encryption for a ProtectV instance partition.","schema":{"type":"object","title":"Enable/Disable encryption of ProtectV instance partition.","required":["instanceID","encrypt"],"properties":{"instanceID":{"type":"string","description":"ID of a registered CipherTrust Manager client instance."},"encrypt":{"type":"boolean","description":"Boolean to enable/disable encryption of partition."}},"example":{"instanceID":"3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12","encrypt":true}}}],"responses":{"201":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"3fefdb39-360e-460d-bfa3-7f0c3dd3690d","status":"protected","diskName":"sda","systemName":"sda1","friendlyName":"/media/sda","keyId":"60e25e7a-0073-4e40-885b-1b4068ae79d9","kskeyId":"PV-tG8cqrM6Z8UaZnN8QrKkJ40qiiISB","decrypt":false}}}}}},"/v1/protectv/keys/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"**Deprecated**: Returns a list of keys related to ProtectV clients. The results can be filtered using the query parameters.\n","tags":["ProtectV/Keys","deprecated"],"parameters":[{"name":"id","in":"query","required":false,"type":"string","description":"Filter the results by key ID."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"keystore_keyname":{"description":"Name to identify key on the keystore.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"id":"0a167cc4-d814-4e2b-a108-807a0cab1a50","uri":"kylo:kylo:pvm:key:e2ccd5f0-cf03-4eac-9a74-7c9db40abaa9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-01-19T16:17:08.598243Z","name":"e2ccd5f0-cf03-4eac-9a74-7c9db40abaa9","updatedAt":"2019-01-19T16:17:08.598243Z","keychain":"388a14a0-caac-46b0-b63e-029bf11b8cad","meta":[{"ID":"PV-taZdrTbXDJ3qSePYiP7sx6quBpOjj","value":"ProtectV Key","ownerId":false,"wrapkeyonelength":0}],"keystore_keyname":"PV-taZdrTbXDJ3qSePYiP7sx6quBpOjj"}}}}}}},"/v1/protectfile/clientprofiles/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new ProtectFile client profile.\nA client profile defines the CipherTrust Manager connection\ninformation and logging criteria for the ProtectFile client.\nAt least one client profile must be defined before adding a ProtectFile client\nto the CipherTrust Manager.\n","tags":["ProtectFile/ClientProfiles"],"parameters":[{"name":"body","in":"body","description":"Client profile parameters.","schema":{"type":"object","title":"Create Client Profile","required":["name"],"properties":{"name":{"type":"string","description":"Name for the client profile."},"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode. The default value is 'false'."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days. The default value is '7' days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server. The default value is 'false'."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users. The default value is 'false'."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the all the cluster nodes."},"clusterPort":{"type":"integer","description":"Port on which all nodes in the cluster will run. The default value is '0'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}},"example":{"name":"ClientProfile_Windows","allowOffline":true,"offlineTimeout":10,"logLevel":"ERROR","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"tcp","syslogFacility":"local1","allowSuAccess":true,"allowSuException":"root","clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:mogambo:clientprofile:ClientProfile_Windows","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T11:15:58.103355313Z","name":"ClientProfile_Windows","updatedAt":"2018-02-24T11:15:58.103355313Z","allowOffline":true,"offlineTimeout":10,"logLevel":"INFO","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"udp","syslogFacility":"local1","allowSuAccess":false,"allowSuException":"root","clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}}}}},"get":{"summary":"List","description":"Returns a list of client profiles. The results can be filtered using the query parameters.\n","tags":["ProtectFile/ClientProfiles"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by name of client profiles. Use wildcards to search for client profiles matching the specified pattern in their names."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the client profile."},"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode. The default value is 'false'."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days. The default value is '7' days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server. The default value is 'false'."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users. The default value is 'false'."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the all the cluster nodes."},"clusterPort":{"type":"integer","description":"Port number on which all nodes in the cluster will run. The default value is '443'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:mogambo:clientprofile:ClientProfile_Windows","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T11:15:58.103355Z","name":"ClientProfile_Windows","updatedAt":"2018-02-24T11:15:58.103355Z","allowOffline":true,"offlineTimeout":10,"logLevel":"INFO","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"udp","syslogFacility":"local1","allowSuAccess":true,"allowSuException":"root","clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}]}}}}}},"/v1/protectfile/clientprofiles/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a client profile with the given `id`.","tags":["ProtectFile/ClientProfiles"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name of the client profile."},"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode. The default value is 'false'."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days. The default value is '7' days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server. The default value is 'false'."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users. The default value is 'false'."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the all the cluster nodes."},"clusterPort":{"type":"integer","description":"Port number on which all nodes in the cluster will run. The default value is '443'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}}}]},"examples":{"application/json":{"id":"2327602e-7e02-4a6f-87b9-20415e2b85df","uri":"kylo:kylo:mogambo:clientprofile:ClientProfile_1519477559","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:05:58.965702Z","name":"ClientProfile_Windows","updatedAt":"2018-02-24T13:05:58.965702Z","allowOffline":false,"offlineTimeout":7,"logLevel":"WARN","syslogEnabled":false,"allowSuAccess":true,"allowSuException":"root","clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates details of a client profile.","tags":["ProtectFile/ClientProfiles"],"parameters":[{"name":"body","in":"body","description":"The client profile properties to change. The properties will be merged with the client profile resource.\n","schema":{"type":"object","title":"Update Client Profile","properties":{"allowOffline":{"type":"boolean","description":"Enable/disable the offline mode."},"offlineTimeout":{"type":"integer","description":"Duration of the offline mode in days."},"logLevel":{"type":"string","description":"Log level configuration for the ProtectFile client logs.\nValues can be `ERROR`, `WARN`, `INFO`, `DEBUG`, `NONE`. ERROR will log only\nerrors, WARN will log errors and warnings and so on.\n`NONE` will disable logging. The default log level is `WARN`.\n"},"syslogEnabled":{"type":"boolean","description":"Enable/disable log upload to the Syslog server."},"syslogServerIp":{"type":"string","description":"IP address of the Syslog server."},"syslogServerPort":{"type":"integer","description":"Port of the Syslog server."},"syslogProtocol":{"type":"string","description":"Protocol of the Syslog server."},"syslogFacility":{"type":"string","description":"Name of the Syslog server facility."},"allowSuAccess":{"type":"boolean","description":"Allow/disallow \"root\" to impersonate as other users."},"clusterHostList":{"type":"string","description":"Semi-colon separated list of hostname or IP of the nodes wanting to join the cluster. The default value is ''."},"clusterPort":{"type":"integer","description":"Port on which all nodes in the cluster will run. The default value is '0'."},"allowSuException":{"type":"string","description":"Semi-colon separated list of users to be prevented from gaining access rights of a different user through su."},"clientPollingIntervalMin":{"type":"integer","description":"Minimum value in sec(s) for client poll interval. The lowest possible value is 60 sec(s) and default value is 180 secs(s)"},"clientPollingIntervalMax":{"type":"integer","description":"Maximum value in sec(s) for client poll interval. The default value is 360 secs(s)"},"fingerPrintCheck":{"type":"boolean","description":"Require a fingerprint check for all programs that are specified in an \"access policy\". The default value is 'false'."}},"example":{"allowOffline":true,"offlineTimeout":10,"logLevel":"DEBUG","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"tcp","syslogFacility":"local1","allowSuAccess":false,"clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a ProtectFile client on CipherTrust Manager.","type":"string"},"ipHostname":{"description":"IP address or hostname of the ProtectFile client.This field is used for identification of client.","type":"string"},"clientProfile":{"description":"Client profile to use by the ProtectFile client.","type":"string"},"osType":{"description":"Operating system of the ProtectFile client machine (windows or linux).","type":"string"},"sharedSecret":{"description":"The shared secret.","type":"string"},"isBootstrapped":{"description":"The client has been bootstrapped.","type":"boolean"},"productName":{"description":"CTE-U, or blank.","type":"string"},"productVersion":{"description":"The CTE-U version, or blank.","type":"string"},"productMajorVersion":{"description":"The CTE-U major version number, or blank.","type":"integer"},"productMinorVersion":{"description":"The CTE-U minor version number, or blank.","type":"integer"},"osVersion":{"description":"The OS distribution name and version (CTE-U only).","type":"string"},"kernelVersion":{"description":"The version of the linux kernel (CTE-U only).","type":"string"},"lastCheckIn":{"description":"A timestamp of the last time the client checked in with the CipherTrust Manager.","type":"string"},"clientDescription":{"description":"An editable string that describes the client.","type":"string"}}}]},"examples":{"application/json":{"id":"2ab12cb5-b444-425e-8019-dd2228495c74","uri":"kylo:kylo:mogambo:clientprofile:ClientProfile_1519477869","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:11:08.8083Z","name":"ClientProfile_Windows","updatedAt":"2018-02-24T13:11:16.652176146Z","allowOffline":true,"offlineTimeout":10,"logLevel":"DEBUG","syslogEnabled":true,"syslogServerIp":"10.164.16.100","syslogServerPort":514,"syslogProtocol":"udp","syslogFacility":"local1","allowSuAccess":false,"clusterHostList":"10.168.12.34;10.168.14.56","clusterPort":443,"clientPollingIntervalMin":180,"clientPollingIntervalMax":360,"fingerPrintCheck":true}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a client profile.","tags":["ProtectFile/ClientProfiles"],"responses":{"204":{"description":"No Content | Successful deletion of client profile.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of ProtectFile clients added to the CipherTrust Manager. The results can be filtered, using the query parameters.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by client's name."},{"name":"ipHostname","in":"query","required":false,"type":"string","description":"Filter the results by clients's IP address or hostname."},{"name":"osType","in":"query","required":false,"type":"string","description":"Filter the results by client's operating system."},{"name":"clientProfile","in":"query","required":false,"type":"string","description":"Filter the results by client's client profile."},{"name":"clientDescription","in":"query","required":false,"type":"string","description":"Filter the results by client's client description."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a ProtectFile client on CipherTrust Manager.","type":"string"},"ipHostname":{"description":"IP address or hostname of the ProtectFile client.This field is used for identification of client.","type":"string"},"clientProfile":{"description":"Client profile to use by the ProtectFile client.","type":"string"},"osType":{"description":"Operating system of the ProtectFile client machine (windows or linux).","type":"string"},"sharedSecret":{"description":"The shared secret.","type":"string"},"isBootstrapped":{"description":"The client has been bootstrapped.","type":"boolean"},"productName":{"description":"CTE-U, or blank.","type":"string"},"productVersion":{"description":"The CTE-U version, or blank.","type":"string"},"productMajorVersion":{"description":"The CTE-U major version number, or blank.","type":"integer"},"productMinorVersion":{"description":"The CTE-U minor version number, or blank.","type":"integer"},"osVersion":{"description":"The OS distribution name and version (CTE-U only).","type":"string"},"kernelVersion":{"description":"The version of the linux kernel (CTE-U only).","type":"string"},"lastCheckIn":{"description":"A timestamp of the last time the client checked in with the CipherTrust Manager.","type":"string"},"clientDescription":{"description":"An editable string that describes the client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"69930680-4223-49fd-bc3b-ab74be55a094","uri":"kylo:kylo:mogambo:clients:Client_1519478372","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330947Z","name":"Client_Windows","updatedAt":"2018-02-24T13:19:32.330947Z","ipHostname":"server01.domain.com","osType":"windows","clientProfile":"ClientProfile_Windows","sharedSecret":"","isBootstrapped":true,"productName":"CTE-U","productVersion":"9.3.0.000.999","productMajorVersion":"9","productMinorVersion":"3","osVersion":"CentOS Linux7","kernelVersion":"3.10.0-1160.21.1.el7.x86_64","lastCheckIn":"2021-08-19T21:30:06.705652Z","clientDescription":"NFS Server"}]}}}}}},"/v1/protectfile/clients/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a ProtectFile client.","tags":["ProtectFile/Clients"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a ProtectFile client on CipherTrust Manager.","type":"string"},"ipHostname":{"description":"IP address or hostname of the ProtectFile client.This field is used for identification of client.","type":"string"},"clientProfile":{"description":"Client profile to use by the ProtectFile client.","type":"string"},"osType":{"description":"Operating system of the ProtectFile client machine (windows or linux).","type":"string"},"sharedSecret":{"description":"The shared secret.","type":"string"},"isBootstrapped":{"description":"The client has been bootstrapped.","type":"boolean"},"productName":{"description":"CTE-U, or blank.","type":"string"},"productVersion":{"description":"The CTE-U version, or blank.","type":"string"},"productMajorVersion":{"description":"The CTE-U major version number, or blank.","type":"integer"},"productMinorVersion":{"description":"The CTE-U minor version number, or blank.","type":"integer"},"osVersion":{"description":"The OS distribution name and version (CTE-U only).","type":"string"},"kernelVersion":{"description":"The version of the linux kernel (CTE-U only).","type":"string"},"lastCheckIn":{"description":"A timestamp of the last time the client checked in with the CipherTrust Manager.","type":"string"},"clientDescription":{"description":"An editable string that describes the client.","type":"string"}}}]},"examples":{"application/json":{"id":"4b6de4b0-d70e-42c8-a555-e8c791ed2ebf","uri":"kylo:kylo:mogambo:clients:Client_1519478754","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:25:54.062258Z","name":"Client_Windows","updatedAt":"2018-02-24T13:25:54.062258Z","ipHostname":"server01.domain.com","osType":"windows","clientProfile":"ClientProfile_Windows","sharedSecret\"":"","isBootstrapped\"":true,"productName\"":"CTE-U","productVersion\"":"9.3.0.000.999","productMajorVersion\"":"9","productMinorVersion\"":"3","osVersion\"":"CentOS Linux7","kernelVersion\"":"3.10.0-1160.21.1.el7.x86_64","lastCheckIn\"":"2021-08-19T21:30:06.705652Z"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the details of a client on the CipherTrust Manager.","tags":["ProtectFile/Clients"],"parameters":[{"name":"body","in":"body","description":"The ProtectFile client properties to change. The properties will be merged\nwith the client resource.\n","schema":{"type":"object","title":"Update Client","properties":{"ipHostname":{"type":"string","description":"IP address or hostname of the ProtectFile client.This field is used for identification of client."},"osType":{"type":"string","description":"Operating system of the ProtectFile client."},"clientProfile":{"type":"string","description":"Client profile for the ProtectFile client."},"clientDescription":{"type":"string","description":"Client description for the ProtectFile client."}},"example":{"ipHostname":"10.164.15.103","osType":"linux","clientProfile":"ClientProfile_Linux","clientDescription":"Local File Server"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a ProtectFile client on CipherTrust Manager.","type":"string"},"ipHostname":{"description":"IP address or hostname of the ProtectFile client.This field is used for identification of client.","type":"string"},"clientProfile":{"description":"Client profile to use by the ProtectFile client.","type":"string"},"osType":{"description":"Operating system of the ProtectFile client machine (windows or linux).","type":"string"},"sharedSecret":{"description":"The shared secret.","type":"string"},"isBootstrapped":{"description":"The client has been bootstrapped.","type":"boolean"},"productName":{"description":"CTE-U, or blank.","type":"string"},"productVersion":{"description":"The CTE-U version, or blank.","type":"string"},"productMajorVersion":{"description":"The CTE-U major version number, or blank.","type":"integer"},"productMinorVersion":{"description":"The CTE-U minor version number, or blank.","type":"integer"},"osVersion":{"description":"The OS distribution name and version (CTE-U only).","type":"string"},"kernelVersion":{"description":"The version of the linux kernel (CTE-U only).","type":"string"},"lastCheckIn":{"description":"A timestamp of the last time the client checked in with the CipherTrust Manager.","type":"string"},"clientDescription":{"description":"An editable string that describes the client.","type":"string"}}}]},"examples":{"application/json":{"id":"f9e1c4b3-1449-4b00-a480-6b101c395ff2","uri":"kylo:kylo:mogambo:clients:Client_1519479034","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:30:34.237821Z","name":"Client_Linux","updatedAt":"2018-02-24T13:30:41.099510554Z","ipHostname":"10.164.15.103","osType":"linux","clientProfile":"ClientProfile_Linux","clientDescription":"Local File Server"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a ProtectFile client from the CipherTrust Manager.\n\n_Note: Deleting a ProtectFile client will dis-associate all the rules. This is an irreversible event._\n","tags":["ProtectFile/Clients","Danger"],"responses":{"204":{"description":"No Content | Successful deletion of ProtectFile client.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/{clientId}/fingerprint/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Fingerprint refresh","description":"Force the CTE-U client to reload fingerprint data.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the CTE-U client.","type":"string","required":true}],"responses":{"204":{"description":"Success. Fingerprint records for the specified client have been removed.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/{clientId}/shares/{shareId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create Link","description":"Create a link between client with id '_clientId_' and network share with id '_shareId_'.\n","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can bethe ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true}],"responses":{"201":{"description":"Successful link creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:mogambo:client_rule_association:f5d29707-6572-4ab8-8c14-aff8b7195664","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","shareId":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","clientID":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde"}}}}},"delete":{"summary":"Delete Link","description":"Removes a network share from the client.","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can bethe ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID(a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"get":{"summary":"Get Link","description":"Returns the list of network shares for a ProtectFile client.\n","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true},{"name":"shareId","in":"path","required":true,"type":"string","description":"An identifier of the ProtectFile share. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI)."}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clientId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"shareId":{"description":"Unique identifier of the share.","type":"string"}}}]},"examples":{"application/json":{"id":"22848ff3-18ec-4600-9219-49e58b748282","uri":"kylo:kylo:mogambo:client_share_association:22848ff3-18ec-4600-9219-49e58b748282","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-09-20T04:37:42.969067Z","updatedAt":"2018-09-20T04:37:42.969067Z","shareId":"52d62aaa-61f6-4e93-a799-bc02e2ae0aa1","clientId":"84646ede-3a2e-4b38-b933-9051f650b6b7"}}}}}},"/v1/protectfile/clients/{clientId}/shares/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Shares","description":"Returns the list of network shares for a ProtectFile client.\n","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result by share type."},{"name":"shareId","in":"query","required":false,"type":"string","description":"Filter result by share id."},{"name":"shareName","in":"query","required":false,"type":"string","description":"Filter result by share name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clientId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"shareId":{"description":"Unique identifier of the share.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"22848ff3-18ec-4600-9219-49e58b748282"},{"uri":"kylo:kylo:mogambo:client_share_association:22848ff3-18ec-4600-9219-49e58b748282"},{"account":"kylo:kylo:admin:accounts:kylo"},{"application":"ncryptify:gemalto:admin:apps:kylo"},{"devAccount":"ncryptify:gemalto:admin:accounts:gemalto"},{"createdAt":"2018-09-20T04:37:42.969067Z"},{"updatedAt":"2018-09-20T04:37:42.969067Z"},{"shareId":"52d62aaa-61f6-4e93-a799-bc02e2ae0aa1"},{"clientId":"84646ede-3a2e-4b38-b933-9051f650b6b7"}]}}}}}},"/v1/protectfile/clients/{clientId}/clusters/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Clusters","description":"Returns the list of Clusters for a ProtectFile client.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true},{"name":"clusterId","in":"query","required":false,"type":"string","description":"Filter result by cluster id."},{"name":"clusterName","in":"query","required":false,"type":"string","description":"Filter result by cluster name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clusterId":{"description":"Unique identifier of the ProtectFile cluster. This value is the yugo `ID`.","type":"string"},"clientId":{"description":"Unique identifier of the client. This value is the yugo `ID`.","type":"string"},"clusterName":{"description":"Name of cluster corresponding to clusterId.","type":"string"},"clientName":{"description":"Name of client corresponding to clientId.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"22848ff3-18ec-4600-9219-49e58b748282"},{"uri":"kylo:kylo:mogambo:client_cluster_association:22848ff3-18ec-4600-9219-49e58b748282"},{"account":"kylo:kylo:admin:accounts:kylo"},{"application":"ncryptify:gemalto:admin:apps:kylo"},{"devAccount":"ncryptify:gemalto:admin:accounts:gemalto"},{"createdAt":"2018-09-20T04:37:42.969067Z"},{"updatedAt":"2018-09-20T04:37:42.969067Z"},{"shareId":"52d62aaa-61f6-4e93-a799-bc02e2ae0aa1"},{"clientId":"84646ede-3a2e-4b38-b933-9051f650b6b7"}]}}}}}},"/v1/protectfile/shares/{shareId}/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Clients","description":"Returns the list of clients associated with network shares.\n","tags":["ProtectFile/Client-Share"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the ProtectFile shares. This can be the ID (a UUIDv4), the URI, or the slug which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result by share type."},{"name":"clientId","in":"query","required":false,"type":"string","description":"Filter result by client id."},{"name":"clientName","in":"query","required":false,"type":"string","description":"Filter result by client name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"clientId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"shareId":{"description":"Unique identifier of the share.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"22848ff3-18ec-4600-9219-49e58b748282"},{"uri":"kylo:kylo:mogambo:client_share_association:22848ff3-18ec-4600-9219-49e58b748282"},{"account":"kylo:kylo:admin:accounts:kylo"},{"application":"ncryptify:gemalto:admin:apps:kylo"},{"devAccount":"ncryptify:gemalto:admin:accounts:gemalto"},{"createdAt":"2018-09-20T04:37:42.969067Z"},{"updatedAt":"2018-09-20T04:37:42.969067Z"},{"shareId":"52d62aaa-61f6-4e93-a799-bc02e2ae0aa1"},{"clientId":"84646ede-3a2e-4b38-b933-9051f650b6b7"}]}}}}}},"/v1/protectfile/rules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new rule to the ProtectFile clients\nusing a rule identifier. The rule status and parameters specific to a client-rule combination are present in the client-rule association.\nA rule is an unnamed resource. Either `includeExtensions` or `excludeExtensions` can be present in a single rule.\n","tags":["ProtectFile/Rules"],"parameters":[{"name":"body","in":"body","description":"ProtectFile rule creation parameters.","schema":{"type":"object","title":"Create Rule","required":["path"],"properties":{"path":{"type":"string","description":"Path of the directory or file to protect. Paths to encrypt or decrypt are referred to as \"encryption paths\" in this document."},"name":{"type":"string","description":"Name for the rule. If name is not provided, a name of the form \"Rule-XXXX\" is automatically generated, where XXXX is a random string 27 characters."},"includeExtensions":{"type":"string","description":"Extensions of files to encrypt. This option is applicable if 'EncryptData' is \"true\". Multiple values should be provided as Semi-colon seperated list. Either `includeExtensions` or `excludeExtensions` can be present."},"excludeExtensions":{"type":"string","description":"Extensions of files to ignore during encryption. This option is applicable if 'EncryptData' is \"true\". Multiple values should be provided as Semi-colon seperated list. Either `includeExtensions` or `excludeExtensions` can be present."},"isDirectory":{"type":"boolean","description":"Whether the 'Path' is a directory. Default value is `true`."},"isRecursive":{"type":"boolean","description":"Whether the rule will be applied recursively if \"path\" is a directory. Default value is `true`."},"ignoreDirectory":{"type":"string","description":"(Applicable to Linux clients) Comma-separated list of directories to ignore during encryption. Default value is `true`."},"encryptData":{"type":"boolean","description":"Whether to encrypt data or provide access control only. \"true\" for encryption, \"false\" for no encryption. Default value is `true`."},"skipMigration":{"type":"boolean","description":"Skip the migration step when adding a new directory. CTE-U will NOT wait for agent to scan all files before it marks the path encryption completed. \"true\" to skip migration, \"false\" to perform migration. Default value is `false`."}},"example":{"path":"/tmp/file1.txt","name":"RecordEncryptRule","includeExtensions":"*.txt;*.gif","excludeExtensions":"*.pem","isDirectory":true,"isRecursive":true,"ignoreDirectory":"/usr/local, /var/log","encryptData":true,"skipMigration":false}}}],"responses":{"201":{"description":"Successful rule creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:mogambo:rules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:15:47.331272857Z","updatedAt":"2018-05-24T14:15:47.331272857Z","path":"C:\\AppData","name":"RecordEncryptRule","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"isDirectory":true}}}}},"get":{"summary":"List","description":"Returns the list of rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["ProtectFile/Rules"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the rule name."},{"name":"encryptData","in":"query","required":false,"type":"boolean","description":"Filter result for encryption or Access-Only rules."},{"name":"skipMigration","in":"query","required":false,"type":"boolean","description":"Filter result for migrate or do-not-migrate rules."},{"name":"path","in":"query","required":false,"type":"string","description":"Filter result using the path."},{"name":"isDirectory","in":"query","required":false,"type":"boolean","description":"Filter result for Directory or File type rules."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"path":{"description":"Path of the directory or file where to protect. Paths to encrypt or decrypt are referred to as \"encryption paths\" in this document.","type":"string"},"name":{"description":"Optional name for the rule. If name is not provided, a name of the form \"Rule-XXXX\" is automatically generated, where XXXX is a random string 27 characters.","type":"string"},"includeExtensions":{"description":"File extensions (Semi-colon separated list) on which the rule will be applied. This tag is applicable to \"encrypt data\" policies only.","type":"string"},"excludeExtensions":{"description":"File extensions (Semi-colon separated list) on which the rule will not be applied. This tag is applicable to \"encrypt data\" policies only.","type":"string"},"isDirectory":{"description":"Whether the path is a directory.","type":"boolean"},"isRecursive":{"description":"Whether the rule will be applied recursively if path is a directory.","type":"boolean"},"ignoreDirectory":{"description":"(Applicable to Linux clients) Comma-separated list of directories to ignore during encryption.","type":"string"},"encryptData":{"description":"Whether to encrypt data or perform access checks only (no encryption). \"true\" for encryption, \"false\" for no encryption.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:mogambo:rules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:15:47.331272857Z","updatedAt":"2018-05-24T14:15:47.331272857Z","path":"C:\\AppData","name":"RecordEncryptRule","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"isDirectory":true},{"id":"2a650512-2564-4f6b-aa43-d8105d4d5f69","uri":"kylo:kylo:mogambo:rules:2a650512-2564-4f6b-aa43-d8105d4d5f69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:22:01.504063739Z","updatedAt":"2018-05-24T14:22:01.504063739Z","path":"C:\\ProtectedData","name":"Rule-S%^GHT@#KIU&*%T%%dfvaenjutf","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":false,"skipMigration":false,"isDirectory":true}]}}}}}},"/v1/protectfile/rules/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify rule parameters. The parameters which are to be modified are placed in the body params. There is no default value for parameters.\n","tags":["ProtectFile/Rules"],"parameters":[{"name":"body","in":"body","description":"ProtectFile rule parameters.","schema":{"type":"object","title":"Modify Rule","properties":{"path":{"type":"string","description":"Path of the directory or file to protect. Paths to encrypt or decrypt are referred to as \"encryption paths\" in this document."},"isDirectory":{"type":"boolean","description":"Whether the 'Path' is a directory."},"isRecursive":{"type":"boolean","description":"Whether the rule will be applied recursively if \"path\" is a directory."},"ignoreDirectory":{"type":"string","description":"(Applicable to Linux clients) Comma-separated list of directories to ignore during encryption."},"encryptData":{"type":"boolean","description":"Whether to encrypt data or provide access control only (no encryption). \"true\" for encryption, \"false\" for no encryption."},"skipMigration":{"type":"boolean","description":"Lets the customer skip the migration step. In other words, it will NOT wait for agent to scan all files before it marks the path encryption completed. \"true\" to skip migration, \"false\" to perform migration. Default value is `false`."}},"example":{"isRecursive":true}}}],"responses":{"201":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:mogambo:rules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:15:47.331272857Z","updatedAt":"2018-05-24T14:15:47.331272857Z","path":"C:\\AppData","name":"RecordEncryptRule","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"isDirectory":true}}}}},"get":{"summary":"Get","description":"Returns details of a rule with the given id.\n","tags":["ProtectFile/Rules"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:mogambo:rules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T14:15:47.331272857Z","updatedAt":"2018-05-24T14:15:47.331272857Z","path":"C:\\AppData","name":"RecordEncryptRule","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"isDirectory":true}}}}},"delete":{"summary":"Delete","description":"Deletes a rule with a given id if it is not used by any ProtectFile client.","tags":["ProtectFile/Rules"],"responses":{"204":{"description":"No Content | Successful deletion of rule.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/{clientId}/rules/{ruleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Rule","description":"Create a link between client with id '_clientId_' and rule with id '_ruleId_'\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"ProtectFile client-rule link creation parameters.","schema":{"type":"object","title":"Create Client Rule link","required":["accessPolicyGroup"],"properties":{"keyName":{"type":"string","description":"Name of the key to encrypt data. Encryption keys are not needed if 'EncryptData' is \"false\"."},"accessPolicyGroup":{"type":"string","description":"Identifier of the access policy group to use for controlling access."}}}}],"responses":{"201":{"description":"Successful rule addition.","schema":{"type":"object"},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:mogambo:client_rule_association:f5d29707-6572-4ab8-8c14-aff8b7195664","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","parentId":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","ruleID":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","ruleSeqNumber":0,"ruleOperation":"None","ruleState":"Created","ruleFailed":"No","keyName":"pf-aes-256","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"DemoGroup","ruleType":"LOCAL","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"get":{"summary":"Get Rule","description":"Returns a link between clientId and ruleId along with other parameters like ruleState, failedEarlier and driveGuid.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"ruleId":"a645e023-2224-4aa5-ba6b-586653051ef1","ruleSeqNumber":0,"path":"/opt/test/1_50","name":"Rule-McASQ3QIKthU/o/MtVdwRyik40na9Prw/uiP","ruleType":"LOCAL","keyName":"testKey_1_50","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":true,"accessPolicyGroup":"APG1_1","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"delete":{"summary":"Remove Rule","description":"Removes a rule from the client","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clients/{clientId}/rules/{ruleId}/operation":{"patch":{"summary":"Deploy Rule","description":"Updates operation for rule of a client for Encryption, Rekey and Decryption.\nUser can also modify the access policy group linked to client-rule link.\nFor Rekey/Key Rotation `keyName` is required field.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"ProtectFile rule update parameters.","schema":{"type":"object","title":"Modify Rule operation","properties":{"ruleOperation":{"type":"string","description":"The operation to perform on the rule. The valid values are \"Encrypt\" \"KeyRotate\" and \"Decrypt\".\n"},"keyName":{"type":"string","description":"Name of the key to encrypt data. This option is applicable if 'encryptData' is \"true\"."},"keyRotationType":{"type":"string","description":"Type of Key Rotation operation. Not valid if 'NoEncryption' is true.\nValid values are `Shallow` and `Deep`. Default value for Key Rotation is `shallow`.\n"},"accessPolicyGroup":{"type":"string","description":"Access Policy Group identifier to change access control on rule."}},"example":{"ruleOperation":"Encrypt"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"866856b3-2a53-4d35-bcbc-f848aa120398","uri":"kylo:kylo:mogambo:client_rule_association:866856b3-2a53-4d35-bcbc-f848aa120398","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T07:07:05.748731Z","updatedAt":"2018-05-24T14:31:11.264614636Z","parentId":"fb40eecc-9c2a-437b-9f88-b690a14f5a3d","ruleID":"b9a3fa37-6c03-4701-b96f-0f6fd7386844","ruleSeqNumber":0,"ruleOperation":"KeyRotate","ruleState":"InProgress","ruleFailed":"No","keyName":"DemoKey1","oldKeyName":"DemoKey2","keyRotationType":"Shallow","accessPolicyGroup":"DemoAPG","ruleType":"LOCAL","driveGUID":"80c02829-dfd9-4c93-9f25-0b57ef7792ff"}}}}}},"/v1/protectfile/clients/{clientId}/rules/{ruleId}/drive_guid":{"patch":{"summary":"Update Drive GUID","description":"Updates the drive GUID of a LOCAL rule of a client.\nThe rule has to be in the Encrypted state to be able to successfully update the drive GUID.\nThis operation is only valid for Windows Clients.\nMembers of the Protectfile Admins Group are allowed to update the drive GUID.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"driveGUID","in":"body","required":true,"description":"ProtectFile rule update parameters.","schema":{"type":"object","title":"Modify Drive GUID","required":["driveGUID"],"properties":{"driveGUID":{"type":"string","description":"The new drive GUID to be used.\n"}},"example":{"driveGUID":"80c02829-dfd9-4c93-9f25-0b57ef7792ff"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:mogambo:client_rule_association:f5d29707-6572-4ab8-8c14-aff8b7195664","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","parentId":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","ruleID":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","ruleSeqNumber":0,"ruleOperation":"None","ruleState":"Encrypted","ruleFailed":"No","keyName":"pf-aes-256","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"DemoGroup","ruleType":"LOCAL","driveGUID":"80c02829-dfd9-4c93-9f25-0b57ef7792ff"}}}}}},"/v1/protectfile/clients/{clientId}/rules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Show Rules","description":"Returns the list of rules for a ProtectFile client.\n","tags":["ProtectFile/Clients"],"parameters":[{"name":"clientId","in":"path","description":"An identifier of the ProtectFile client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleOperation","in":"query","required":false,"type":"string","description":"Filter result by rule operation."},{"name":"ruleState","in":"query","required":false,"type":"string","description":"Filter result by rule state."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"parentId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"ruleId":{"description":"Unique identifier of the rule.","type":"string"},"ruleSeqNumber":{"description":"Rule sequence number","type":"integer"},"ruleOperation":{"description":"Operation getting performed on the rule.","type":"string"},"ruleState":{"description":"Current state of the rule.","type":"string"},"ruleFailed":{"description":"Whether the operation on rule has failed.","type":"string"},"keyName":{"description":"Name of the key to encrypt data.","type":"string"},"keyVersion":{"description":"Version of keyName.","type":"integer"},"oldKeyName":{"description":"Name of the old key used for encryption. This key will be replaced by a new key to perform key rotation.","type":"string"},"oldKeyVersion":{"description":"Version of oldKeyName.","type":"integer"},"keyRotationType":{"description":"Type of key rotation - shallow or deep.","type":"string"},"accessPolicyGroup":{"description":"Name of the access policy group.","type":"string"},"ruleType":{"description":"Type of the rule - Local, Network, Cluster.","type":"string"},"driveGUID":{"description":"Drive GUID mapped to path on ProtectFile client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"ruleId":"a645e023-2224-4aa5-ba6b-586653051ef1","ruleSeqNumber":0,"path":"/opt/test/1_50","name":"Rule-McASQ3QIKthU/o/MtVdwRyik40na9Prw/uiP","ruleType":"LOCAL","keyName":"testKey_1_50","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"skipMigration":false,"keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":true,"accessPolicyGroup":"APG1_1","driveGUID":"11111111-1111-1111-1111-111111111111"}]}}}}}},"/v1/protectfile/accesspolicies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new access policy to manage access control of an encrypted path.\nAn access policy can be created for individual entities (users, groups, or processes) or combination of \"user and process\" and \"group and process\".\nAt least one of the entities or valid combination is requied to create access policy.\n","tags":["ProtectFile/AccessPolicies"],"parameters":[{"name":"body","in":"body","description":"Parameters for creating Access Policy.","schema":{"type":"object","title":"Create AccessPolicy","required":["access"],"properties":{"access":{"type":"string","description":"The access to be granted for selected user/group/process or combination.\nValid values for access are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`\n`ReadCipher` and `NoAccess`. The access `ReadWriteCipher` & `ReadCipher` are not\napplicable for no encryption rule and access policy group.\n"},"name":{"type":"string","description":"Name for the access policy. If name is not provided, a name of the form \"Access-Policy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"The username for which access control is to be enforced.\nIf the user is a domain user, specify domain name with the username; for example, user@domain.com.\n"},"groupname":{"type":"string","description":"The group for which access control is to be enforced.\nIf group is a domain group, specify domain name with the groupname; for example, group@domain.com.\n"},"processname":{"type":"string","description":"The name of the process for which access control is to be enforced.\nThe process name should be a fully qualified domain name; for example, /path/to/process or C:\\\\Path\\\\To\\\\Process.exe.\n"}},"example":{"access":"ReadWrite","username":"Administrator","processname":"C:\\Windows\\System32\\notepad.exe","name":"AccessPolicy_1"}}}],"responses":{"201":{"description":"Successful access policy creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]},"examples":{"application/json":{"id":"a114b6c4-8261-4bda-87f4-380f6c1ab7e2","uri":"testapp:bob:mogambo:accesspolicies:a114b6c4-8261-4bda-87f4-380f6c1ab7e2","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T21:06:28.094236187+05:30","updatedAt":"2018-04-29T21:06:28.094236187+05:30","username":"Administrator","groupname":"","processname":"","type":"user","access":"ReadWrite","name":"AccessPolicy_1"}}}}},"get":{"summary":"List","description":"Returns a list of access policies. The result can be filtered using the query parameters.","tags":["ProtectFile/AccessPolicies"],"parameters":[{"name":"username","in":"query","required":false,"type":"string","description":"Filter result by username of access policy."},{"name":"groupname","in":"query","required":false,"type":"string","description":"Filter result by groupname of access policy."},{"name":"processname","in":"query","required":false,"type":"string","description":"Filter result by processname of access policy."},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result by type of access policy. Valid values for 'type' are `user`, `group`, `process`, `user AND process` and `group AND process`."},{"name":"access","in":"query","required":false,"type":"string","description":"Filter result by access of access policy. Valid values for access are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`,\n`ReadCipher` and `NoAccess`. The access `ReadWriteCipher` & `ReadCipher` are not\napplicable for no encryption rule and access policy group.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-04-29T13:01:14.78638Z","username":"Administrator","groupname":"","processname":"","type":"user","access":"ReadWrite","name":"AccessPolicy_1"}]}}}}}},"/v1/protectfile/accesspolicies/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an access policy with the given `id`.","tags":["ProtectFile/AccessPolicies"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]},"examples":{"application/json":{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-04-29T13:01:14.78638Z","username":"Administrator","groupname":"","processname":"","type":"user","access":"ReadWrite","name":"AccessPolicy_1"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates parameters of an Access Policy with the given `id`.","tags":["ProtectFile/AccessPolicies"],"parameters":[{"name":"body","in":"body","description":"Properties of the access policy to change. The properties will be merged with the access policy resource.\n","schema":{"type":"object","title":"Update Access Policy","properties":{"access":{"type":"string","description":"The access to be granted to the specified user/group/process or their combination.\nThe valid values are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`,\n`ReadCipher`, and `NoAccess`. The access `ReadWriteCipher` & `ReadCipher` are not\napplicable for no encryption rule and access policy group.\n"},"username":{"type":"string","description":"The username for which access control is to be enforced.\nIf the user is a domain user, specify domain name with the username; for example, user@domain.com.\n"},"groupname":{"type":"string","description":"The group for which access control is to be enforced.\nIf group is a domain group, specify domain name with the groupname; for example, group@domain.com.\n"},"processname":{"type":"string","description":"The name of the process for which access control is to be enforced.\nThe process name should be a fully qualified domain name; for example, /path/to/process or C:\\\\Path\\\\To\\\\Process.exe.\n"}},"example":{"access":"Encrypt","username":"root","groupname":"wheel","processname":"/usr/bin/tar"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"access":{"type":"string","description":"Access type to be granted for user/group/process."},"name":{"type":"string","description":"Optional name for the access policy. If name is not provided, a name of the form \"AccessPolicy-XXXX\" is automatically generated, where XXXX is a random string 19 characters."},"username":{"type":"string","description":"Name of the user for which the policy will be created."},"groupname":{"type":"string","description":"Name of the group for which the policy will be created."},"processname":{"type":"string","description":"Name of the process for which the policy will be created."},"type":{"type":"string","description":"Entity type against which the access check will be performed."}}}]},"examples":{"application/json":{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-04-29T13:01:14.78638Z","username":"Administrator","groupname":"","processname":"","type":"user","access":"Encrypt","name":"AccessPolicy_1"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes an access policy with the given `id`.","tags":["ProtectFile/AccessPolicies"],"responses":{"204":{"description":"No Content | Successful deletion of access policy.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/accesspolicygroups/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new access policy group. An access policy group is a logical grouping of access policies of the same type. It is used to link access policies of the same type.\n","tags":["ProtectFile/AccessPolicyGroups"],"parameters":[{"name":"body","in":"body","description":"Parameters for creating AccessPolicyGroup","schema":{"type":"object","title":"Create AccessPolicyGroup","required":["name"],"properties":{"name":{"type":"string","description":"The name of access policy group.\n"},"osType":{"type":"string","description":"The operating system on which the access policy group will be applied.\nThe valid values are 'windows' and 'linux'; default is 'windows'.\n"},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption. If set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group.\nThis access will be granted if an entity's access request does not match any\naccess policy in the access policy group. The valid values are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`,\n`ReadCipher`, and `NoAccess`. If not specified, \"NoAccess\" is granted by default.\nThe access `ReadWriteCipher` & `ReadCipher` are not applicable for no encryption rule and access policy group.\n"}},"example":{"name":"Windows_Database_Group","osType":"windows","encryptData":true,"defaultAccess":"NoAccess"}}}],"responses":{"201":{"description":"Successful access policy group creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"examples":{"application/json":{"id":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","uri":"testapp:bob:mogambo:accesspolicygroups:Windows_Database_Group","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-30T16:52:39.988661441+05:30","name":"Windows_Database_Group","updatedAt":"2018-04-30T16:52:39.988661441+05:30","osType":"windows","encryptData":true,"defaultAccess":"NoAccess"}}}}},"get":{"summary":"List","description":"Returns a list of access policy groups. The result can be filtered using the query parameters.","tags":["ProtectFile/AccessPolicyGroups"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter result by name of accesspolicygroup."},{"name":"osType","in":"query","required":false,"type":"string","description":"Filter result by operating system type of accesspolicygroup. Valid values are `windows` and `linux`."},{"name":"encryptData","in":"query","required":false,"type":"boolean","description":"Filter result by encryption capability of accesspolicygroup. Valid values are `true` and `false`."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","uri":"testapp:bob:mogambo:accesspolicygroups:Windows_Database_Group","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-30T11:22:39.988661Z","name":"Windows_Database_Group","updatedAt":"2018-04-30T11:22:39.988661Z","osType":"windows","encryptData":true,"defaultAccess":"NoAccess"}]}}}}}},"/v1/protectfile/accesspolicygroups/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an access policy group with the given `id`.","tags":["ProtectFile/AccessPolicyGroups"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"examples":{"application/json":{"id":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","uri":"testapp:bob:mogambo:accesspolicygroups:Windows_Database_Group","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-30T11:22:39.988661Z","name":"Windows_Database_Group","updatedAt":"2018-04-30T11:22:39.988661Z","osType":"windows","encryptData":true,"defaultAccess":"NoAccess"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the details of an access policy group with the given `id`.","tags":["ProtectFile/AccessPolicyGroups"],"parameters":[{"name":"body","in":"body","description":"Properties of the access policy group to change. The properties will be merged with the access policy resource.\n","schema":{"type":"object","title":"Update Access Policy Group","properties":{"defaultAccess":{"type":"string","description":"default access of the access policy group. The valid values are `ReadWrite`, `Write`, `Read`, `ReadWriteCipher`,\n`ReadCipher`, and `NoAccess`.\n"}},"example":{"defaultAccess":"ReadWriteCipher"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"examples":{"application/json":{"id":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","uri":"testapp:bob:mogambo:accesspolicygroups:Windows_Database_Group","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-30T11:22:39.988661Z","name":"Windows_Database_Admin_Group","updatedAt":"2018-04-30T17:06:23.434545831+05:30","osType":"windows","encryptData":true,"defaultAccess":"ReadWriteCipher"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes an access policy group with the given `id`.","tags":["ProtectFile/AccessPolicyGroups"],"responses":{"204":{"description":"No Content | Successful deletion of access policy group.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/accesspolicygroups/{groupId}/accesspolicies/{policyId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"groupId","in":"path","type":"string","description":"An identifier of the Access Policy Group.\nThis can be either the ID (a UUIDv4), the URI, or the name of Access Policy Group.\n","required":true},{"name":"policyId","in":"path","type":"string","description":"An identifier of the access policy. This can be the ID (a UUIDv4), the URI, or the name of the access policy.","required":true}],"post":{"summary":"Add AccessPolicy","description":"Adds an access policy to the access policy group.","tags":["ProtectFile/AccessPolicyGroups"],"responses":{"200":{"description":"Successful access policy group addition.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"accessPolicyGroupId":{"type":"string","description":"Unique identifier of an access policy group."},"accessPolicyId":{"type":"string","description":"Unique identifier of an access policy."},"type":{"type":"string","description":"Type of the access policy."},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL. Access policy group association will provide additional record for default access.\n"}}}]},"examples":{"application/json":{"id":"4ff9bff0-f2ff-41a0-b657-b08bbc33a0a1","uri":"testapp:bob:mogambo:accesspolicygroupaccesspolicyassociations:4ff9bff0-f2ff-41a0-b657-b08bbc33a0a1","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-05-01T09:57:56.571331793+05:30","accessPolicyGroupId":"0c4b6842-bee4-405c-9a2a-f41dce27f24d","accessPolicyId":"a114b6c4-8261-4bda-87f4-380f6c1ab7e2","type":"user"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Remove AccessPolicy","description":"Deletes an access policy from the access policy group.","tags":["ProtectFile/AccessPolicyGroups"],"responses":{"204":{"description":"No Content | Successful deletion of access policy.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/accesspolicygroups/{groupId}/accesspolicies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"groupId","in":"path","type":"string","description":"An identifier of the access policy group. This can be the ID (a UUIDv4), the URI, or the name of the access policy group.\n","required":true}],"get":{"summary":"List AccessPolicies","description":"Returns the list of access policies in an access policy group.","tags":["ProtectFile/AccessPolicyGroups"],"parameters":[{"name":"type","in":"query","required":false,"type":"string","description":"Filter the results by type of access policies. Use wildcards to search for client profiles matching the specified pattern in their names."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL. The result will return one extra policy for default access.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Name for the access policy group."},"osType":{"type":"string","description":"Applicable operating system."},"encryptData":{"type":"boolean","description":"Whether the access policy group provides access control only (no encryption). \"false\" for access control only, \"true\" for encryption.\nIf set to \"false\" only access control will be enforced, data will not be encrypted.\n"},"defaultAccess":{"type":"string","description":"Default access permission for the access policy group. This access will be granted if an entity's access request does not match any access policy in the access policy group."}}}]},"examples":{"application/json":{"groupname":"Windows_Database_Admin_Group","osType":"windows","AccessPolicies":[{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-05-01T04:22:41.034771Z","username":"Administrator","groupname":"","processname":"","type":"user","access":"ReadWrite","name":"AccessPolicy_1"},{"id":"d20fb9b6-013e-4183-b1f4-73dfa907bf75","uri":"testapp:bob:mogambo:accesspolicies:d20fb9b6-013e-4183-b1f4-73dfa907bf75","account":"testapp:bob:admin:accounts:bob","application":"devportal:jill:admin:apps:testapp","devAccount":"devportal:jill:admin:accounts:jill","createdAt":"2018-04-29T12:55:36.66755Z","updatedAt":"2018-05-01T04:22:41.034771Z","username":"Administrator","groupname":"","processname":"C:\\Windows\\System32\\notepad.exe","type":"user AND process","access":"ReadWrite","name":"AccessPolicy_2"},{"id":"","uri":"","account":"","application":"","devAccount":"","createdAt":"0001-01-01T00:00:00Z","updatedAt":"0001-01-01T00:00:00Z","username":"Default","groupname":"","processname":"","type":"Default","access":"NoAccess","name":"AccessPolicy_3"}]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/shares/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new network share to the CipherTrust Manager.\nSpecify the following details.\n- Name for the network share.\n- IP address or hostname of the NAS server.\n- Path shared on the NAS server.\n- Type of the network share - SMB or NFS.\n- Encryptor client to encrypt paths on the network share.\n- Whether a network share is automatically mounted.\n- Whether the SMB network share is exposed to clients through DFS Namespaces.\n- DFS alias when DFS is set to true.\n- A username with access to all directories on the SMB network share.\n- Password of the user with access to the SMB share.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"body","in":"body","description":"Network share parameters","schema":{"type":"object","title":"Create Network Share","required":["name","type","ipHostname","shareName"],"properties":{"name":{"type":"string","description":"User-specified name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory."},"ipHostname":{"type":"string","description":"IP address or hostname of the NAS server where NAS path is shared. This field is mandatory."},"shareName":{"type":"string","description":"Path shared on the NAS server. This field is mandatory."},"type":{"type":"string","description":"Type of the network share - SMB or NFS. This field is mandatory."},"encryptorClient":{"type":"string","description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted.However, you can modify the network share to specify the encryptor client later."},"username":{"type":"string","description":"(SMB shares) A username with access to all directories on the network share that will be encrypted.The encryptor client will use this username to access directories on the share."},"password":{"type":"string","description":"(SMB shares) Password of the user (username) with access to the SMB share."},"dfs":{"type":"boolean","description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false."},"dfsAlias":{"type":"string","description":"(Applicable to Windows clients and SMB shares) This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons. Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names."},"autoMount":{"type":"boolean","description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs.The default value is false."}},"example":{"name":"Test_Network_Share","ipHostname":"server01.domain.com","type":"SMB","shareName":"smb_share_1","username":"smb_user1","password":"password","encryptorClient":"Windows_Client_1","dfs":true,"dfsAlias":"win_alias"}}}],"responses":{"201":{"description":"Successful network share creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"c2ae3531-f490-4224-af7c-273d8feb0dc4","uri":"dev-portal:kylo:mogambo:share:testshare8","account":"dev-portal:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330946801Z","name":"testshare8","updatedAt":"2018-02-24T13:19:32.330946801Z","type":"NFS","ipHostname":"server01.domain.com","username":"admin","password":"admin","shareName":"smb_share_1","encryptorClient\"":"Windows_Client_1","autoMount":false,"dfs":true,"dfsAlias":"alias_1"}}}}},"get":{"summary":"List","description":"Returns a list of network shares added to the CipherTrust Manager.The results can be filtered using the query parameters.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter result by share's name."},{"name":"ipHostname","in":"query","required":false,"type":"string","description":"Filter result by NAS server's IP address or hostname."},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result by share type, SMB or NFS."},{"name":"encryptorClient","in":"query","required":false,"type":"string","description":"Filter result by encryptor client."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"User-specified name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory.","type":"string"},"ipHostname":{"description":"IP address or hostname of the NAS server where NAS path is shared. This field is mandatory.","type":"string"},"type":{"description":"Type of the network share - SMB or NFS.This field is mandatory.","type":"string"},"shareName":{"description":"Path shared on the NAS server (identified by `ipHostname`).This field is mandatory.","type":"string"},"encryptorClient":{"description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later.","type":"string"},"autoMount":{"description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs. The default value is false.","type":"boolean"},"dfs":{"description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false.","type":"boolean"},"dfsAlias":{"description":"(Applicable to Windows clients and SMB shares) This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons. Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names.","type":"string"},"userName":{"description":"(SMB shares) A username with access to all directories on the network share that will be encrypted. The encryptor client will use this username to access directories on the share.","type":"string"},"password":{"description":"(SMB shares) Password of the user (username) with access to the SMB share.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"c2ae3531-f490-4224-af7c-273d8feb0dc4","uri":"dev-portal:kylo:mogambo:share:testshare8","account":"dev-portal:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330946801Z","name":"testshare8","updatedAt":"2018-02-24T13:19:32.330946801Z","type":"NFS","ipHostname":"server01.domain.com","username":"admin","password":"admin","shareName":"smb_share_1","encryptorClient\"":"Windows_Client_1","autoMount":false,"dfs":true,"dfsAlias":"alias_1"}]}}}}}},"/v1/protectfile/shares/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a network share.","tags":["ProtectFile/Shares"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"User-specified name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory.","type":"string"},"ipHostname":{"description":"IP address or hostname of the NAS server where NAS path is shared. This field is mandatory.","type":"string"},"type":{"description":"Type of the network share - SMB or NFS.This field is mandatory.","type":"string"},"shareName":{"description":"Path shared on the NAS server (identified by `ipHostname`).This field is mandatory.","type":"string"},"encryptorClient":{"description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later.","type":"string"},"autoMount":{"description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs. The default value is false.","type":"boolean"},"dfs":{"description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false.","type":"boolean"},"dfsAlias":{"description":"(Applicable to Windows clients and SMB shares) This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons. Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names.","type":"string"},"userName":{"description":"(SMB shares) A username with access to all directories on the network share that will be encrypted. The encryptor client will use this username to access directories on the share.","type":"string"},"password":{"description":"(SMB shares) Password of the user (username) with access to the SMB share.","type":"string"}}}]},"examples":{"application/json":{"id":"c2ae3531-f490-4224-af7c-273d8feb0dc4","uri":"dev-portal:kylo:mogambo:share:testshare8","account":"dev-portal:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330946801Z","name":"testshare8","updatedAt":"2018-02-24T13:19:32.330946801Z","type":"NFS","ipHostname":"server01.domain.com","username":"admin","password":"admin","shareName":"smb_share_1","encryptorClient\"":"Windows_Client_1","autoMount":false,"dfs":true,"dfsAlias":"alias_1"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the details of a network share on the CipherTrust Manager.","tags":["ProtectFile/Shares"],"parameters":[{"name":"body","in":"body","description":"The network share properties to change. The properties will be merged with the network share resource.\n","schema":{"type":"object","title":"Update Network Share","properties":{"ipHostname":{"type":"string","description":"IP address or hostname of the NAS server where NAS path is shared.This field is mandatory."},"shareName":{"type":"string","description":"Path shared on the NAS server (identified by 'ipHostname'). This field is mandatory."},"encryptorClient":{"type":"string","description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later."},"username":{"type":"string","description":"(SMB shares) A username with access to all directories on the network share that will be encrypted.The encryptor client will use this username to access directories on the share."},"password":{"type":"string","description":"(SMB shares) Password of the user (username) with access to the SMB share."},"dfs":{"type":"boolean","description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false."},"dfsAlias":{"type":"string","description":"(Applicable to Windows clients and SMB shares)This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons.Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names."},"autoMount":{"type":"boolean","description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs. The default value is false."}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"User-specified name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory.","type":"string"},"ipHostname":{"description":"IP address or hostname of the NAS server where NAS path is shared. This field is mandatory.","type":"string"},"type":{"description":"Type of the network share - SMB or NFS.This field is mandatory.","type":"string"},"shareName":{"description":"Path shared on the NAS server (identified by `ipHostname`).This field is mandatory.","type":"string"},"encryptorClient":{"description":"Name of the client that will encrypt paths on the network share. If an encryptor client is not specified, paths on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later.","type":"string"},"autoMount":{"description":"(Applicable to Linux clients) Whether a network share is automatically mounted through Autofs. The default value is false.","type":"boolean"},"dfs":{"description":"(Applicable to Windows clients and SMB shares) Whether the network share is exposed to clients through DFS Namespaces. The default value is false.","type":"boolean"},"dfsAlias":{"description":"(Applicable to Windows clients and SMB shares) This field is applicable when DFS is set to true. Names of machines/domains through which the network shares exposed through DFS Namespace are accessed by users/applications. These names can be NetBIOS names or alias names of domains and/or DFS node clients configured on DNS. Aliases could be IP address, FQDN, NetBIOS name, or hostname. Separate aliases by semicolons. Ensure that aliases specified in the DFS Alias field are correct; ProtectFile does not resolve these names.","type":"string"},"userName":{"description":"(SMB shares) A username with access to all directories on the network share that will be encrypted. The encryptor client will use this username to access directories on the share.","type":"string"},"password":{"description":"(SMB shares) Password of the user (username) with access to the SMB share.","type":"string"}}}]},"examples":{"application/json":{"id":"c2ae3531-f490-4224-af7c-273d8feb0dc4","uri":"dev-portal:kylo:mogambo:share:testshare8","account":"dev-portal:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:dev-portal","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-02-24T13:19:32.330946801Z","name":"testshare8","updatedAt":"2018-02-24T13:19:32.330946801Z","type":"NFS","ipHostname":"server01.domain.com","username":"admin","password":"admin","shareName":"smb_share_1","encryptorClient\"":"Windows_Client_1","autoMount":false,"dfs":true,"dfsAlias":"alias_1"}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a network share from the CipherTrust Manager.\n\n_Note: Deleting a network share will dis-associate all the rules.\nThis is an irreversible event._\n","tags":["ProtectFile/Shares"],"responses":{"204":{"description":"No Content | Successful deletion of network share.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/shares/{shareId}/rules/{ruleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Rule","description":"Create a link between network share with id '_shareId_' and rule with id '_ruleId_'.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Network share-rule link creation parameters.","schema":{"type":"object","title":"Create Share Rule link","required":["accessPolicyGroup"],"properties":{"keyName":{"type":"string","description":"Name of the key to encrypt data. Encryption keys are not needed if 'encryptData' is \"false\"."},"accessPolicyGroup":{"type":"string","description":"Identifier of the access policy group to use for controlling access."}}}}],"responses":{"201":{"description":"Successful rule addition.","schema":{"type":"object"},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:mogambo:client_rule_association:f5d29707-6572-4ab8-8c14-aff8b7195664","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","parentId":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","ruleID":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","ruleSeqNumber":0,"ruleOperation":"None","ruleState":"Created","ruleFailed":"No","keyName":"pf-aes-256","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"DemoGroup","ruleType":"LOCAL","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"get":{"summary":"Get Rule","description":"Returns a link between network share with id '_shareId_' and rule with id '_ruleId_'. Other parameters like 'ruleState', 'failedEarlier', and 'driveGuid' are also returned.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"ruleId":"a645e023-2224-4aa5-ba6b-586653051ef1","ruleSeqNumber":0,"path":"/opt/test/1_50","name":"Rule-McASQ3QIKthU/o/MtVdwRyik40na9Prw/uiP","ruleType":"LOCAL","keyName":"testKey_1_50","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":true,"accessPolicyGroup":"APG1_1","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"delete":{"summary":"Remove Rule","description":"Removes a rule from the network share.","tags":["ProtectFile/Shares"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4),the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of rule from network share.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/shares/{shareId}/rules/{ruleId}/operation":{"patch":{"summary":"Deploy Rule","description":"Updates operation for rule of a network share for encryption, rekey, and decryption.The access policy group linked to the network share-rule link can also be modified. For rekey/key rotation, `keyName` is the mandatory field.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4),the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"ProtectFile rule update parameters.","schema":{"type":"object","title":"Modify Rule operation","properties":{"ruleOperation":{"type":"string","description":"The operation to perform on the rule. The valid values are \"Encrypt\" \"KeyRotate\" and \"Decrypt\".\n"},"keyName":{"type":"string","description":"Name of the key to encrypt data. This option is applicable if 'encryptData' is \"true\"."},"keyRotationType":{"type":"string","description":"Type of the key rotation operation. Not valid if 'encryptData' is true. Valid values are `Shallow` and `Deep`. Default value for key rotation is `shallow`.\n"},"accessPolicyGroup":{"type":"string","description":"Access policy group identifier to change access control on the rule."}},"example":{"ruleOperation":"Encrypt"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"866856b3-2a53-4d35-bcbc-f848aa120398","uri":"kylo:kylo:mogambo:client_rule_association:866856b3-2a53-4d35-bcbc-f848aa120398","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-24T07:07:05.748731Z","updatedAt":"2018-05-24T14:31:11.264614636Z","parentId":"fb40eecc-9c2a-437b-9f88-b690a14f5a3d","ruleID":"b9a3fa37-6c03-4701-b96f-0f6fd7386844","ruleSeqNumber":0,"ruleOperation":"KeyRotate","ruleState":"InProgress","ruleFailed":"No","keyName":"DemoKey1","oldKeyName":"DemoKey2","keyRotationType":"Shallow","accessPolicyGroup":"DemoAPG","ruleType":"LOCAL","driveGUID":"80c02829-dfd9-4c93-9f25-0b57ef7792ff"}}}}}},"/v1/protectfile/shares/{shareId}/rules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Show Rules","description":"Returns the list of rules for a network share.\n","tags":["ProtectFile/Shares"],"parameters":[{"name":"shareId","in":"path","description":"An identifier of the network share. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleOperation","in":"query","required":false,"type":"string","description":"Filter result by rule operation."},{"name":"ruleState","in":"query","required":false,"type":"string","description":"Filter result by rule state."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"parentId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"ruleId":{"description":"Unique identifier of the rule.","type":"string"},"ruleSeqNumber":{"description":"Rule sequence number","type":"integer"},"ruleOperation":{"description":"Operation getting performed on the rule.","type":"string"},"ruleState":{"description":"Current state of the rule.","type":"string"},"ruleFailed":{"description":"Whether the operation on rule has failed.","type":"string"},"keyName":{"description":"Name of the key to encrypt data.","type":"string"},"keyVersion":{"description":"Version of keyName.","type":"integer"},"oldKeyName":{"description":"Name of the old key used for encryption. This key will be replaced by a new key to perform key rotation.","type":"string"},"oldKeyVersion":{"description":"Version of oldKeyName.","type":"integer"},"keyRotationType":{"description":"Type of key rotation - shallow or deep.","type":"string"},"accessPolicyGroup":{"description":"Name of the access policy group.","type":"string"},"ruleType":{"description":"Type of the rule - Local, Network, Cluster.","type":"string"},"driveGUID":{"description":"Drive GUID mapped to path on ProtectFile client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"ruleId":"a645e023-2224-4aa5-ba6b-586653051ef1","ruleSeqNumber":0,"path":"/opt/test/1_50","name":"Rule-McASQ3QIKthU/o/MtVdwRyik40na9Prw/uiP","ruleType":"LOCAL","keyName":"testKey_1_50","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":true,"ignoreDirectory":"","encryptData":true,"keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":true,"accessPolicyGroup":"APG1_1","driveGUID":"11111111-1111-1111-1111-111111111111"}]}}}}}},"/v1/protectfile/clusters/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new ProtectFile cluster. Specify the following details.\n- Name for the ProtectFile cluster.\n- Unique Name for windows cluster (if cluster is for window clients)\n- Name of client responsible for migration if cluster is of type linux.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"body","in":"body","description":"ProtectFile cluster parameters","schema":{"type":"object","title":"Create Cluster","required":["name"],"properties":{"name":{"type":"string","description":"Name of the cluster."},"windowsClusterName":{"type":"string","description":"Unique Name for the Windows cluster. This value should be provided during the creation of Windows cluster.\nThis is not applicable for Linux cluster.\n"},"encryptorClient":{"type":"string","description":"Name of client responsible for migration. This is applicable for Linux cluster."},"clusterOsType":{"type":"string","description":"Operating system type (`windows' or `linux` ) of client cluster. Default value is `windows`."}},"example":{"name":"Cluster1","windowsClusterName":"PF_CLUSTER_TEST.test.com","encryptorClient":"","clusterOsType":"windows"}}}],"responses":{"201":{"description":"Successful ProtectFile cluster creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"c260d8ac-0370-42d6-800c-3d2d30b4c1c0","uri":"kylo:kylo:mogambo:pfcluster:Cluster1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:01:42.643296689Z","name":"Cluster1","updatedAt":"2018-11-19T11:01:42.643296689Z","windowsClusterName":"PF_CLUSTER_TEST.test.com","encryptorClient":"None","clusterOsType":"windows"}}}}},"get":{"summary":"List","description":"Returns the list of ProtectFile clusters.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the cluster name."},{"name":"windowsClusterName","in":"query","required":false,"type":"string","description":"Filter result using the windows cluster unique name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name of ProtectFile Cluster.","type":"string"},"windowsClusterName":{"description":"Unique Name identifying the Windows cluster. This name is attached to service. For linux cluster, this value is empty.","type":"string"},"encryptorClient":{"description":"Name of the client responsible for migration. Valid only for Linux cluster. For Windows, this value is set to 'None'.","type":"string"},"clusterOsType":{"description":"Operating system type (`windows' or `linux`) of attached clients.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"c260d8ac-0370-42d6-800c-3d2d30b4c1c0","uri":"kylo:kylo:mogambo:pfcluster:Cluster1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:01:42.643296689Z","name":"Cluster1","updatedAt":"2018-11-19T11:01:42.643296689Z","windowsClusterName":"PF_CLUSTER_TEST.test.com","encryptorClient":"None","clusterOsType":"windows"},{"id":"ba754686-0ea9-42c7-8135-e230b0bb030f","uri":"kylo:kylo:mogambo:pfcluster:Cluster2","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:04:53.491489Z","name":"Cluster2","updatedAt":"2018-11-19T11:04:53.491489Z","windowsClusterName":"","encryptorClient":"C1","clusterOsType":"linux"}]}}}}}},"/v1/protectfile/clusters/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify cluster parameters.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"body","in":"body","description":"ProtectFile rule parameters.","schema":{"type":"object","title":"Modify Cluster","properties":{"windowsClusterName":{"type":"string","description":"Unique Name for the Windows cluster. This is the name provided during creation of cluster.\nThis is not applicable for Linux cluster.\n"},"encryptorClient":{"type":"string","description":"Name of client responsible for migration. This is applicable for Linux cluster."}},"example":{"windowsClusterName":"PF_CLUSTER_TEST_3.test.com"}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"type":"object"},"examples":{"application/json":{"id":"c260d8ac-0370-42d6-800c-3d2d30b4c1c0","uri":"kylo:kylo:mogambo:pfcluster:Cluster1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:01:42.643296689Z","name":"Cluster1","updatedAt":"2018-11-19T11:01:42.643296689Z","windowsClusterName":"PF_CLUSTER_TEST_3.test.com","encryptorClient":"None","clusterOsType":"windows"}}}}},"get":{"summary":"Get","description":"Returns details of a cluster with the given id.\n","tags":["ProtectFile/Clusters"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"c260d8ac-0370-42d6-800c-3d2d30b4c1c0","uri":"kylo:kylo:mogambo:pfcluster:Cluster1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-19T11:01:42.643296689Z","name":"Cluster1","updatedAt":"2018-11-19T11:01:42.643296689Z","windowsClusterName":"PF_CLUSTER_TEST_3.test.com","encryptorClient":"None","clusterOsType":"windows"}}}}},"delete":{"summary":"Delete","description":"Deletes a cluster with a given id if it does not contain any clients.","tags":["ProtectFile/Clusters"],"responses":{"204":{"description":"No Content | Successful deletion of cluster.","schema":{"type":"string"}}}}},"/v1/protectfile/clusters/{clusterId}/clients/{clientId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Client","description":"Add client to an existing cluster. The client must be bootstrapped. The path parameters clusterId and clientId can\ncontain either ID, URI or name for cluster and client.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"clientId","in":"path","description":"An identifier of the client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"201":{"description":"Successful client addition.","schema":{"type":"object"},"examples":{"application/json":{"id":"cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","uri":"kylo:kylo:mogambo:pfclusterclientassociation:cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:18:35.253599Z","updatedAt":"2018-11-18T16:18:35.253599Z","clusterID":"3ab495bd-16f0-4281-832e-c5a0a46ec8b8","clientID":"ca847d0c-2aea-4dd2-97f6-c096774e75bf","clusterName":"LinuxCluster","clientName":"C1"}}}}},"get":{"summary":"Get Client","description":"Returns a link between cluster and client.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"clientId","in":"path","description":"An identifier of the client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","uri":"kylo:kylo:mogambo:pfclusterclientassociation:cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:18:35.253599Z","updatedAt":"2018-11-18T16:18:35.253599Z","clusterID":"3ab495bd-16f0-4281-832e-c5a0a46ec8b8","clientID":"ca847d0c-2aea-4dd2-97f6-c096774e75bf","clusterName":"LinuxCluster","clientName":"C1"}}}}},"delete":{"summary":"Remove Client","description":"Removes a client from the cluster","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"clientId","in":"path","description":"An identifier of the client. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}}}}},"/v1/protectfile/clusters/{clusterId}/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Clients","description":"Returns all link between cluster and associated clients\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"clientName","in":"query","required":false,"type":"string","description":"Filter result by client name."},{"name":"clientId","in":"query","required":false,"type":"string","description":"Filter result by client ID."}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":[{"id":"cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","uri":"kylo:kylo:mogambo:pfclusterclientassociation:cf77ecd3-3a2d-47b1-ab26-dbd3eb63e9b3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:18:35.253599Z","updatedAt":"2018-11-18T16:18:35.253599Z","clusterID":"3ab495bd-16f0-4281-832e-c5a0a46ec8b8","clientID":"ca847d0c-2aea-4dd2-97f6-c096774e75bf","clusterName":"LinuxCluster","clientName":"C1"},{"id":"3486dd2e-26b2-4a70-b6c5-f732479582d2","uri":"kylo:kylo:mogambo:pfclusterclientassociation:3486dd2e-26b2-4a70-b6c5-f732479582d2","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-13T12:20:33.894826Z","updatedAt":"2018-11-13T12:20:33.894826Z","clusterID":"f415a696-bb7c-4d2b-b832-5ff6e03b4ba5","clientID":"ca847d0c-2aea-4dd2-97f6-c096774e75bg","clusterName":"LinuxCluster","clientName":"C2"}]}}}}},"/v1/protectfile/clusters/{clusterId}/rules/{ruleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Rule","description":"Create a link between clusters with id '_clusterId_' and rule with id '_ruleId_'.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Cluster-rule link creation parameters.","schema":{"type":"object","title":"Create Cluster Rule link","required":["accessPolicyGroup"],"properties":{"keyName":{"type":"string","description":"Name of the key to encrypt data. Encryption keys are not needed if 'encryptData' is \"false\"."},"accessPolicyGroup":{"type":"string","description":"Identifier of the access policy group to use for controlling access."}}}}],"responses":{"201":{"description":"Successful rule addition.","schema":{"type":"object"},"examples":{"application/json":{"id":"36efcc99-bffb-4bdb-a847-9f9c57744aa6","uri":"kylo:kylo:mogambo:client_rule_association:36efcc99-bffb-4bdb-a847-9f9c57744aa6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:53:49.086500602Z","updatedAt":"2018-11-18T16:53:49.086500602Z","parentId":"f415a696-bb7c-4d2b-b832-5ff6e03b4ba5","ruleId":"ddec66dc-574f-4055-ba89-bef964931faa","ruleSeqNumber":"0,","ruleOperation":"None","ruleState":"Created","ruleFailed":"No","keyName":"fe-key1","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"Default_NoAccess_for_Windows","ruleType":"CLUSTER","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"get":{"summary":"Get Rule","description":"Returns a link between cluster with id '_clusterId_' and rule with id '_ruleId_'. Other parameters like 'ruleState', 'failedEarlier', and 'driveGuid' are also returned.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"ruleId":"ddec66dc-574f-4055-ba89-bef964931faa","ruleSeqNumber\"":"0,","path":"C:\\Path1","name":"Rule1","ruleType":"CLUSTER","keyName":"fe-key1","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":"true,","ignoreDirectory":"","encryptData":"true,","keyRotationType":"Shallow","ruleState":"Created","failedRule":"No","ruleOperation":"None","isDirectory":"true,","accessPolicyGroup":"Default_NoAccess_for_Windows","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}},"delete":{"summary":"Remove Rule","description":"Removes a rule from the cluster.","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4),the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of rule from the cluster.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/protectfile/clusters/{clusterId}/rules/{ruleId}/operation":{"patch":{"summary":"Deploy Rule","description":"Updates operation for rule of a ProtectFile cluster for encryption, rekey, and decryption.The access policy group linked to the cluster-rule link can also be modified. For rekey/key rotation, `keyName` is the mandatory field.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleId","in":"path","description":"An identifier of the rule. This can be the ID (a UUIDv4),the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"ProtectFile rule update parameters.","schema":{"type":"object","title":"Modify Rule operation","properties":{"ruleOperation":{"type":"string","description":"The operation to perform on the rule. The valid values are \"Encrypt\" \"KeyRotate\" and \"Decrypt\".\n"},"keyName":{"type":"string","description":"Name of the key to encrypt data. This option is applicable if 'encryptData' is \"true\"."},"keyRotationType":{"type":"string","description":"Type of the key rotation operation. Not valid if 'encryptData' is true. Valid values are `Shallow` and `Deep`. Default value for key rotation is `shallow`.\n"},"accessPolicyGroup":{"type":"string","description":"Access policy group identifier to change access control on the rule."}},"example":{"ruleOperation":"Encrypt"}}}],"responses":{"200":{"description":"Successful rule deployment.","schema":{"type":"object"},"examples":{"application/json":{"id":"36efcc99-bffb-4bdb-a847-9f9c57744aa6","uri":"kylo:kylo:mogambo:client_rule_association:36efcc99-bffb-4bdb-a847-9f9c57744aa6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-11-18T16:53:49.086501Z","updatedAt":"2018-11-18T17:01:22.913909952Z","parentId":"f415a696-bb7c-4d2b-b832-5ff6e03b4ba5","ruleId":"ddec66dc-574f-4055-ba89-bef964931faa","ruleSeqNumber":"0,","ruleOperation":"Encrypt","ruleState":"InProgress","ruleFailed":"No","keyName":"fe-key1","oldKeyName":"","keyRotationType":"Shallow","accessPolicyGroup":"Default_NoAccess_for_Windows","ruleType":"CLUSTER","driveGUID":"11111111-1111-1111-1111-111111111111"}}}}}},"/v1/protectfile/clusters/{clusterId}/rules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Show Rules","description":"Returns the list of rules for a ProtectFile cluster.\n","tags":["ProtectFile/Clusters"],"parameters":[{"name":"clusterId","in":"path","description":"An identifier of the ProtectFile cluster. This can be the ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"ruleOperation","in":"query","required":false,"type":"string","description":"Filter result by rule operation."},{"name":"ruleState","in":"query","required":false,"type":"string","description":"Filter result by rule state."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"parentId":{"description":"Unique identifier of the ProtectFile client.","type":"string"},"ruleId":{"description":"Unique identifier of the rule.","type":"string"},"ruleSeqNumber":{"description":"Rule sequence number","type":"integer"},"ruleOperation":{"description":"Operation getting performed on the rule.","type":"string"},"ruleState":{"description":"Current state of the rule.","type":"string"},"ruleFailed":{"description":"Whether the operation on rule has failed.","type":"string"},"keyName":{"description":"Name of the key to encrypt data.","type":"string"},"keyVersion":{"description":"Version of keyName.","type":"integer"},"oldKeyName":{"description":"Name of the old key used for encryption. This key will be replaced by a new key to perform key rotation.","type":"string"},"oldKeyVersion":{"description":"Version of oldKeyName.","type":"integer"},"keyRotationType":{"description":"Type of key rotation - shallow or deep.","type":"string"},"accessPolicyGroup":{"description":"Name of the access policy group.","type":"string"},"ruleType":{"description":"Type of the rule - Local, Network, Cluster.","type":"string"},"driveGUID":{"description":"Drive GUID mapped to path on ProtectFile client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"ruleId":"ddec66dc-574f-4055-ba89-bef964931faa","ruleSeqNumber":"0,","path":"C:\\Path1","name":"Rule1","ruleType":"CLUSTER","keyName":"fe-key1","oldKeyName":"","includeExtensions":"","excludeExtensions":"","isRecursive":"true,","ignoreDirectory":"","encryptData":"true,","keyRotationType":"Shallow","ruleState":"InProgress","failedRule":"No","ruleOperation":"Encrypt","isDirectory":"true,","accessPolicyGroup":"Default_NoAccess_for_Windows","driveGUID":"11111111-1111-1111-1111-111111111111"}]}}}}}},"/v1/protectapp/profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the protect app client profiles.","tags":["ProtectApp/Client-Profiles"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"0511a184-4cf9-4bcc-b55b-36d1d39fb4d5","uri":"kylo:kylo:nae:profile:test","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-04-20T08:43:08.068039Z","name":"test","updatedAt":"2021-04-20T08:43:08.068039Z","nae_iface_name":"nae","owner":"ncryptify:gemalto:admin:users:admin","properties":{"csr_cn":"","csr_sn":"","csr_uid":"","csr_city":"","csr_email":"","csr_state":"","csr_country":"","csr_org_name":"","csr_org_unit":"","read_timeout":60000,"cert_user_field":"CN","connection_timeout":10000,"impersonated_users":[],"pcache_cache_expiry":43200,"symmetric_cache_expiry":43200,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"cert_file_location":"","credentials_encrypted":false,"asymmetric_key_cache_enabled":false,"persistent_cache_enabled":false,"persistent_cache_directory":"","persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"medium","log_file":"","log_rotation":"Daily","log_size_limit":"100k","key_non_exportable_policy":true,"symmetric_cache_enabled":false}}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"This route is for exchanging a username and password credential or refresh token for\nan API authentication token (access token), which can be used to make API calls.\nThe username and password or refresh token is passed in the body of the request.\n\nThe response contains the `jwt`, which is the API authentication token (access token),\n`duration`, which is the length of time until the token expires, refresh token\nthat can be used to get a new or additional API authentication token, and the\nclient id of the refresh token.\n","tags":["ProtectApp/Client-Profiles"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","title":"Create Client Profile","properties":{"name":{"type":"string","description":"Client Profile name.\n"},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile.\n"},"properties":{"type":"object","description":"Properties object will contains all profle properties\nsymmetric_cache_enabled [Symmetric cache expiry time for local cache for protectapp clients]\nsymmetric_cache_expiry [Symmetric cache expiry time for local cache for protectapp clients]\npcache_cache_expiry [Persistent cache expiry time for local cache for protectapp clients]\nverify_ssl_certificate [verification of Key Manager IP address(IPV4 or IPV6)/host name against Subject Common Name (CN) or Subject Alternative Name (DNS or IP) in the certificate for protectapp clients]\nsyslog_server_ip [Syslog Server IP address (IPV4/IPV6) for protectapp clients]\nsyslog_server_port [Syslog Server port to connect on]\nsyslog_server_protocol [Syslog Server protocol]\nsyslog_no_of_retries [No. of times the connection is retried to Syslog Server]\nsyslog_retry_interval [The duration in seconds after which the connection is retried since the last try on Syslog Server]\nsyslog_retry_limit [Maximum number of times the protectapp client can retry for a particular connection]\nuse_persistent_connections [Enable or disable persistent connections on protectapp clients]\nsize_of_connection_pool [The maximum number of connections in the persistent connection pool on protectapp clients]\nload_balancing_algorithm [The algorithm to determine how the protectapp client selects a Key Manager from a load balancing group]\nconnection_idle_timeout [The time a connection is allowed to be idle in the connection pool before it gets closed automatically by the protectapp client]\nconnection_retry_interval [The amount of time to wait before trying to reconnect by a protectapp client to a disabled server]\ncluster_synchronization_delay [The total amount of time to spend trying to make requests on keys go to the same device the key create or latest key modify went to]\ncert_file_location [To describe via which location client certificate authentication will be done i.e via File Path or using Microsoft Certificate Store]\ncredentials_encrypted [To Enable/Disable the obfuscation of the username and password for making connection by the protectapp clients with the Key Manager]\nasymmetric_key_cache_enabled [To enable asymmetric key caching for local cache on protectapp clients]\npersistent_cache_enabled [To enable persistent key caching during local encryption on protectapp clients]\npersistent_cache_directory [The location of the directory which will contain the persistent key caches of protectapp clients]\npersistent_cache_expiry_keys [The expiration interval after which a key is fetched from key manager]\npersistent_cache_max_size [Maximum number of elements in the Persistent Cache on protectapp clients]\nlog_level [The level of logging to determine verbosity of protectapp clients logs]\nlog_file [The location of the log file of protectapp clients]\nlog_rotation [The log rotation to specify how frequently the log file is rotated on protectapp clients]\nlog_size_limit [The maximum log file size on protectapp clients]\nkey_non_exportable_policy [To enable/disable policy for non exportable keys to perform remote cipher operation, applicable only to symmetric cache present on protectapp clients]\nconnection_timeout [Connection timeout value for protectapp clients]\nread_timeout [Read timeout value for protectapp clients]\ncert_user_field [Specifies how the user name is extracted from the client certificate for protectapp client]\ncsr_email [CSR email address parameter for client certificate for protectapp client]\ncsr_sn [CSR surname parameter for client certificate for protectapp client]\ncsr_cn [CSR common name parameter for client certificate for protect app client]\ncsr_org_name [CSR organization name parameter for client certificate for protect app client]\ncsr_org_unit [CSR organizational unit parameter for client certificate for protect app client]\ncsr_city [CSR city name parameter for client certificate for protect app client]\ncsr_state [CSR state name parameter for client certificate ]\ncsr_country [CSR country name parameter for client certificate]\ncsr_uid [CSR UID parameter for client certificate]\nimpersonated_users [List of impersonated users]\n"}},"example":{"name":"profile1","nae_iface_name":"nae","properties":{"symmetric_cache_enabled":false,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"cert_file_location":"","credentials_encrypted":false,"asymmetric_key_cache_enabled":false,"persistent_cache_enabled":false,"persistent_cache_directory":"","persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"medium","log_file":"","log_rotation":"Daily","log_size_limit":"100k","key_non_exportable_policy":true,"symmetric_cache_expiry":43200,"pcache_cache_expiry":43200,"connection_timeout":60000,"read_timeout":7000,"cert_user_field":"","csr_email":"","csr_sn":"","csr_cn":"","csr_org_name":"","csr_org_unit":"","csr_city":"","csr_state":"","csr_country":"","csr_uid":"","impersonated_users":[]}}}}],"responses":{"201":{"description":"Successful client profile creation.","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"success":"profile created successfully"}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/protectapp/profiles/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the client profile","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the configuration details of the given interface.\n","tags":["ProtectApp/Client-Profiles"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"profile1","nae_iface_name":"nae","properties":{"symmetric_cache_enabled":true,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"cert_file_location":"","credentials_encrypted":false,"asymmetric_key_cache_enabled":false,"persistent_cache_enabled":false,"persistent_cache_directory":"","persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"medium","log_file":"","log_rotation":"Daily","log_size_limit":"100k","key_non_exportable_policy":true,"symmetric_cache_expiry":43200,"pcache_cache_expiry":43200,"connection_timeout":30000,"read_timeout":7000,"csr_org_name":"Thales","csr_city":"Noida","csr_state":"UP","csr_country":"IN"}}}}}},"delete":{"summary":"Delete","description":"Delete given client profile.\n\nInterfaces with name `web`, `kmip` and `nae` cannot be deleted.\n","tags":["ProtectApp/Client-Profiles"],"responses":{"204":{"description":"No Content | Successful deletion of interface."}}}},"/v1/protectapp/clients":{"post":{"summary":"Registers","description":"This route is for exchanging a username and password credential or refresh token for\nan API authentication token (access token), which can be used to make API calls.\nThe username and password or refresh token is passed in the body of the request.\n\nThe response contains the `jwt`, which is the API authentication token (access token),\n`duration`, which is the length of time until the token expires, refresh token\nthat can be used to get a new or additional API authentication token, and the\nclient id of the refresh token.\n","tags":["ProtectApp/Client-Profiles"],"parameters":[{"name":"Time","in":"header","description":"Current date and time of the client in UTC. ex) 2006-01-02T15:04:05.000Z","type":"string"},{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","title":"Create Client Profile","required":["name","component_name","reg_token","component_version","host_name"],"properties":{"name":{"type":"string","description":"Client Name.\n"},"component_name":{"type":"string","description":"Component Name.\n"},"reg_token":{"type":"string","description":"registration token.\n"},"component_version":{"type":"string","description":"component version.\n"},"os_version":{"type":"string","description":"Operating System.\n"},"min_java_version":{"type":"string","description":"Minimum Java Version.\n"},"rte_version":{"type":"string","description":"Run Time Enviroment Version.\n"},"host_name":{"type":"string","description":"host name.\n"}},"example":{"name":"ProtectAppJCE","component_name":"ProtectAppJCE","reg_token":"ADW3CDSDCX==","component_version":"8.9","os_version":"Linux","rte_version":"1.8.0_252","min_java_version":"1.7.0","host_name":"10.1.1.1"}}}],"responses":{"201":{"description":"Successful client registration.","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"success":"client registration successfully"}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"get":{"summary":"List","description":"Returns the protect app registered clients.","tags":["ProtectApp/Client-Profiles"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"70cdf611-b903-4e2c-a6a8-5b1dffc2cf52","uri":"","account":"","application":"","devAccount":"","createdAt":"2021-04-20T08:43:40.054235Z","name":"test","updatedAt":"2021-04-20T08:43:40.054235Z","component_name":"ProtectAppJCE","component_version":"1","cert_expiry":"2023-04-19 08:43:39 +0000 UTC","client_host_name":"1","profile_name":"test","munshi_client_id":"c65dc4b9-5298-4b74-bce0-8118706782b8","fingerprint":"7491560B8CE0C7F670380094D47D8DAD018255ECBF2FA6C016AF0E1BB493590E","impersonated_users":[],"os_version":"","rte_version":"","min_java_version":"","certificate":"-----BEGIN CERTIFICATE-----\nMIIEWzCCAkOgAwIBAgIRAInyQ5zwobH2n/OQILYByIwwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA0MTkwODQzMzlaFw0yMzA0MTkwODQzMzlaMEExLTArBgNVBAMTJDcwY2RmNjEx\nLWI5MDMtNGUyYy1hNmE4LTViMWRmZmMyY2Y1MjEQMA4GCgmSJomT8ixkAQETADCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAND5qfkxQV0vdYEN5mXZVi8v\nOIMyxTD4su98CQ/lSf5HDvgRdJtsh5TlrG9JB/U4Z0aFjOBa52sJplu6/lg8BaPR\n3xgCAbLtkfb6hR/JyBkgYtI6KtxpzzRVVkL7qNynGWuxPEmxh0TPfNIqC4Vdxrg0\nHYPq04Y6NLO5HW+GRr0BuPkUnJND+3JfglPXvxJDgwaoKdSiJil+I4qbX9eQ9NWu\n51wTA/cke07eFEyERqN8NBAWHy79txoMRUPFTmYy9Bh1KTuZ/EhHI+U72GE46iqz\ndeOf2SweSJlnv8dFwrUQzACJtW5ZcnrFJ79bbarW9ufKU4dCEtpMx/b3PvOPPokC\nAwEAAaM1MDMwDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwG\nA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAC3swY0NzoSLUPjY/ZZKEf9e\n62Q3zIZv+5OGYpDKo5XfxeSsXd7D2VY+XjUjaoMqsqNiHAP620nNy52gPD2igEJr\n9iTJ0lkpJVNROcY71i75qz+BSCv48ab8oprwZxPQFaWHbXc+Bq4zUg3kfLdmNvz5\ny43nRojr9RX+j6oH9eyL4K1TB5u3E3lCKHIQ3Z/pt8PFTdU5OLAiD7lvDizZcEBK\nqtD/CwVYcAQp9eD0gCbqLhblMiT2BCUs4/m4gM8HUINcM2yJbt418/M85kp7FX0L\nHUoHH1zZ+jWXpeBnJ2ym9u4RlV6marXwPZOWWQBMOBfG30dyNx4tlKDtOXD4yGZ6\niHg0YosDtq/kblLgXGyjQ2jzL+Xh+/k5zxsaLbjTULejB+Ro+8yqUKKueeVTq9aW\nor5F35OeVaVZiqhrAyzJoLzZ4b06fQZzseHNRs0z48D6NTmWpuVaa0WxE14OsTOI\nwd+3FbGbGd+icYJCBchkIaggV6j9xNaUen520yE4kG0YRQ9hqGQKiTvpGpihtkk5\nqfup8DkPZHOiOiNpTMqbl22mui5JZaxcBxOBB0ZsmAaiN4FovQAG9j8+aNoEHaOx\nqdOkK2s8cdyWtcBeW+K3Kt3QtvKPhJp1dPQYS/Iy4Tulp345NgGB5LoBZ3sBPFUR\nJvjtUT0TO+WFdg9DS2xr\n-----END CERTIFICATE-----\n"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectapp/clients/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the regiter client","required":true,"type":"string"}],"get":{"summary":"Get","description":"Return the configuration details of the given interface.\n","tags":["ProtectApp/Client-Profiles"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client Profile name."},"nae_iface_name":{"type":"string","description":"Nae interface mapped with profile."},"properties":{"type":"object","description":"A schema-less object, which can be used by applications to store\ninformation about the profiles.\nproperties is typically used by applications to store information\nwhich the profile properties like caching and CSR attributes.\n"}}}]},"examples":{"application/json":{"client_id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","name":"test_client","component_name":"b9c41e81-2689-4b2c-bdc0-f0e1f3612214","cert_expiry":"28-08-2017 12:25:00","client_host_name":"10.164.12.56","profile_id":"b9c41e81-2689-4b2c-adc0-f0e1f36122131","munshi_client_id":"rer341e81-2689-4b2c-adc0-f0e1f36122131"}}}}},"delete":{"summary":"Delete","description":"Delete given protectapp client.\n","tags":["ProtectApp/Client-Profiles"],"responses":{"204":{"description":"No Content | Successful deletion of interface."}}}},"/v1/transparent-encryption/unenroll/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Unenrolls a client from the CipherTrust Manager.","description":"Unenrolling a CTE client from the CipherTrust Manager means that the CTE Agent can no longer communicate with the CipherTrust Manager. However, some of the Agent properties can still be seen on the CipherTrust Manager.","tags":["CTE/Clients"],"parameters":[{"name":"body","in":"body","description":"Name of the CTE Client to be unenrolled.","schema":{"type":"object","title":"CTE Client unenrollment parameters","required":["name"],"properties":{"name":{"description":"Name of the CTE client to be unenrolled.","type":"string"}},"example":{"name":"10.3.34.100"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"name":{"description":"Name of the unenrolled CTE Client.","type":"string"}}},"examples":{"name":"10.3.34.100"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a CTE client on the CipherTrust Manager. The client need not necessarily have the CTE Agent installed on it.","tags":["CTE/Clients"],"parameters":[{"name":"body","in":"body","description":"CTE Client creation parameters.","schema":{"type":"object","title":"Create CTE Client","required":["name"],"properties":{"name":{"description":"Name to uniquely identify the client. This name will be visible on the CipherTrust Manager.","type":"string"},"description":{"description":"Description to identify the client.","type":"string"},"password_creation_method":{"description":"Password creation method for the client. Valid values are `MANUAL` and `GENERATE`. The default value is `GENERATE`.","type":"string"},"password":{"description":"Password for the client. Required when `password_creation_method` is `MANUAL`.","type":"string"},"registration_allowed":{"description":"Whether client's registration with the CipherTrust Manager is allowed. The default value is `false`. Set to `true` to allow registration.","type":"boolean"},"communication_enabled":{"description":"Whether communication with the client is enabled. The default value is `false`. Can be set to `true` only if `registration_allowed` is `true`.","type":"boolean"},"client_locked":{"description":"Whether the CTE client is locked. The default value is `false`. Enable this option to lock the configuration of the CTE Agent on the client. Set to `true` to lock the configuration, set to `false` to unlock. Locking the Agent configuration prevents updates to any policies on the client.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"client_type":{"description":"Type of CTE Client. The default value is FS. Valid values are CTE-U and FS.","type":"string"},"profile_identifier":{"description":"Identifier of the Client Profile to be associated with the client. If not provided, the default profile will be linked.","type":"string"}},"example":{"name":"Client_1","description":"Test Client","communication_enabled":false,"client_type":"FS"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:Client_1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"Client_1","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":false,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"","auth_binaries_from":"","status_ref":0,"config_ref":0,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"UNREGISTERED","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of registered clients. The results can be filtered using the query parameters.\n","tags":["CTE/Clients"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by name of client. Use wildcards to search for clients matching the specified pattern in their names."},{"name":"uri_list","in":"query","required":false,"type":"string","description":"Filter the results by uri. To fetch multiple resources provide comma-delimited list of uri."},{"name":"num_errors","in":"query","required":false,"type":"integer","description":"Filter clients which have number of errors EQUAL to this value."},{"name":"num_gp_errors","in":"query","required":false,"type":"integer","description":"Filter clients which have number of GuardPoint errors EQUAL to this value."},{"name":"num_warnings","in":"query","required":false,"type":"integer","description":"Filter clients which have number of warnings EQUAL to this value."},{"name":"client_health_status","in":"query","required":false,"type":"string","description":"Filter clients by client health status. Valid values are UNREGISTERED, ERROR, WARNING, HEALTHY, EXPUNGED, WAITING FOR CONNECTION, NOT CONNECTED.\nTo filter clients by multiple status provide comma-delimited list of status.\nFor example: HEALTHY,WARNING\n...will filter clients which have HEALTHY or WARNING client health status.\n"},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS and AIX."},{"name":"client_version","description":"Filter clients by version of client.","in":"query","required":false,"type":"string"},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter clients by profile name."},{"name":"profile_id","in":"query","required":false,"description":"Filter clients by profile identifier.","type":"string"},{"name":"ldt_enabled","description":"Filter clients by ldt_enabled flag.","in":"query","required":false,"type":"boolean"},{"name":"assigned_with_ldt_group_comm_service","description":"Filter clients by assigned_with_ldt_group_comm_service flag.","in":"query","required":false,"type":"boolean"},{"name":"client_type","description":"Filter clients based on client type. Valid values are CSI, CTE-U and FS","in":"query","required":false,"type":"string"},{"name":"node_name","description":"Filter CSI clients based on node name.","in":"query","required":false,"type":"string"},{"name":"storage_class_name","description":"Filter CSI clients based on storage class name.","in":"query","required":false,"type":"string"},{"name":"namespace_name","description":"Filter CSI clients based on namespace name.","in":"query","required":false,"type":"string"},{"name":"client_mfa_enabled","description":"Filter clients based on MFA status - enabled or not.","in":"query","required":false,"type":"boolean"},{"name":"sign_capable","description":"Filter clients based on sign capability","in":"query","required":false,"type":"boolean"},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"enable_domain_sharing","description":"Filter resources based on whether cross-domain sharing is enabled.","in":"query","required":false,"type":"boolean"},{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"metadata":{"ekp_disabled":false,"lgcs_access_only":false}}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/clients/delete/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Delete Clients","description":"Notifies the CipherTrust Manager to delete multiple clients. Both the *del_client* and *force_del_client* options are mutually exclusive.\n","tags":["CTE/Clients"],"parameters":[{"name":"body","in":"body","description":"CTE Bulk client deletion.\n","schema":{"type":"object","title":"Delete CTE Client","required":["client_id_list"],"properties":{"client_id_list":{"description":"IDs of the clients to be deleted. The IDs could be the name, ID (a UUIDv4), URI, or slug of the clients.","type":"array","items":{"type":"string"}},"del_client":{"description":"Deletes the client from the CipherTrust Manager. Set the value to true.","type":"boolean"},"force_del_client":{"description":"Deletes the client forcefully from the CipherTrust Manager. Set the value to true.\n\nWARNING! Use the force_del_client option with caution. It does not wait for any response from the CTE Agent before deleting the client's entry from the CipherTrust Manager. This action is irreversible.\n","type":"boolean"}},"example":{"client_id_list":["id1","id2"],"del_client":true}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"clients":{"description":"List of successfully deleted clients.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"falied_clients":{"description":"List of clients that failed to delete.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}}}}]},"examples":{"application/json":{"clients":[{"client_id":"client_1","status_code":200},{"client_id":"client_2","status_code":200}],"falied_clients":[{"client_id":"id2","error":"record not found","status_code":404}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a client with the given `id`.","tags":["CTE/Clients"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","profile_id":"3604b51e-17d7-4d85-abc5-a414114955f1","profile_name":"testProfile","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":"6.3.0.88","min_comm_version":1,"max_comm_version":1,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":1582016251095,"config_ref":1582016258471,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"metadata":{"ekp_disabled":false,"lgcs_access_only":false}}]}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update","description":"Updates the details of a client.","tags":["CTE/Clients"],"parameters":[{"name":"body","in":"body","description":"CTE Client parameters to be modified.\n","schema":{"type":"object","title":"Update CTE Client","properties":{"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether the CTE client is locked. The default value is `false`. Enable this option to lock the configuration of the CTE Agent on the client. Set to `true` to lock the configuration, set to `false` to unlock. Locking the Agent configuration prevents updates to any policies on the client.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"communication_enabled":{"description":"Whether communication with the client is enabled. The default value is `false`. Can be set to `true` only if `registration_allowed` is `true`.","type":"boolean"},"registration_allowed":{"description":"Whether client's registration with the CipherTrust Manager is allowed. Applicable to the clients manually created on the CipherTrust Manager. The default value is `false`. Set to `true` to allow registration.","type":"boolean"},"password":{"description":"Password for the client if password_creation_method is manual. Agents use this password to encrypt the data encryption key (DEK).\nThe password MUST be minimum 8 characters and MUST contain one alphabet, one number, and one of the !@#$%^&*(){}[] special characters.\n\n- A CTE agent encrypts the DEK when it passes between the client and the CipherTrust Manager.\n- A VDE agent encrypts the DEK saved on the disk.\nThis password is used for the challenge and response to unlock the agent when the client and the CipherTrust Manager are unreachable\n","type":"string"},"password_creation_method":{"description":"Method to create password for the client, GENERATE or MANUAL. The default method is GENERATE.\n\nGENERATE – Client user must request a new password from a CipherTrust Manager administrator each time a client password is required.\nWhen GENERATE is specified, the Regenerate Password option is displayed on the GUI. Use this option to generate a new random\npassword and download it to the client. This new password is used to wrap the DEK.\nMANUAL – Specify password for unlocking a GuardPoint when the CipherTrust Manager is unreachable. The Password and Confirm Password options are\ndisplayed on the GUI to re-enter the password.\n","type":"string"},"del_client":{"description":"Whether to mark the client for deletion from the CipherTrust Manager. The default value is false.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"enabled_capabilities":{"description":"Client capabilities to be enabled. Separate values with comma. Valid values are:\n -\tLDT - Live Data Transformation\n -\tEKP - Encryption Key Protection\n -\tES - Efficient Storage\n","type":"string"},"disable_capability":{"description":"Client capability to be disabled.\nOnly EKP - Encryption Key Protection can be disabled.\n","type":"string"},"profile_id":{"description":"ID of the profile that contains logger, logging, and QOS configuration.","type":"string"},"shared_domain_list":{"description":"List of domains in which the client needs to be shared.","type":"array","items":{"type":"string"}},"enable_domain_sharing":{"description":"Whether domain sharing is enabled for the client.","type":"boolean"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the client.","type":"boolean"},"dynamic_parameters":{"description":"Array of parameters to be updated after the client is registered. Specify the parameters in the name-value pair JSON format strings. Make sure to specify all the parameters even if you want to update one or more parameters.\n\nFor example, if there are two parameters in the CTE client list and you want to update the value of \"param1\", then specify the correct value (one from the \"allowed_values\") in the \"current_value\" field, and keep the remaining parameters intact.\n\n**Example of dynamic parameters:**\n\n\"dynamic_parameters\": \"[{\\\"name\\\":\\\"param1\\\",\\\"type\\\":\\\"SingleSelectString\\\",\n\\\"description\\\":\\\"Enable or disable param1 capability for CTE binaries.\\\",\n\\\"allowed_values\\\":\\\"enabled^disabled\\\",\n\\\"default_value\\\":\\\"disabled\\\",\n\\\"current_value\\\":\\\"enabled\\\"},{\\\"name\\\":\\\"param2\\\",\n\\\"type\\\":\\\"MultiSelectString\\\",\\\"description\\\":\\\"param2 that takes multiple strings as value\\\",\n\\\"allowed_values\\\":\\\"Option1^Option2^Option3^Option4\\\",\n\\\"default_value\\\":\\\"Option1^Option2^Option3\\\",\n\\\"current_value\\\":\\\"Option1^Option2^Option3\\\"}]\"\n","type":"string"},"lgcs_access_only":{"description":"Whether the client can be added to an LDT communication group. If lgcs_access_only is set to false, the client can be added to an LDT communication group. Only available on Windows clients.","type":"boolean"}},"example":{"client_locked":true,"system_locked":false,"communication_enabled":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":"6.3.0.88","min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":1582016251095,"config_ref":1582016258471,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","profile_id":"3604b51e-17d7-4d85-abc5-a414114955f1","profile_name":"testProfile","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false,"metadata":{"ekp_disabled":false,"lgcs_access_only":false},"dynamic_parameters":"[{\"name\":\"param1\",\"type\":\"SingleSelectString\",\"description\":\"Enable or disable param1 capability for CTE binaries.\",\"allowed_values\":\"enabled^disabled\",\"default_value\":\"disabled\",\"current_value\":\"enabled\"},{\"name\":\"param2\",\"type\":\"MultiSelectString\",\"description\":\"param2 that takes multiple strings as value\",\"allowed_values\":\"Option1^Option2^Option3^Option4\",\"default_value\":\"Option1^Option2^Option3\",\"current_value\":\"Option1^Option2^Option3\"}]"}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Delete Client","description":"Notifies the CipherTrust Manager to delete a client. Both the *del_client* and *force_del_client* options are mutually exclusive.","tags":["CTE/Clients"],"parameters":[{"name":"body","in":"body","description":"CTE Client parameters to be modified.\n","schema":{"type":"object","title":"Delete CTE Client","properties":{"del_client":{"description":"Deletes the client from the CipherTrust Manager. Set the value to true.","type":"boolean"},"force_del_client":{"description":"Deletes the client forcefully from the CipherTrust Manager. Set the value to true.\n\nWARNING! Use the force_del_client option with caution. It does not wait for any response from the CTE Agent before deleting the client's entry from the CipherTrust Manager. This action is irreversible.\n","type":"boolean"}},"example":{"del_client":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":true,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/auth-binaries":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update Client Authentication Binaries","description":"Updates authentication binaries for a client.","tags":["CTE/Clients"],"parameters":[{"name":"body","in":"body","description":"Client Authentication Binaries parameters to be modified.\n","schema":{"type":"object","title":"Update client settings for a CTE Client.","properties":{"re_sign":{"description":"Whether to re-sign the client settings.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.\nSignature set can be provided in +sig= format.\nFor example:\n{\n \\\"privilege\\\": \\\"authenticator+sig=TestSignSet\\\",\n \\\"filename\\\": \\\"/usr/sbin/tsm\\\"\n}\n","type":"string"},"client_auth_binaries_from":{"description":"ID of the ClientGroup from which client settings will be inherited.","type":"string"}},"example":{"re_sign":true,"auth_binaries":"[ { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/tsm\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/sshd\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/dt/bin/dtlogin\" }, { \"privilege\": \"authenticator_euid\", \"filename\": \"/usr/sbin/ftpd\" } ]"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":"[ { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/tsm\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/sshd\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/dt/bin/dtlogin\" }, { \"privilege\": \"authenticator_euid\", \"filename\": \"/usr/sbin/ftpd\" } ]","del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_com_service":false}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/clientgroups":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get ClientGroups for Client","description":"Returns the list of ClientGroups a client is linked to.","tags":["CTE/Clients"],"parameters":[{"name":"client_group_name","in":"query","required":false,"type":"string","description":"Filter the results by name of clientgroup."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]}}}}]}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/resetpassword":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"ResetPassword","description":"Generates a new password for the client.","tags":["CTE/Clients"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]},"examples":{"application/json":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":true,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,EKP,CBCCS1","enabled_capabilities":"LDT,EKP","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":"","client_errors":"[]","client_warnings":"[]","ldt_group_comm_service_id":"","ldt_group_comm_service_name":"","assigned_with_ldt_group_comm_service":false}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/get-agentinfo":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Collect AgentInfo","description":"Informs the CTE client to collect the Agent information and send it back to the CipherTrust Manager.","tags":["CTE/Clients"],"responses":{"202":{"description":"Accepted"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/download-agentinfo":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Download AgentInfo","description":"Downloads the Agent information from the CipherTrust Manager. After download, the Agent information is removed from the CipherTrust Manager. In a CipherTrust Manager cluster, the information will be downloaded from the node where the Agent information is requested.","tags":["CTE/Clients"],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/check-agentinfo":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Check AgentInfo","description":"Checks if the Agent information is available on the CipherTrust Manager. If available shows the file name and other details.","tags":["CTE/Clients"],"responses":{"200":{"description":"OK","examples":{"clientID":"840688a3-1882-4bd8-9117-c260a030bca7","fileName":"ai_840688a3-1882-4bd8-9117-c260a030bca7_2022-11-16_11:39:53.tgz","message":"Available"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/clear-agentinfo":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Clears AgentInfo","description":"Removes all the files containing the Agent information from the CipherTrust Manager.","tags":["CTE/Clients"],"responses":{"200":{"description":"OK"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new signature set to the CipherTrust Manager.","tags":["CTE/SignatureSets"],"parameters":[{"name":"body","in":"body","description":"CTE Signature set creation parameters.","schema":{"type":"object","title":"Create Signature set","required":["name"],"properties":{"name":{"description":"Name of the signature set.","type":"string"},"type":{"description":"Type of the signature set. The valid values are Application and Container-Image. The default value is `Application`.","type":"string"},"description":{"description":"Description of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}},"example":{"name":"TestSignSet","type":"Application","source_list":["/usr/bin","/usr/sbin"]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","type":"Application","description":"","source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"UNSIGNED","percentage_complete":0}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of signature sets added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/SignatureSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the name of signatureset."},{"name":"signing_status","in":"query","required":false,"type":"string","description":"Filter result using signing_status. Valid values are Finished, FinishedWithWarning, InProgress, Aborted, and UNSIGNED."},{"name":"source_list","in":"query","required":false,"type":"string","description":"Filter result using the source_list like \"/usr/bin;/usr/sbin\"."},{"name":"type","in":"query","required":false,"type":"string","description":"Filter result using the type of signature set. Valid values are Application and Container-Image."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","description":"","type":"Application","source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"UNSIGNED","percentage_complete":0}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the signature set parameters. The parameters to be modified are placed in the body parameters.\n","tags":["CTE/SignatureSets"],"parameters":[{"name":"body","in":"body","description":"CTE signatureset parameters.","schema":{"type":"object","title":"Modify Signature Set.","properties":{"description":{"description":"Description of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}},"example":{"source_list":["/usr/bin"]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","description":"","type":"Application","source_list":["/usr/bin/"],"signing_status":"UNSIGNED","percentage_complete":0}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a signature set with the given id.\n","tags":["CTE/SignatureSets"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","description":"","type":"Application","source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"FINISHED","percentage_complete":100}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a signature set with the given id. Signature sets being used by clients cannot be deleted.","tags":["CTE/SignatureSets"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/delete-sources/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of signature set.\n","required":true}],"patch":{"summary":"Update","description":"Delete sources from the signature set.\n","tags":["CTE/SignatureSets"],"parameters":[{"name":"body","in":"body","description":"CTE signatureset parameters.","schema":{"type":"object","title":"Delete sources from Signature Set.","required":["source_list"],"properties":{"source_list":{"description":"Path of the directory or file to be signed.","type":"array","items":{"type":"string"}}},"example":{"source_list":["/usr/sbin"]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","description":"","type":"Application","source_list":["/usr/bin/"],"signing_status":"UNSIGNED","percentage_complete":0}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/signatures/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of signature set.\n","required":true}],"get":{"summary":"List","description":"Returns the list of signatures added to a signature set with the given id. The results can be filtered using the query parameters.\n","tags":["CTE/SignatureSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"hash_value","in":"query","required":false,"type":"string","description":"Filter result using hash_value of signature."},{"name":"file_name","in":"query","required":false,"type":"string","description":"Filter result using file_name of signature."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"signatureSet":{"description":"Signature set which owns the signatures.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"b385b959-e96f-4b0e-93dd-debfae1d1c1b","uri":"kylo:kylo:henry:signature:b385b959-e96f-4b0e-93dd-debfae1d1c1b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-02T09:38:13.836493Z","updatedAt":"2019-07-02T09:38:13.836493Z","file_name":"/usr/sbin/xfsrestore","hash_value":"5160748D0C2938D24EEA3F6F042DCF984F42A80625EDB75FB600EAF89D970891","digest":"SHA-256","signature_set_id":"TestSignSet"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/addsignatures/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of the signature set.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the list of signatures to be added to the signature set.\n","tags":["CTE/SignatureSets"],"parameters":[{"name":"body","in":"body","description":"CTE signature set parameters.","schema":{"type":"object","title":"Modify Signature Set","required":["signatures"],"properties":{"signatures":{"description":"List of signatures to be added to the signature set.","type":"array","items":{"type":"object","title":"Signature","required":["file_name","hash_value"],"properties":{"file_name":{"type":"string","description":"Name of the file."},"hash_value":{"type":"string","description":"Hash value of the file."}}}}},"example":{"signatures":[{"file_name":"/bin/cat","hash_value":"05A9E97F7B0D5638A2FFBC1E53A31E44D36251BA35BA8A1556E569D3C8D9B497"}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the signature set.","type":"string"},"type":{"description":"Type of the signature set.","type":"string"},"source_list":{"description":"Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.","type":"array","items":{"type":"string"}}}}]},"examples":{"application/json":{"id":"d94ef496-5e43-4424-a6e7-f4213c108415","uri":"kylo:kylo:henry:signatureset:TestSignSet","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-02-24T11:15:58.103355313Z","updatedAt":"2019-02-24T11:15:58.103355313Z","name":"TestSignSet","description":"","source_list":["/usr/bin/","/usr/sbin/"],"signing_status":"FINISHED","percentage_complete":100}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/signatures/upload-list":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of the signature set.\n","required":true}],"post":{"summary":"Upload","description":"Creates signatures in a signature set using a CSV file. You must set content type to multipart/form-data and provide `signaturefile` as the form-data.","tags":["CTE/SignatureSets"],"consumes":["multipart/form-data"],"parameters":[{"name":"signaturefile","in":"formData","type":"file","description":"Create Signatures parameters, for example: \"/bin/cat,05A9E97F7B0D5638A2FFBC1E53A31E44D36251BA35BA8A1556E569D3C8D9B497\"\n"}],"responses":{"200":{"description":"OK"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/signatures/{signatureId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the Signature set.\nThis can be the ID (a UUIDv4), URI, or name of the Signature set.\n","required":true},{"name":"signatureId","in":"path","type":"string","description":"An identifier of the Signature.\nThis can be either the ID (a UUIDv4) or URI of the signature.\n","required":true}],"delete":{"summary":"Delete","description":"Deletes a signature from a signature set with the given id.","tags":["CTE/SignatureSets"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{id}/signapp/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Send Sign Request","description":"Sends a signature signing request to the client.","tags":["CTE/SignatureSets"],"parameters":[{"name":"body","in":"body","description":"CTE Signature Signing parameters.","schema":{"type":"object","title":"Send Signature Sign Request","required":["client_id"],"properties":{"client_id":{"description":"ID of the client where the signing request is to be sent.","type":"string"}},"example":{"client_id":"Client1"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"status":{"description":"Initial status of LongPoll request.","type":"string"},"reference_id":{"description":"Reference ID where response will be posted.","type":"integer"},"reason":{"description":"Reason of failure.","type":"string"}}}]},"examples":{"application/json":{"status":"OK","reference_id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","reason":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{id}/querysignapp/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Query Sign Request.","description":"Checks the status of the signature signing request sent to the client.","tags":["CTE/SignatureSets"],"parameters":[{"name":"body","in":"body","description":"CTE Query Signature Signing parameters.","schema":{"type":"object","title":"Send Query Signature Sign Request","required":["client_id"],"properties":{"client_id":{"description":"ID of the client where the signing request is to be checked.","type":"string"}},"example":{"client_id":"Client1"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"status":{"description":"Initial status of LongPoll request.","type":"string"},"reference_id":{"description":"Reference ID where response will be posted.","type":"integer"},"reason":{"description":"Reason of failure.","type":"string"}}}]},"examples":{"application/json":{"status":"OK","reference_id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","reason":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{id}/cancelsignapp/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel Sign Request","description":"Requests a client to cancel the signature signing request.","tags":["CTE/SignatureSets"],"parameters":[{"name":"body","in":"body","description":"CTE Cancel Signature Signing parameters.","schema":{"type":"object","title":"Cancel Signature Sign Request","required":["client_id"],"properties":{"client_id":{"description":"ID of the client where the signing request is to be canceled.","type":"string"}},"example":{"client_id":"Client1"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"status":{"description":"Initial status of LongPoll request.","type":"string"},"reference_id":{"description":"Reference ID where response will be posted.","type":"integer"},"reason":{"description":"Reason of failure.","type":"string"}}}]},"examples":{"application/json":{"status":"OK","reference_id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","reason":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/signaturesets/{signatureSetId}/upload-yaml":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"signatureSetId","in":"path","type":"string","description":"An identifier of the signature set.\nThis can be the ID (a UUIDv4), URI, or name of the signature set.\n","required":true}],"post":{"summary":"Upload YAML","description":"Extracts the container image name from the uploaded YAML file and sets it to the source list of the CTE signature sets. You must set content type to multipart/form-data and provide `yamlFile` as the form-data.","tags":["CTE/SignatureSets"],"consumes":["multipart/form-data"],"parameters":[{"name":"yamlFile","in":"formData","type":"file","description":"Upload YAML file\n"}],"responses":{"200":{"description":"OK"},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new user set to the CipherTrust Manager. Every user set can be linked to multiple policies.","tags":["CTE/UserSets"],"parameters":[{"name":"body","in":"body","description":"CTE User set creation parameters.","schema":{"type":"object","title":"Create User set","required":["name"],"properties":{"name":{"description":"Name of the user set.","type":"string"},"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}},"example":{"name":"UserSet1","description":"Test User set","users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test1234","uid":1234,"gname":"testGroup","gid":1234,"os_domain":""}]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of user sets added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/UserSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the user set name."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the user set parameters. The parameters to be modified are placed in the body parameters. New users/groups will override the existing users/groups.\nSo, to add a new user/group, the request should contain all the existing users/groups and the new user/group.\n","tags":["CTE/UserSets"],"parameters":[{"name":"body","in":"body","description":"CTE userset parameters.","schema":{"type":"object","title":"Modify User Set","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}},"example":{"users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test12","uid":1234,"gname":"testGroup","gid":1234,"os_domain":""}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test12","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a user set with the given id.\n","tags":["CTE/UserSets"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a user set with the given id. User sets being used by clients cannot be deleted.","tags":["CTE/UserSets"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/addusers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify userset parameters.The parameters contains list of user that to be added in userset.New users will be added to the previous users.\n","tags":["CTE/UserSets"],"parameters":[{"name":"body","in":"body","description":"CTE userset parameters.","schema":{"type":"object","title":"Modify User Set","properties":{"users":{"description":"users list which needs to be part of the userset","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user which shall be added in user-set"},"uid":{"type":"integer","description":"User id of the user which shall be added in user-set"},"gname":{"type":"string","description":"Group name of the user which shall be added in user-set"},"gid":{"type":"integer","description":"Group id of the user which shall be added in user-set"},"os_domain":{"type":"string","description":"OS domain name in case of windows environment"}}}}},"example":{"users":[{"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"uname":"test12","uid":1234,"gname":"testGroup","gid":1234,"os_domain":""}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"index":0,"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"test12","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/delusers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Delete","description":"Delete users from userset with a given user index list.","tags":["CTE/UserSets"],"parameters":[{"in":"query","name":"userIndexList","description":"Comma-separated list of user indexes. For example 2,4,6.","required":true,"type":"string"}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted user.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted user.","type":"integer"},"status_code":{"description":"Status code for deleted user.","type":"integer"}}}},"delete_failed":{"description":"List of users which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted user.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted user.","type":"integer"}}}}}}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/updateuser/{userIndex}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"userIndex","in":"path","type":"integer","description":"An index of user in userset.This should be number.","required":true}],"patch":{"summary":"Update","description":"Modify user in userset parameters.The parameter contain user that to be updated in userset.\n","tags":["CTE/UserSets"],"parameters":[{"name":"body","in":"body","description":"CTE user parameters.","schema":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user which shall be added in user-set"},"uid":{"type":"integer","description":"User id of the user which shall be added in user-set"},"gname":{"type":"string","description":"Group name of the user which shall be added in user-set"},"gid":{"type":"integer","description":"Group id of the user which shall be added in user-set"},"os_domain":{"type":"string","description":"OS domain name in case of windows environment"}},"example":{"uname":"root","uid":1000,"gname":"rootGroup","gid":1001,"os_domain":"dm1"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"index":0,"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"test12","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/users":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the list of users from user set. The results can be filtered using the query parameters.\n","tags":["CTE/UserSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"search","in":"query","required":false,"type":"string","description":"Filter result usings the user uname, gname and os_domain."},{"name":"sort","in":"query","required":false,"type":"string","description":"The fields to sort results by index, uname, gname, or os_domain. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n-uname\n...will sort the results by `uname` in descending order.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the user set.","type":"string"},"users":{"description":"List of users to be added to the user set.","type":"array","items":{"type":"object","title":"User","properties":{"uname":{"type":"string","description":"Name of the user to be added to the user set."},"uid":{"type":"integer","description":"ID of the user to be added to the user set."},"gname":{"type":"string","description":"Group name of the user to be added to the user set."},"gid":{"type":"integer","description":"Group ID of the user to be added to the user set."},"os_domain":{"type":"string","description":"OS domain name for Windows platforms."}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:userset:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","name":"UserSet1","updatedAt":"0001-01-01T00:00:00Z","description":"Test User set","users":[{"index":0,"uname":"root1234","uid":1000,"gname":"rootGroup","gid":1000,"os_domain":""},{"index":1,"uname":"test","uid":1234,"gname":"testGroup","gid":1234,"os_domain":"Admin"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/usersets/{id}/policies":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the association between a policy and a user set. The results can be filtered using the query parameters.\n","tags":["CTE/UserSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\", and \"CSI\".","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":null}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new process set to the CipherTrust Manager. Every process set can be linked to multiple policies.","tags":["CTE/ProcessSets"],"parameters":[{"name":"body","in":"body","description":"CTE processset creation parameters.","schema":{"type":"object","title":"Create Process Set","required":["name"],"properties":{"name":{"description":"Name of the process set.","type":"string"},"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"object","title":"Process","properties":{"signature":{"type":"string","description":"ID or name of the signature set to link to the process set."},"directory":{"type":"string","description":"Directory of the process to be added to the process set."},"file":{"type":"string","description":"File name of the process to be added to the process set."}}}}},"example":{"name":"TestProcessSet","description":"","processes":[{"signature":"TestSignSet","directory":"/home/testUser","file":"*"},{"signature":"TestSignSet","directory":"/home/kyloTest","file":"kylo.bin"}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"signature":"TestSign","directory":"/usr/bin/","file":"testBinary"},{"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of process sets added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/ProcessSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the process set name."},{"name":"withsignatureset","in":"query","required":false,"type":"boolean","description":"Filter those processsets which contain or do not contain signature set."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"signature":"TestSign","directory":"/usr/bin/","file":"testBinary"},{"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the process set parameters. The parameters to be modified are placed in the body parameters.\nNew processes will override the existing processes. So, to add a new process, the request should contain all the existing processes and the new process.\n","tags":["CTE/ProcessSets"],"parameters":[{"name":"body","in":"body","description":"CTE processset parameters.","schema":{"type":"object","title":"Modify Process Set","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"object","title":"Process","properties":{"signature":{"type":"string","description":"ID or name of the signature set to link to the process set."},"directory":{"type":"string","description":"Directory of the process to be added to the process set."},"file":{"type":"string","description":"File name of the process to be added to the process set."}}}}},"example":{"processes":[{"signature":"","directory":"/home/testUser","file":"*"},{"signature":"TestSignSet","directory":"/home/kyloTest","file":"kylo.bin"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"signature":"TestSign","directory":"/usr/bin/","file":"testBinary"},{"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a process set with the given id.\n","tags":["CTE/ProcessSets"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"signature":"TestSign","directory":"/usr/bin/","file":"testBinary"},{"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a process set with the given id. Processes being used by clients cannot be deleted.","tags":["CTE/ProcessSets"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/addprocesses":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify processset parameters.The parameters contains list of process that to be added in processset.New processes will be added to the previous processes.\n","tags":["CTE/ProcessSets"],"parameters":[{"name":"body","in":"body","description":"CTE processset parameters.","schema":{"type":"object","title":"Modify Process Set","properties":{"processes":{"description":"processes list which needs to be part of the process set","type":"array","items":{"type":"object","title":"Process","properties":{"signature":{"type":"string","description":"Signature-set ID or Name which shall be associated with the process-set"},"directory":{"type":"string","description":"directory path of the process which shall be associated with the process-set"},"file":{"type":"string","description":"file name of the process which shall be associated with the process-set"}}}}},"example":{"processes":[{"signature":"","directory":"/home/testUser","file":"*"},{"signature":"TestSignSet","directory":"/home/kyloTest","file":"kylo.bin"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary"},{"index":1,"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/delprocesses":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Delete","description":"Delete processes from processset with a given process index list.","tags":["CTE/ProcessSets"],"parameters":[{"in":"query","name":"processIndexList","description":"Comma-separated list of process indexes. For example 2,4,6.","required":true,"type":"string"}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted process.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted process.","type":"integer"},"status_code":{"description":"Status code for deleted process.","type":"integer"}}}},"delete_failed":{"description":"List of processes which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted process.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted process.","type":"integer"}}}}}}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/updateprocess/{processIndex}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"processIndex","in":"path","type":"integer","description":"An index of process in processset.This should be number.","required":true}],"patch":{"summary":"Update","description":"Modify process parameters.The parameters contains process that to be updated in processset.\n","tags":["CTE/ProcessSets"],"parameters":[{"name":"body","in":"body","description":"CTE process parameters.","schema":{"type":"object","title":"Modify Process","properties":{"signature":{"type":"string","description":"Signature-set ID or Name which shall be associated with the process-set"},"directory":{"type":"string","description":"directory path of the process which shall be associated with the process-set"},"file":{"type":"string","description":"file name of the process which shall be associated with the process-set"}},"example":{"signature":"","directory":"/home/testUser","file":"*"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary"},{"index":1,"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/processes":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the list of processes from process set. The results can be filtered using the query parameters.\n","tags":["CTE/ProcessSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"search","in":"query","required":false,"type":"string","description":"Filter results using the process signature, directory and file name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the process set.","type":"string"},"processes":{"description":"List of processes to be added to the process set.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"signature":{"description":"Name of signature set.","type":"string"},"directory":{"description":"Name of directory of process","type":"string"},"file":{"description":"Name of process.","type":"string"}}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:processset:P3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ProcessSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Process set","processes":[{"index":0,"signature":"TestSign","directory":"/usr/bin/","file":"testBinary"},{"index":1,"signature":"TestSign1","directory":"/usr/bin/","file":"testBinary1"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/processsets/{id}/policies":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the association between a policy and a process set. The results can be filtered using the query parameters.\n","tags":["CTE/ProcessSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\", and \"CSI\".","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":null}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new resource set to the CipherTrust Manager. Every resource set can be linked to multiple policies.","tags":["CTE/ResourceSets"],"parameters":[{"name":"body","in":"body","description":"CTE resourceset creation parameters.","schema":{"type":"object","title":"Create Resource Set","required":["name"],"properties":{"name":{"description":"Name of the resource set.","type":"string"},"description":{"description":"Description of the resource set.","type":"string"},"type":{"description":"Type of the resource set. The valid options are Directory and Classification. The default value is `Directory`.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."},"hdfs":{"type":"boolean","description":"Whether the specified path is a HDFS path."}}}},"classification_tags":{"description":"Classification set to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"name":{"description":"Name of the tag in the classification set.","type":"string"},"description":{"description":"Description of the classification tag.","type":"string"},"attributes":{"description":"List of attributes to be added to the tag.","type":"array","items":{"type":"object","title":"Attributes","properties":{"name":{"type":"string","description":"Name of the attribute."},"data_type":{"type":"string","description":"Data type of the attribute."},"value":{"type":"string","description":"Value of the attribute."},"operator":{"type":"string","description":"Operator to be applied to the attribute. The valid operators are:\n- eq (equal)\n- ne (not equal)\n- lt (less than)\n- le (less than or equal to)\n- gt (greater than)\n- ge (greater than or equal to)\nThe default operator is eq (equal).\n"}}}}}}}},"example":{"name":"TestResourceSet","description":"","type":"Directory","resources":[{"directory":"/home/testUser","file":"*","include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","include_subfolders":false}]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of resource sets added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/ResourceSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the resource set name."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the resource set parameters. The parameters to be modified are placed in the body parameters. New resources will override the existing resources.\nSo, to add a new resource, the request should contain all the existing resources and the new resource.\n","tags":["CTE/ResourceSets"],"parameters":[{"name":"body","in":"body","description":"CTE resource-set parameters.","schema":{"type":"object","title":"Modify Resource Set","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"Resource list which needs to be part of the resource-set","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"directory path of the Resource which shall be associated with the resource-set"},"file":{"type":"string","description":"file name of the Resource which shall be associated with the resource-set"},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."},"hdfs":{"type":"boolean","description":"Whether the specified path is a HDFS path."}}}},"classification_tags":{"description":"Classification set to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"name":{"description":"Name of the tag in the classification set.","type":"string"},"description":{"description":"Description of the classification tag.","type":"string"},"attributes":{"description":"List of attributes to be added to the tag.","type":"array","items":{"type":"object","title":"Attributes","properties":{"name":{"type":"string","description":"Name of the attribute."},"data_type":{"type":"string","description":"Data type of the attribute."},"value":{"type":"string","description":"Value of the attribute."},"operator":{"type":"string","description":"Operator to be applied to the attribute. The valid operators are:\n- eq (equal)\n- ne (not equal)\n- lt (less than)\n- le (less than or equal to)\n- gt (greater than)\n- ge (greater than or equal to)\nThe default operator is eq (equal).\n"}}}}}}}},"example":{"resources":[{"directory":"/home/testUser","file":"*","include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","include_subfolders":false}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a resource set with the given id.\n","tags":["CTE/ResourceSets"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a resource set with the given id. Resource sets being used by clients cannot be deleted.","tags":["CTE/ResourceSets"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/addresources":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modify resourceset parameters.The parameters contains list of resource that to be added in resourceset.New resources will be added to the previous resources.\n","tags":["CTE/ResourceSets"],"parameters":[{"name":"body","in":"body","description":"CTE resource-set parameters.","schema":{"type":"object","title":"Modify Resource Set","properties":{"resources":{"description":"Resource list which needs to be part of the resource-set","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"directory path of the Resource which shall be associated with the resource-set"},"file":{"type":"string","description":"file name of the Resource which shall be associated with the resource-set"},"include_subfolders":{"type":"boolean","description":"Flag to include subfolders in the Resource."},"hdfs":{"type":"boolean","description":"Whether the specified path is a HDFS path."}}}}},"example":{"resources":[{"directory":"/home/testUser","file":"*","hdfs":false,"include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","hdfs":false,"include_subfolders":false}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"index":1,"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/delresources":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Delete","description":"Delete resources from resourceset with a given resource index list.","tags":["CTE/ResourceSets"],"parameters":[{"in":"query","name":"resourceIndexList","description":"Comma-separated list of resource indexes. For example 2,4,6.","required":true,"type":"string"}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"delete_success":{"description":"List of successfully deleted resource.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted resource.","type":"integer"},"status_code":{"description":"Status code for deleted resource.","type":"integer"}}}},"delete_failed":{"description":"List of resources which are failed to delete.","type":"array","items":{"type":"object","properties":{"index":{"description":"Index of deleted resource.","type":"integer"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted resource.","type":"integer"}}}}}}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/updateresource/{resourceIndex}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"resourceIndex","in":"path","type":"integer","description":"An index of resource in resourceset.This should be number.","required":true}],"patch":{"summary":"Update","description":"Modify resource parameters.The parameters contain resource that to be updated in resourceset.\n","tags":["CTE/ResourceSets"],"parameters":[{"name":"body","in":"body","description":"CTE resource parameters.","schema":{"type":"object","title":"Modify Resource","properties":{"directory":{"type":"string","description":"directory path of the Resource which shall be associated with the resource-set"},"file":{"type":"string","description":"file name of the Resource which shall be associated with the resource-set"},"include_subfolders":{"type":"boolean","description":"Flag to include subfolders in the Resource."},"hdfs":{"type":"boolean","description":"Whether the specified path is a HDFS path."}},"example":{"directory":"/home/testUser","file":"*","include_subfolders":"true,","hdfs":false}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"index":1,"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/resources":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the list of resources from resource set. The results can be filtered using the query parameters.\n","tags":["CTE/ResourceSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"search","in":"query","required":false,"type":"string","description":"Filter results using the resource directory and file name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:henry:resourceset:R5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"ResourceSet-1","updatedAt":"0001-01-01T00:00:00Z","description":"Test Resource set","type":"Directory","resources":[{"index":0,"directory":"/test/dir1/","file":"*","include_subfolders":false,"hdfs":false},{"index":1,"directory":"/test/dir2/","file":"*","include_subfolders":true,"hdfs":false}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{id}/policies":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the association between a policy and a resource set. The results can be filtered using the query parameters.\n","tags":["CTE/ResourceSets"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\", and \"CSI\".","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":null}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/profiles/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new CTE profile to the CipherTrust Manager.","tags":["CTE/Profiles"],"parameters":[{"name":"body","in":"body","description":"CTE profile creation parameters.","schema":{"type":"object","title":"CreateProfile","required":["name"],"properties":{"name":{"description":"Name of the CTE profile.","type":"string"},"description":{"description":"Description of the profile resource.","type":"string"},"metadata_scan_interval":{"description":"Time interval in seconds to scan files under the GuardPoint. The default value is 600.","type":"integer"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"file_settings":{"description":"File settings for the profile.","type":"object","properties":{"allow_purge":{"description":"Allows purge.","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. Valid values are 1 to 100.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"object","title":"SyslogServers","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}},"upload_settings":{"description":"Configure log upload to the Syslog server.","type":"object","properties":{"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","properties":{"max_space":{"description":"Max Space. Minimum value is 100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Minimum value is 200.","type":"integer"}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Whether to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"object","title":"QosSchedules","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 1 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}},"server_settings":{"description":"Server configuration of cluster nodes. These settings are allowed only in cluster environment.","type":"array","items":{"type":"object","title":"serverSettings","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"}},"example":{"name":"TestProfile"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)).","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. Valid values are 1 to 100.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"testProfile","description":"testProfile-Description","updated_by":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of CTE profiles. The results can be filtered using the query parameters.\n","tags":["CTE/Profiles"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the profile name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)).","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. Valid values are 1 to 100.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptProfile","description":"RecordEncryptProfile_Description","updated_by":""}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/profiles/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a profile with the given id.\n","tags":["CTE/Profiles"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)).","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. Valid values are 1 to 100.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"TestProfile","description":"","updated_by":""}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a profile with the given id.","tags":["CTE/Profiles"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update","description":"Modifies the profile parameters. The parameters to be modified are placed in the body parameters.\n","tags":["CTE/Profiles"],"parameters":[{"name":"body","in":"body","description":"CTE profile parameters.","schema":{"type":"object","title":"Modify Profile","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"metadata_scan_interval":{"description":"Time interval in seconds to scan files under the GuardPoint. The default value is 600.","type":"integer"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"syslog_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}},"file_settings":{"description":"File settings for the profile.","type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false).","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. Valid values are 1 to 100.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"object","title":"SyslogServers","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}},"upload_settings":{"description":"Configure log upload to the URL.","type":"object","properties":{"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","properties":{"max_space":{"description":"Max Space. Minimum values is 100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Minimum values is 200.","type":"integer"}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Whether to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"object","title":"QosSchedules","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"Start time hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 1 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}},"server_settings":{"description":"Server configuration of cluster nodes. These settings are allowed only in cluster environment.","type":"array","items":{"type":"object","title":"serverSettings","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"}},"example":{"description":"updated description"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of the profile resource.","type":"string"},"management_service_logger":{"description":"Logger configurations for the management service.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"policy_evaluation_logger":{"description":"Logger configurations for policy evaluation.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"security_admin_logger":{"description":"Logger configurations for security administrators.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"system_admin_logger":{"description":"Logger configurations for the System administrator.","type":"object","items":{"type":"object","properties":{"threshold":{"description":"Threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"duplicates":{"description":"Control duplicate entries, ALLOW or SUPPRESS.","type":"string"},"sysloge_enabled":{"description":"Whether to enable support for the Syslog server.","type":"boolean"},"file_enabled":{"description":"Whether to enable file upload.","type":"boolean"},"upload_enabled":{"description":"Whether to enable log upload to the URL.","type":"boolean"}}}},"file_settings":{"description":"File settings for the profile.","type":"object","items":{"type":"object","properties":{"allow_purge":{"description":"Allow purge(true or false (boolean)).","type":"boolean"},"max_old_files":{"description":"Maximum number of old files allowed. Valid values are 1 to 100.","type":"integer"},"max_file_size":{"description":"Maximum file size(bytes) 1,000 - 1,000,000,000 (1KB to 1GB).","type":"integer"},"file_threshold":{"description":"Applicable file threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"syslog_settings":{"description":"Parameters to configure the Syslog server.","type":"object","items":{"type":"object","properties":{"local":{"description":"Whether the Syslog server is local.","type":"boolean"},"syslog_threshold":{"description":"Applicable threshold. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"},"servers":{"description":"Configuration of the Syslog server.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the Syslog server.","type":"string"},"protocol":{"description":"Protocol of the Syslog server, TCP, UDP and TLS.","type":"string"},"message_format":{"description":"Format of the message on the Syslog server. Valid values are:\n-\tCEF\n-\tLEEF\n-\tRFC5424\n-\tPLAIN\n","type":"string"},"port":{"description":"Port for Syslog server. Valid values are 1 to 65535.\n","type":"integer"},"caCertificate":{"type":"string","description":"CA certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"certificate":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN CERTIFICATE-----\\n\\n-----END CERTIFICATE--------\"\n"},"privateKey":{"type":"string","description":"Client certificate for Syslog application provided by the client.\nfor example:\n-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\"\n"}}}}}}}},"upload_settings":{"description":"Configure log upload settings.","type":"object","items":{"type":"object","properties":{"url":{"description":"URL value.","type":"string"},"min_interval":{"description":"Minimum interval value. Valid values are 1 to 30.","type":"integer"},"max_interval":{"description":"Maximum interval value. Valid values are 1 to 120.","type":"integer"},"max_messages":{"description":"Maximum number of messages allowed. Valid values are 100 to 10000.","type":"integer"},"connection_timeout":{"description":"Connection timeout value. Valid value are from 1 to 60.","type":"integer"},"job_completion_timeout":{"description":"Job completion timeout value. Valid values are 1 to 900.","type":"integer"},"drop_if_busy":{"description":"Whether to drop the log upload if the server is busy.","type":"boolean"},"upload_threshold":{"description":"Threshold to upload logs to the URL. Valid values are:\n-\tDEBUG\n-\tINFO\n-\tWARN\n-\tERROR\n-\tFATAL\n","type":"string"}}}},"duplicate_settings":{"description":"Duplicate setting parameters.","type":"object","items":{"type":"object","properties":{"suppress_threshold":{"description":"Suppress threshold. Valid values are 1 to 100.","type":"integer"},"suppress_interval":{"description":"Suppress interval in seconds. Valid values are 1 to 1000.","type":"integer"}}}},"cache_settings":{"description":"Cache settings for the server.","type":"object","items":{"type":"object","properties":{"max_space":{"description":"Max Space. Valid values are 1-100 MB.","type":"integer"},"max_files":{"description":"Maximum number of files. Valid values are 1-200.","type":"integer"}}}},"ldt_qos_rekey_option":{"description":"Rekey option and applicable options are RekeyRate and CPU.","type":"string"},"ldt_qos_rekey_rate":{"description":"Rekey rate in terms of MB/s. Valid values are 0 to 32767.","type":"integer"},"ldt_qos_cpu_percent":{"description":"CPU application percentage if ldt_qos_cap_cpu_allocation is true. Valid values are 0 to 100.","type":"integer"},"ldt_qos_cap_cpu_allocation":{"description":"Whether to allow CPU allocation for Quality of Service (QoS) capabilities.","type":"boolean"},"ldt_qos_status_check_rate":{"description":"Frequency to check and update the LDT status on the CipherTrust Manager. The valid value ranges from 600 to 86400 seconds. The default value is 3600 seconds.","type":"integer"},"concise_logging":{"description":"Wheather to allow concise logging.","type":"boolean"},"connect_timeout":{"description":"Connect timeout in seconds. Valid values are 5 to 150.","type":"integer"},"ldt_qos_schedule":{"description":"Type of QoS schedule. Valid values are:\n-\tCUSTOM\n-\tCUSTOM_WITH_OVERWRITE\n-\tANY_TIME\n-\tWEEKNIGHTS\n-\tWEEKENDS\n","type":"string"},"qos_schedules":{"description":"Schedule of QoS capabilities.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"start_weekday":{"description":"QoS start day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"start_time_hour":{"description":"QOS start hour. Valid values are 1 to 23.","type":"integer"},"start_time_min":{"description":"QOS start minute. Valid values are 0 to 59.","type":"integer"},"end_weekday":{"description":"QoS end day. Valid values are:\n-\tSunday\n-\tMonday\n-\tTuesday\n-\tWednesday\n-\tThursday\n-\tFriday\n-\tSaturday\n-\tSunday\n","type":"string"},"end_time_hour":{"description":"QoS end hour. Valid values are 0 to 23.","type":"integer"},"end_time_min":{"description":"QoS end minute. Valid values are 0 to 59.","type":"integer"}}}}},"server_settings":{"description":"Server configuration of all the Cluster nodes.","type":"array","items":{"type":"array","items":{"type":"object","properties":{"hostName":{"description":"Host name of the cluster node.","type":"string"},"priority":{"description":"Priority of the cluster node. Valid values are 1 to 100.","type":"integer"}}}}},"oidc_connection_id":{"description":"ID of the OIDC connection.","type":"string"},"oidc_connection_name":{"description":"Name of the OIDC connection.","type":"string"},"mfa_exempt_user_set_id":{"description":"ID of the user set to be exempted from Multi-Factor Authentication (MFA). MFA will not be enforced on the users of this set.","type":"string"},"mfa_exempt_user_set_name":{"description":"Name of the user set to be exempted from MFA. MFA will not be enforced on the users of this set.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"TestProfile","description":"updated description","rekeyoption":"CPU","updated_by":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/profiles/{id}/syslogserver/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"name","in":"path","type":"string","description":"Syslog server name.\n","required":true}],"delete":{"summary":"Delete","description":"Deletes a syslog server from a given profile id.","tags":["CTE/Profiles"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Adds a new CTE policy to the CipherTrust Manager.","tags":["CTE/Policies"],"parameters":[{"name":"body","in":"body","description":"CTE policy creation parameters.","schema":{"type":"object","title":"Create Policy","required":["name","policy_type"],"properties":{"name":{"description":"Name of the policy.","type":"string"},"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. Valid values are:\n-\tStandard\n-\tLDT\n-\tIDT\n-\tCloud_Object_Storage\n-\tCSI\n","type":"string"},"never_deny":{"description":"Whether to always allow operations in the policy. By default, it is disabled, that is, operations are not allowed.\nSupported for Standard, LDT, and Cloud_Object_Storage policies. For Learn Mode activations, `never_deny` is set to `true`, by default.\n","type":"boolean"},"security_rules":{"description":"Security rules to link with the policy.","type":"array","items":{"type":"object","title":"SecurityRule","properties":{"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n - permit\n - deny\n - audit\n - applykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set to link to the policy.","type":"string"},"exclude_user_set":{"description":"User set to exclude. Supported for Standard, LDT and IDT policies.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link to the policy. Supported for Standard, LDT and IDT policies.","type":"string"},"exclude_resource_set":{"description":"Resource set to exclude. Supported for Standard, LDT and IDT policies.","type":"boolean"},"process_set_id":{"description":"ID of the process set to link to the policy.","type":"string"},"exclude_process_set":{"description":"Process set to exclude. Supported for Standard, LDT and IDT policies.","type":"boolean"},"partial_match":{"description":"Whether to allow partial match operations. By default, it is enabled. Supported for Standard, LDT and IDT policies.","type":"boolean"}}}},"key_rules":{"description":"Key rules to link with the policy.","type":"array","items":{"type":"object","title":"KeyRule","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set to link with the rule. Supported for Standard, LDT and IDT policies.","type":"string"}}}},"data_transform_rules":{"description":"Data transformation rules to link with the policy.","type":"array","items":{"type":"object","title":"KeyRule","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}},"ldt_key_rules":{"description":"LDT rules to link with the policy. Supported for LDT policies.","type":"array","items":{"type":"object","title":"LDTKeyRule","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Whether this is an exclusion rule. If enabled, no need to specify the transformation rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}}}}},"idt_key_rules":{"description":"IDT rules to link with the policy.","type":"array","items":{"type":"object","title":"IDTKeyRule","properties":{"current_key":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"current_key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"transformation_key":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n","type":"string"},"transformation_key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}}},"signature_rules":{"description":"Signature rules to link with the policy.","type":"array","items":{"type":"object","title":"SignatureRule","properties":{"signature_set_id":{"description":"List of identifiers of signature sets. This identifier can be the Name, ID (a UUIDv4), URI, or slug of the signature set.","type":"string"}}}},"metadata":{"description":"Restrict policy for modification","type":"object","properties":{"restrict_update":{"description":"To restrict the policy for modification. If its value enabled means user not able to modify the guarded policy.\n","type":"boolean"}}}},"example":{"name":"TestPolicy","policy_type":"Standard","never_deny":false,"security_rules":[{"effect":"permit","action":"all_ops","partial_match":false,"resource_set_id":"TestResourceSet","exclude_resource_set":true}]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\", and \"CSI\".","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"Dataxform-policy","description":"","policy_type":"OFFLINE","policy_version":"0","never_deny":true,"policy_key_version":"0","updated_by":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of policies added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"never_deny","in":"query","type":"boolean","description":"Filters results to those learn mode enabled or disabled.\n"},{"name":"never_deny_enabled_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those learn mode enabled at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter policies by policy type.Valid values are STANDARD, LDT and CLOUD_OBJECT_STORAGE."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\", and \"CSI\".","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","never_deny_enabled_at":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":false,"policy_key_version":"0","updated_by":""}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Modifies the policy parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies"],"parameters":[{"name":"body","in":"body","description":"CTE policy parameters.","schema":{"type":"object","title":"Modify Policy","properties":{"description":{"description":"Description of the policy.","type":"string"},"never_deny":{"description":"Whether to always allow operations in the policy. By default, it is disabled, that is, operations are not allowed.\nBy default, it is enabled on learn mode activation. Supported for Standard, LDT and Cloud_Object_Storage policies.\n","type":"boolean"},"metadata":{"description":"Restrict policy for modification","type":"object","properties":{"restrict_update":{"description":"To restrict the policy for modification. User only able to change the parameter value when it is unguarded policy.\n","type":"boolean"}}},"force_restrict_update":{"description":"To remove restriction of policy for modification.\n","type":"boolean"}},"example":{"never_deny":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\", and \"CSI\".","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":true,"policy_key_version":"0","updated_by":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns details of a policy with the given id.\n","tags":["CTE/Policies"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\", and \"CSI\".","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:policies:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","name":"RecordEncryptPolicy","description":"","policy_type":"LDT","policy_version":"0","never_deny":true,"policy_key_version":"0","updated_by":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a policy with the given id. Policies being used by clients cannot be deleted.","tags":["CTE/Policies"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{id}/audits":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Audit Records","description":"Returns the audit records of a policy with the given id.\n","tags":["CTE/Policies"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"ID of the policy.","type":"string"},"policy_version":{"description":"Version number of policy.","type":"string"},"performed_by":{"description":"User who has performed operation on policy.","type":"string"},"performed_on":{"description":"Identifier of resource on which action was performed e.g. if Security Rule as created `kylo:kylo:henry:securityrule:1ae9c191-3187-43bb-902d-b17a899bcbf5`.","type":"string"},"action":{"description":"This field will provide information of what action was performed e.g. `Security Rule Created`.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"c52bd949-866e-4790-9652-f65bbd2d9101","uri":"kylo:kylo:henry:userset:c52bd949-866e-4790-9652-f65bbd2d9101","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-08-15T09:05:18.577872Z","policy_id":"49424bd0-07aa-4554-8bd9-0c382163eebc","policy_version":0,"performed_by":"ncryptify:gemalto:admin:users:admin","performed_on":"kylo:kylo:henry:policy:LxPolicy","action":"Policy Created"},{"id":"b5754455-9d7a-4d9c-9417-ec9423b253d3","uri":"kylo:kylo:henry:userset:b5754455-9d7a-4d9c-9417-ec9423b253d3","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-08-15T09:05:18.539568Z","policy_id":"49424bd0-07aa-4554-8bd9-0c382163eebc","policy_version":1,"performed_by":"ncryptify:gemalto:admin:users:admin","performed_on":"kylo:kylo:henry:securityrule:1ae9c191-3187-43bb-902d-b17a899bcbf5","action":"Security Rule Created"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{id}/insert-apply-key/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Inserts or removes the \"apply_key\" effect from all the security rules having the \"deny\" effect with Learn Mode enabled or disabled respectively.\n","tags":["CTE/Policies"],"parameters":[{"name":"body","in":"body","description":"Insert/remove apply key effect.","schema":{"type":"object","title":"Insert/remove apply key effect","required":["insert_apply_key"],"properties":{"insert_apply_key":{"description":"Whether to insert or remove the \"apply_key\" effect from all the security rules having the \"deny\" effect. Set to `true` to insert the \"apply_key\" effect, set to `false` to remove. The parameter has no default value.","type":"boolean"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the policy.","type":"string"},"policy_type":{"description":"Type of the policy. The valid values are “Standard”, “LDT”, “Cloud_Object_Storage\", and \"CSI\".","type":"string"},"policy_version":{"description":"Version of the policy. It gets updated with every modification in the policy","type":"integer"},"updated_by":{"description":"User who updated the policy.","type":"string"},"never_deny":{"description":"Flag to always permit operations in policy. By default it is disabled, enabled on learn mode activation","type":"boolean"},"policy_key_version":{"description":"Version of the policy key.","type":"string"},"never_deny_enabled_at":{"description":"Timestamp when learn mode was enabled.","type":"string"}}}]},"examples":{"application/json":{"id":"320dc97b-d36e-4235-8f23-1436067491f2","uri":"kylo:kylo:henry:policy:example_policy","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T04:48:27.804395Z","name":"example_policy","updatedAt":"2022-09-27T04:49:26.133577Z","domain_id":"","description":"","policy_type":"STANDARD","policy_version":1,"updated_by":"","never_deny":true,"policy_key_version":0,"never_deny_enabled_at":"2022-09-27T04:48:27.795395Z","security_rules":[{"id":"799bfd3c-0bde-42ff-a83d-a4a679cd3ca6","uri":"kylo:kylo:henry:securityrule:799bfd3c-0bde-42ff-a83d-a4a679cd3ca6","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T04:48:27.820898Z","updatedAt":"0001-01-01T00:00:00Z","policy_id":"320dc97b-d36e-4235-8f23-1436067491f2","order_number":1,"effect":"deny,applykey","action":"all_ops","partial_match":true,"user_set_id":"","exclude_user_set":false,"process_set_id":"","exclude_process_set":false,"resource_set_id":"","exclude_resource_set":false},{"id":"9d747728-39d9-43b0-b7bf-d917e17079ef","uri":"kylo:kylo:henry:securityrule:9d747728-39d9-43b0-b7bf-d917e17079ef","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T04:48:27.867865Z","updatedAt":"0001-01-01T00:00:00Z","policy_id":"320dc97b-d36e-4235-8f23-1436067491f2","order_number":2,"effect":"permit,applykey","action":"all_ops","partial_match":true,"user_set_id":"","exclude_user_set":false,"process_set_id":"","exclude_process_set":false,"resource_set_id":"","exclude_resource_set":false}],"key_rules":[{"id":"5120a0f5-b31c-4116-a56e-368c857b33a4","uri":"kylo:kylo:henry:keyrule:5120a0f5-b31c-4116-a56e-368c857b33a4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T04:48:28.096844Z","updatedAt":"0001-01-01T00:00:00Z","policy_id":"320dc97b-d36e-4235-8f23-1436067491f2","order_number":1,"key_id":"example_key","new_key_rule":false,"resource_set_id":""}],"data_transform_rules":null,"ldt_key_rules":null,"idt_key_rules":null,"classification_enabled":"","metadata":{"restrict_update":false}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/securityrules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Add","description":"Adds a new security rule to the CipherTrust Manager.","tags":["CTE/Policies-SecurityRules"],"parameters":[{"name":"body","in":"body","description":"CTE security rules parameters.","schema":{"type":"object","title":"Create Security Rule","required":["effect"],"properties":{"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n - permit\n - deny\n - audit\n - applykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set to link to the policy.","type":"string"},"exclude_user_set":{"description":"User set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link to the policy. Supported for Standard and LDT policies.","type":"string"},"exclude_resource_set":{"description":"Resource set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"process_set_id":{"description":"ID of the process set to link to the policy.","type":"string"},"exclude_process_set":{"description":"Process set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"partial_match":{"description":"Whether to allow partial match operations. By default, it is enabled. Supported for Standard and LDT policies.","type":"boolean"}},"example":{"effect":"permit","action":"all_ops","partial_match":false,"resource_set_id":"TestResourceSet","exclude_resource_set":true}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"permit","action":"","policy_id":"1005","order_number":0,"user_set_id":"","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"","exclude_process_set":false,"partial_match":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of security rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-SecurityRules"],"parameters":[{"name":"action","in":"query","required":false,"type":"string","description":"Filter security rules by action.Values can be read, write, all_ops and key_op."},{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter security rules by policy id."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"permit","action":"","policy_id":"1005","order_number":0,"user_set_id":"","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"","exclude_process_set":false,"partial_match":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/securityrules/{securityRuleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"securityRuleId","in":"path","type":"string","description":"An identifier of the CTE Security Rule.\nThis can be either the ID (a UUIDv4) or URI of Policy.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the security rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-SecurityRules"],"parameters":[{"name":"body","in":"body","description":"CTE security rule parameters.","schema":{"type":"object","title":"Modify security rule","properties":{"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n - permit\n - deny\n - audit\n - applykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set to link to the policy.","type":"string"},"exclude_user_set":{"description":"User set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link to the policy. Supported for Standard and LDT policies.","type":"string"},"exclude_resource_set":{"description":"Resource set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"process_set_id":{"description":"ID of the process set to link to the policy.","type":"string"},"exclude_process_set":{"description":"Process set to exclude. Supported for Standard and LDT policies.","type":"boolean"},"partial_match":{"description":"Whether to allow partial match operations. By default, it is enabled. Supported for Standard and LDT policies.","type":"boolean"},"order_number":{"description":"Precedence order of the rule in the parent policy.","type":"integer"}},"example":{"effect":"Deny","user_set_id":"UserSet1","process_set_id":"ProcessSet1"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"Deny","action":"","policy_id":"1005","order_number":0,"user_set_id":"UserSet1","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"ProcessSet1","exclude_process_set":false,"partial_match":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a security rule with the given id.\n","tags":["CTE/Policies-SecurityRules"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy","type":"string"},"effect":{"description":"Effects applicable to the rule. Separate multiple effects by commas. The valid values are:\n-\tpermit\n-\tdeny\n-\taudit\n-\tapplykey\n","type":"string"},"action":{"description":"Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op.","type":"string"},"user_set_id":{"description":"ID of the user set aligned with this policy.","type":"string"},"exclude_user_set":{"description":"Flag to exclude the specified user set.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set aligned with this policy.","type":"string"},"exclude_resource_set":{"description":"Flag to exclude the specified resource set.","type":"boolean"},"process_set_id":{"description":"ID of the process set aligned with this policy.","type":"string"},"exclude_process_set":{"description":"Flag to exclude the specified process set.","type":"boolean"},"partial_match":{"description":"Flag to allow partial match operations. By default enabled.","type":"boolean"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:securityrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","effect":"permit","action":"","policy_id":"1005","order_number":0,"user_set_id":"","exclude_user_set":false,"resource_set_id":"","exclude_resource_set":false,"process_set_id":"","exclude_process_set":false,"partial_match":true}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a security rule with the given id. Rules being used by clients cannot be deleted.","tags":["CTE/Policies-SecurityRules"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/signaturerules":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE policy.\nThis can be the ID (a UUIDv4), URI, or name of the policy.\n","required":true}],"post":{"summary":"Add Signature Rule","description":"Adds a new signature rule to the CipherTrust Manager.","tags":["CTE/Policies-SignatureRules"],"parameters":[{"name":"body","in":"body","description":"CTE signature rules parameters.","schema":{"type":"object","title":"Create Signature Rule","required":["signature_set_id_list"],"properties":{"signature_set_id_list":{"description":"List of identifiers of signature sets. The identifiers can be the Name, ID (a UUIDv4), URI, or slug of the signature sets.","type":"array","items":{"type":"string"}}},"example":{"signature_set_id_list":["TestSignSet1","TestSignSet2"]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"success_signature_rules":{"description":"List of successful signature sets added to the Signature rule","type":"array","items":{"type":"object","title":"Resource","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}},"failed_signature_rules":{"type":"array","description":"Failed to create signature-rule with signature-set with the reason for failure provided in a Key-Value pair with signature-set-identifier, error and status code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]}},"207":{"description":"Multistatus","examples":{"application/json":{"success_signature_rules":[{"signature_rule":{"id":"5ca00938-8b2b-42ae-9a7b-ff7b55fc79dd","uri":"kylo:kylo:henry:signaturerule:5ca00938-8b2b-42ae-9a7b-ff7b55fc79dd","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T10:47:37.537637567Z","updatedAt":"2022-09-27T10:47:37.537637567Z","policy_id":"c5449b73-0e97-421a-860f-001756467f9d","signature_set_id":"ded6fb18-b8d4-40a9-8113-9a75e86313b9","signature_set_name":"TestSignSet1"},"status_code":201}],"failed_signature_rules":[{"signature_set_id":"TestSignSet","error":"Failed to create signature rule with signature set ID:TestSignSet in policy: TestCsiPolicy Error:could not create signaturerule as it already exists","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of signature rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-SignatureRules"],"parameters":[{"name":"signature_set_id","in":"query","required":false,"type":"string","description":"Filter signature rules by signature set id."},{"name":"signature_set_name","in":"query","required":false,"type":"string","description":"Filter signature rules by signature set name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"c32c8642-494b-4abb-a7b3-a798c540dd16","uri":"kylo:kylo:henry:signaturerule:c32c8642-494b-4abb-a7b3-a798c540dd16","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T11:10:25.211962Z","updatedAt":"2022-09-27T11:10:25.211962Z","policy_id":"c5449b73-0e97-421a-860f-001756467f9d","signature_set_id":"06995e06-2691-432d-b100-52bc10d534b9","signature_set_name":"TestSignSet"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/signaturerules/{signatureRuleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE policy.\nThis can be the ID (a UUIDv4), URI, or name of the policy.\n","required":true},{"name":"signatureRuleId","in":"path","type":"string","description":"An identifier of the CTE signature rule.\nThis can be the ID (a UUIDv4) or URI of the signature rule.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the signature rule parameters. There is no default value for the parameter.\n","tags":["CTE/Policies-SignatureRules"],"parameters":[{"name":"body","in":"body","description":"CTE signature rule parameters.","schema":{"type":"object","title":"Modify signature rule","required":["signature_set_id"],"properties":{"signature_set_id":{"description":"An identifier of the signature set. \nThis can be the Name, ID (a UUIDv4), URI, or slug of the signature set.\n","type":"string"}},"example":{"signature_set_id":"TestSignSet"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}]},"examples":{"application/json":{"id":"c32c8642-494b-4abb-a7b3-a798c540dd16","uri":"kylo:kylo:henry:signaturerule:c32c8642-494b-4abb-a7b3-a798c540dd16","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T11:10:25.211962Z","updatedAt":"2022-09-28T08:38:03.712694015Z","policy_id":"c5449b73-0e97-421a-860f-001756467f9d","signature_set_id":"06995e06-2691-432d-b100-52bc10d534b9","signature_set_name":"TestSignSet"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a signature rule with the given id.\n","tags":["CTE/Policies-SignatureRules"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"UUID of Signature Rule."},"uri":{"type":"string","description":"A human readable unique identifier of the resource."},"account":{"type":"string","description":"The account which owns this resource."},"createdAt":{"type":"string","description":"Date/time the application was created."},"updatedAt":{"type":"string","description":"Date/time the application was updated."},"policy_id":{"type":"string","description":"UUID of Policy."},"signature_set_id":{"type":"string","description":"UUID of Signature Set."},"signature_set_name":{"type":"string","description":"Name of Signature Set."}}}]},"examples":{"application/json":{"id":"c32c8642-494b-4abb-a7b3-a798c540dd16","uri":"kylo:kylo:henry:signaturerule:c32c8642-494b-4abb-a7b3-a798c540dd16","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-27T11:10:25.211962Z","updatedAt":"2022-09-28T08:38:03.712694015Z","policy_id":"c5449b73-0e97-421a-860f-001756467f9d","signature_set_id":"06995e06-2691-432d-b100-52bc10d534b9","signature_set_name":"TestSignSet"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a signature rule with the given id.","tags":["CTE/Policies-SignatureRules"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true}],"post":{"summary":"Create","description":"Adds a new GuardPoint to the CipherTrust Manager.","tags":["CTE/Clients-GuardPoints"],"parameters":[{"name":"body","in":"body","description":"CTE GuardPoint creation parameters.","schema":{"type":"object","title":"Create Guard Point","required":["guard_paths","guard_point_params"],"properties":{"guard_paths":{"description":"List of GuardPaths to be created.","type":"array","items":{"type":"string"}},"guard_point_params":{"description":"Parameters for creating a GuardPoint.","type":"object","required":["policy_id","guard_point_type"],"properties":{"guard_point_type":{"description":"Type of the GuardPoint. The options are:\n-\tdirectory_auto\n-\tdirectory_manual\n-\trawdevice_manual\n-\trawdevice_auto\n-\tcloudstorage_auto\n-\tcloudstorage_manual\n- ransomware\n","type":"string"},"automount_enabled":{"description":"Whether automount is enabled with the GuardPoint. Supported for Standard and LDT policies.","type":"boolean"},"policy_id":{"description":"ID of the policy applied with this GuardPoint.\nThis parameter is not valid for Ransomware GuardPoints as they will not be associated with any CTE policy.\n","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Whether to preserve sparse file regions. Available on LDT enabled clients only. The default value is true. If you disable the setting, it cannot be enabled again. Supported for only LDT policies.","type":"boolean"},"cifs_enabled":{"description":"Whether to enable CIFS. Available on LDT enabled windows clients only. The default value is false. If you enable the setting, it cannot be disabled. Supported for only LDT policies.","type":"boolean"},"data_classification_enabled":{"description":"Whether data classification (tagging) is enabled. Enabled by default if the aligned policy contains ClassificationTags. Supported for Standard and LDT policies.","type":"boolean"},"data_lineage_enabled":{"description":"Whether data lineage (tracking) is enabled. Enabled only if data classification is enabled. Supported for Standard and LDT policies.","type":"boolean"},"early_access":{"description":"Whether secure start (early access) is turned on. Secure start is applicable to Windows clients only. Supported for Standard and LDT policies. The default value is false.","type":"boolean"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"network_share_credentials_id":{"description":"ID/Name of the credentials if the GuardPoint is applied to a network share. Supported for only LDT policies.","type":"string"},"intelligent_protection":{"description":"Flag to enable intelligent protection for this GuardPoint. This flag is valid for GuardPoints with classification based policy only. Can only be set during GuardPoint creation.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}},"example":{"guard_paths":["/opt/path1/","/opt/path2"],"guard_point_params":{"guard_point_type":"directory_auto","policy_id":"TestPolicy","data_classification_enabled":false,"data_lineage_enabled":false,"early_access":true,"preserve_sparse_regions":true}}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path1/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true},"status_code":201},{"guardpoint":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path2/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true},"status_code":201}],"failed_guard_points":[{"guard_path":"/opt/path3","error":"Duplicate Path","status_code":409},{"guard_path":"/opt/path4","error":"Duplicate Path","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of GuardPoints added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Clients-GuardPoints"],"parameters":[{"name":"client_group_name","in":"query","required":false,"type":"string","description":"Filter the results by clientgroup name of GuardPoint."},{"name":"client_group_id","in":"query","required":false,"type":"string","description":"Filter the results by clientgroup id of GuardPoint. MUST be a UUID value."},{"name":"uri_list","in":"query","required":false,"type":"string","description":"Filter the results by uri. To fetch multiple resources provide comma-delimited list of uri."},{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter the results by policy id of GuardPoint. MUST be a UUID value."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter the results by policy name of GuardPoint."},{"name":"pending_operation","in":"query","required":false,"type":"string","description":"Filter the results by pending operation of GuardPoint. Valid value is DELETE."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guard enabled values of GuardPoint. Valid values are Yes/No and True/False."},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by GuardPath of GuardPoint."},{"name":"type","in":"query","required":false,"type":"string","description":"Filter the results by type of GuardPoint. Valid values are CLIENT and CLIENTGROUP."},{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of GuardPoint. Valid values are UNKNOWN, ENABLED, DISABLED, and ERROR."},{"name":"mfa_enabled","description":"Filter GuardPoints based on MFA status - enabled or not.","in":"query","required":false,"type":"boolean"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by createdAt, guard_enabled, type, guard_point_state, policy_id and policy_name. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n -createdAt\n\n...will sort the results by `createdAt`, descending.\n"},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/upload-list":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true}],"post":{"summary":"Upload","description":"Create GuardPoints using CSV file. You must set content type to multipart/form-data and provide the pathfile and param as form-data.","tags":["CTE/Clients-GuardPoints"],"consumes":["multipart/form-data"],"parameters":[{"name":"pathfile","in":"formData","type":"file"},{"name":"param","in":"formData","type":"string","description":"Create GuardPoint parameters, for example: {\"guard_point_type\": \"directory_auto\",\"policy_id\": \"TestPolicy\"}\n"}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path1/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true},"status_code":201},{"guardpoint":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path2/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true},"status_code":201}],"failed_guard_points":[{"guard_path":"/opt/path3","error":"Duplicate Path","status_code":409},{"guard_path":"/opt/path4","error":"Duplicate Path","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/unguard/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true}],"patch":{"summary":"Unguard GuardPoints","description":"Unguards multiple GuardPoints from a client.\n","tags":["CTE/Clients-GuardPoints"],"parameters":[{"name":"body","in":"body","description":"CTE GuardPoint creation parameters.","schema":{"type":"object","title":"Unguard GuardPoints","required":["guard_point_id_list"],"properties":{"guard_point_id_list":{"description":"IDs of the GuardPoints to be dissociated from the client. The IDs can be the name, ID (a UUIDv4), URI, or slug of the GuardPoints.","type":"array","items":{"type":"string"}}},"example":{"guard_point_id_list":["id1","id2"]}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully unguarded guard_points.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"status_code":{"description":"Status code for success.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to unguard.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"error":{"description":"Error reaon.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"guardpoints":[{"guard_point_id":"b940678b-6ba1-4598-8e61-9762d2ac033f","guard_path":"/opt/path1","status_code":204}],"failed_guard_points":[{"guard_point_id":"id2","guard_path":"","error":"record not found","status_code":404}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the GuardPoint parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Clients-GuardPoints"],"parameters":[{"name":"body","in":"body","description":"CTE GuardPoint parameters.","schema":{"type":"object","title":"Modify Guard point.","properties":{"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"network_share_credentials_id":{"description":"ID/Name of the credentials if the GuardPoint is applied to a network share. Supported for only LDT policies.","type":"string"},"data_classification_enabled":{"description":"Whether data classification (tagging) is enabled. Enabled by default if the aligned policy contains ClassificationTags. Supported for Standard and LDT policies.","type":"boolean"},"data_lineage_enabled":{"description":"Whether data lineage (tracking) is enabled. Enabled only if data classification is enabled. Supported for Standard and LDT policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block).","type":"string"}},"example":{"guard_enabled":false,"data_classification_enabled":false,"data_lineage_enabled":false}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns details of a GuardPoint with the given id.\n","tags":["CTE/Clients-GuardPoints"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}/unguard":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Unguard","description":"Unguards a GuardPoint from a client.\n","tags":["CTE/Clients-GuardPoints"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"DELETE","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"get":{"summary":"Status","description":"Provides the status of a GuardPoint.\n","tags":["CTE/Clients-GuardPoints"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client on which GuardPoint is applied.","type":"string"},"client_name":{"description":"Name of CTE client on which GuardPoint is applied.","type":"string"},"guard_point_id":{"description":"UUID for the Guard Point.","type":"string"},"policy_id":{"description":"UUID for the Policy","type":"string"},"policy_name":{"description":"Policy name.","type":"string"},"attrs":{"description":"Attributes of guard point status","type":"string","format":"JSON"}}}]},"examples":{"application/json":{"id":"04cfcf11-6979-4fff-8919-986998da8dea","uri":"kylo:kylo:henry:guardpointstatus:04cfcf11-6979-4fff-8919-986998da8dea","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-08-14T12:53:04.314418Z","updatedAt":"2019-08-14T13:55:45.258036Z","client_id":"455f9cdc-a36d-4392-8eb1-71d418ac32ef","guard_point_id":"e549c4ba-251b-40b5-bb64-3a91f2f16db7","policy_id":"674aff7e-8217-4633-8d6a-cdc227a3df33","policy_name":"Policy1","attr":{}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/keyrules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Add","description":"Adds a new key rule to the CipherTrust Manager.","tags":["CTE/Policies-KeyRules"],"parameters":[{"name":"body","in":"body","description":"CTE Key Rule parameters.","schema":{"type":"object","title":"Create Key Rule","required":["key_id"],"properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set linked with the rule.","type":"string"}},"example":{"key_id":"TestKey","resource_set_id":"TestResourceSet"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of key rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-KeyRules"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":""}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/keyrules/{keyRuleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"keyRuleId","in":"path","type":"string","description":"An identifier of the CTE Key Rule.\nThis can be either the ID (a UUIDv4) or URI of Policy.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the key rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-KeyRules"],"parameters":[{"name":"body","in":"body","description":"CTE Key Rule parameters.","schema":{"type":"object","title":"Modify Key Rule","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set to link with the rule. Supported in Standard or LDT type policy.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy","type":"integer"}},"example":{"key_id":"TestKey","resource_set_id":"TestResourceSet"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a key rule with the given id.\n","tags":["CTE/Policies-KeyRules"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a key rule with the given id. Rules being used by clients cannot be deleted.","tags":["CTE/Policies-KeyRules"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/datatxrules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Add","description":"Adds a new data transformation rule to the CipherTrust Manager. Supported for Standard and LDT policies.","tags":["CTE/Policies-DataTxRules"],"parameters":[{"name":"body","in":"body","description":"CTE Data-Transformation Rule parameters.","schema":{"type":"object","title":"Create Data-Transformation Rule","required":["key_id"],"properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set linked with the rule.","type":"string"}},"example":{"key_id":"TestKey","resource_set_id":"TestResourceSet"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":""}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of data transformation rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-DataTxRules"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":""}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/datatxrules/{dataTxRuleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be ethe ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"dataTxRuleId","in":"path","type":"string","description":"An identifier of the CTE Data-Transformation Rule.\nThis can be either the ID (a UUIDv4) or URI of Data-Transformation rule.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the data transformation rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-DataTxRules"],"parameters":[{"name":"body","in":"body","description":"CTE Data-Transformation Rule parameters.","schema":{"type":"object","title":"Modify Data-Transformation Rule","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"resource_set_id":{"description":"ID of the resource set linked with the rule.","type":"string"},"order_number":{"description":"Precedence order of the rule in the parent policy.","type":"integer"}},"example":{"key_id":"TestKey","resource_set_id":"TestResourceSet"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a data transformation rule with the given id.\n","tags":["CTE/Policies-DataTxRules"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"key_id":{"description":"ID of the key to link with the rule.","type":"string"},"new_key_rule":{"description":"Whether this rule uses the key for transformation purposes.","type":"boolean"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a data transformation rule with the given id. Rules being used by clients cannot be deleted.","tags":["CTE/Policies-DataTxRules"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{setId}/tags/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"setId","in":"path","type":"string","description":"An identifier of the CTE ResourceSet.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Create","description":"Adds a new tag to the classification set in the CipherTrust Manager. Every classification set can be linked to multiple policies through resource sets.","tags":["CTE/ResourceSets-Tags"],"parameters":[{"name":"body","in":"body","description":"CTE tag creation parameters.","schema":{"type":"object","title":"Create Tag in Classification Set","required":["name"],"properties":{"name":{"description":"Name of the tag in the classification set.","type":"string"},"description":{"description":"Description of the classification tag.","type":"string"},"attributes":{"description":"List of attributes to be added to the tag.","type":"array","items":{"type":"object","title":"Attributes","properties":{"name":{"type":"string","description":"Name of the attribute."},"data_type":{"type":"string","description":"Data type of the attribute."},"value":{"type":"string","description":"Value of the attribute."},"operator":{"type":"string","description":"Operator to be applied to the attribute. The valid operators are:\n-\teq (equal)\n-\tne (not equal)\n-\tlt (less than)\n-\tle (less than or equal to)\n-\tgt (greater than)\n-\tge (greater than or equal to)\nThe default operator is eq (equal).\n"}}}}},"example":{"name":"TagSet1","description":"","attributes":[{"name":"Department","data_type":"string","value":"Finance","operator":"eq"},{"name":"Sub-department","data_type":"string","value":"Account Payable","operator":"eq"}]}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"27013877-e699-4d2c-9d86-f024379a0fc2","uri":"kylo:kylo:henry:resourceset:RS4","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-09-27T05:40:45.538692Z","name":"RS4","updatedAt":"0001-01-01T00:00:00Z","domain_id":"","description":"","resources":[{"directory":"/home/testUser","file":"*","include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","include_subfolders":false}],"classification_tags":[{"id":1,"name":"TagSet2","description":"Test Update TagSet21","attributes":[{"id":1,"name":"Test_1234","data_type":"string","value":"Finance","operator":"eq"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{setId}/tags/{tagid}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"setId","in":"path","type":"string","description":"An identifier of the CTE ResourceSet.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"tagid","in":"path","type":"string","description":"An identifier of the Tag. This can be either the Name or ID of the tag.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the classification set parameters. The parameters to be modified are placed in the body parameters.\n","tags":["CTE/ResourceSets-Tags"],"parameters":[{"name":"body","in":"body","description":"CTE Classification-set Tag parameters.","schema":{"type":"object","title":"Modify Tag in Classification Set","properties":{"description":{"description":"Optional description of the tag in classification set.","type":"string"},"attributes":{"description":"List of attributes to be added to the tag.","type":"array","items":{"type":"object","title":"Attributes","properties":{"name":{"type":"string","description":"Name of the attribute."},"data_type":{"type":"string","description":"Data type of the attribute."},"value":{"type":"string","description":"Value of the attribute."},"operator":{"type":"string","description":"Operator to be applied to the attribute. The valid operators are:\n-\teq (equal)\n-\tne (not equal)\n-\tlt (less than)\n-\tle (less than or equal to)\n-\tgt (greater than)\n-\tge (greater than or equal to)\nThe default operator is eq (equal).\n"}}}}},"example":{"attributes":[{"name":"Department","data_type":"attribute","value":"Finance","operator":"eq"},{"name":"Sub-department","data_type":"attribute","value":"Account Payable","operator":"eq"}]}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"27013877-e699-4d2c-9d86-f024379a0fc2","uri":"kylo:kylo:henry:resourceset:RS4","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-09-27T05:40:45.538692Z","name":"RS4","updatedAt":"0001-01-01T00:00:00Z","domain_id":"","description":"","resources":[{"directory":"/home/testUser","file":"*","include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","include_subfolders":false}],"classification_tags":[{"id":1,"name":"TagSet2","description":"Test Update TagSet21","attributes":[{"id":1,"name":"Test_1234","data_type":"string","value":"Finance","operator":"eq"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a tag in the classification set with the given id.\n","tags":["CTE/ResourceSets-Tags"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"27013877-e699-4d2c-9d86-f024379a0fc2","uri":"kylo:kylo:henry:resourceset:RS4","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-09-27T05:40:45.538692Z","name":"RS4","updatedAt":"0001-01-01T00:00:00Z","domain_id":"","description":"","resources":[{"directory":"/home/testUser","file":"*","include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","include_subfolders":false}],"classification_tags":[{"id":1,"name":"TagSet2","description":"Test Update TagSet21","attributes":[{"id":1,"name":"Test_1234","data_type":"string","value":"Finance","operator":"eq"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a tag in the classification set with the given id.","tags":["CTE/ResourceSets-Tags"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{setId}/tags/{tagid}/attributes/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"setId","in":"path","type":"string","description":"An identifier of the CTE ResourceSet.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"tagid","in":"path","type":"string","description":"An identifier of the Tag. This can be either the Name or ID of the tag.\n","required":true}],"post":{"summary":"Create","description":"Adds a new attribute to the tag in the classification set.","tags":["CTE/ResourceSets-Tags"],"parameters":[{"name":"body","in":"body","description":"CTE classificationset tag attribute creation parameters.","schema":{"type":"object","title":"Create Attribute in Tag of Classification Set","required":["name"],"properties":{"name":{"type":"string","description":"Name of the attribute."},"data_type":{"type":"string","description":"Data type of the attribute."},"value":{"type":"string","description":"Value of the attribute."},"operator":{"type":"string","description":"Operator to be applied to the attribute. The valid operators are:\n-\teq (equal)\n-\tne (not equal)\n-\tlt (less than)\n-\tle (less than or equal to)\n-\tgt (greater than)\n-\tge (greater than or equal to)\nThe default operator is eq (equal).\n"}},"example":{"name":"LogLevel","data_type":"integer","value":"INFO","operator":"eq"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"27013877-e699-4d2c-9d86-f024379a0fc2","uri":"kylo:kylo:henry:resourceset:RS4","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-09-27T05:40:45.538692Z","name":"RS4","updatedAt":"0001-01-01T00:00:00Z","domain_id":"","description":"","resources":[{"directory":"/home/testUser","file":"*","include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","include_subfolders":false}],"classification_tags":[{"id":1,"name":"TagSet2","description":"Test Update TagSet21","attributes":[{"id":1,"name":"Test_1234","data_type":"string","value":"Finance","operator":"eq"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/resourcesets/{setId}/tags/{tagid}/attributes/{attrId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"setId","in":"path","type":"string","description":"An identifier of the CTE ResourceSet.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"tagid","in":"path","type":"string","description":"An identifier of the Tag.\nThis can be either the Name or ID of the tag.\n","required":true},{"name":"attrId","in":"path","type":"string","description":"An identifier of the attribute of the Tag.\nThis must be the ID of the attribute.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the tag attributes. The parameters to be modified are placed in the body parameters.\n","tags":["CTE/ResourceSets-Tags"],"parameters":[{"name":"body","in":"body","description":"CTE Tag Attribute parameters.","schema":{"type":"object","title":"Modify Tag attributes in Classification Set","properties":{"data_type":{"type":"string","description":"Data type of the attribute."},"value":{"type":"string","description":"Value of the attribute."},"operator":{"type":"string","description":"Operator to be applied to the attribute. The valid operators are:\n-\teq (equal)\n-\tne (not equal)\n-\tlt (less than)\n-\tle (less than or equal to)\n-\tgt (greater than)\n-\tge (greater than or equal to)\nThe default operator is eq (equal).\n"}},"example":{"data_type":"integer","value":"INFO","operator":"eq"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"description":{"description":"Description of the resource set.","type":"string"},"resources":{"description":"List of resources to be added to the resource set.","type":"array","items":{"type":"object","title":"Resource","properties":{"directory":{"type":"string","description":"Directory of the resource to be added to the resource set."},"file":{"type":"string","description":"File name of the resource to be added to the resource set."},"include_subfolders":{"type":"boolean","description":"Whether to include subfolders to the resource."}}}}}}]},"examples":{"application/json":{"id":"27013877-e699-4d2c-9d86-f024379a0fc2","uri":"kylo:kylo:henry:resourceset:RS4","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-09-27T05:40:45.538692Z","name":"RS4","updatedAt":"0001-01-01T00:00:00Z","domain_id":"","description":"","resources":[{"directory":"/home/testUser","file":"*","include_subfolders":true},{"directory":"/home/kyloTest","file":"kylo.bin","include_subfolders":false}],"classification_tags":[{"id":1,"name":"TagSet2","description":"Test Update TagSet21","attributes":[{"id":1,"name":"Test_1234","data_type":"string","value":"Finance","operator":"eq"}]}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes an attribute of the tag in the classification set with the given id.","tags":["CTE/ResourceSets-Tags"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/ldtkeyrules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"post":{"summary":"Add","description":"Adds a new LDT rule to the CipherTrust Manager. Supported for Standard and LDT policies.","tags":["CTE/Policies-LDTRules"],"parameters":[{"name":"body","in":"body","description":"CTE LDT Rule parameters.","schema":{"type":"object","title":"Create LDT Key Rule","required":["current_key"],"properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Whether this is an exclusion rule. If enabled, no need to specify the transformation rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}}},"example":{"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]},"examples":{"application/json":{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","order_number":3,"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"},"is_exclusion_rule":false}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of LDT key rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-LDTRules"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","order_number":3,"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"},"is_exclusion_rule":false}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/ldtkeyrules/{ldtRuleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"ldtRuleId","in":"path","type":"string","description":"An identifier of the CTE LDT Key Rule.\nThis can be either the ID (a UUIDv4) or URI of Rule.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the LDT rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-LDTRules"],"parameters":[{"name":"body","in":"body","description":"CTE LDT Rule parameters.","schema":{"type":"object","title":"Modify LDT Rule","properties":{"resource_set_id":{"description":"ID of the resource set linked with the rule.","type":"string"},"order_number":{"description":"Precedence order of the rule in the parent policy.","type":"integer"},"is_exclusion_rule":{"description":"Whether this is an exclusion rule. If enabled, no need to specify the transformation rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}}}},"example":{"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]},"examples":{"application/json":{"id":"91b78acf-cba6-456b-8cba-7ee44f0d221f","uri":"kylo:kylo:henry:keyrules:91b78acf-cba6-456b-8cba-7ee44f0d221f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-05-24T14:15:47.331272857Z","updatedAt":"2019-05-24T14:15:47.331272857Z","policy_id":"TestPolicy","order_number":0,"key_id":"TestKey","new_key_rule":false,"resource_set_id":"TestResourceSet"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a key rule with the given id.\n","tags":["CTE/Policies-LDTRules"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"order_number":{"description":"Precedence order of this rule in the parent policy.","type":"integer"},"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"is_exclusion_rule":{"description":"Flag to specify if it is exclusion rule.","type":"boolean"},"current_key":{"description":"Properties of the current key.","type":"object","items":{"type":"object","title":"CurrentKey","properties":{"resource_set_id":{"description":"ID of the resource set to link with the rule.","type":"string"},"current_key":{"description":"Properties of the current key.","type":"object","title":"CurrentKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}},"transformation_key":{"description":"Properties of the transformation key.","type":"object","title":"TransformationKey","properties":{"key_id":{"description":"ID of the key to link with the rule.","type":"string"}}}}}}}}]},"examples":{"application/json":{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","order_number":3,"resource_set_id":"TestResourceSet","current_key":{"key_id":"clear_key"},"transformation_key":{"key_id":"MyKey"},"is_exclusion_rule":false}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes an LDT key rule with the given id. Rules being used by clients cannot be deleted.","tags":["CTE/Policies-LDTRules"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}/early-access":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Update Early Access on GuardPoint","description":"Enables or disables early access on a GuardPoint. Supported for Standard and LDT policies.\n","tags":["CTE/Clients-GuardPoints"],"parameters":[{"name":"body","in":"body","description":"CTE GuardPoint Early Access value.","schema":{"type":"object","title":"Modify GuardPoint Early Access.","required":["early_access"],"properties":{"early_access":{"description":"Whether to enable early access on the GuardPoint.","type":"boolean"}},"example":{"early_access":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{clientId}/guardpoints/{guardpointId}/preserve-sparse-regions-off":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientId","in":"path","type":"string","description":"An identifier of the CTE Clients.\nThis can be the ID (a UUIDv4), URI, or name of Client.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Turn Off Preserve Spase Region","description":"Turn off preserve sparse regions on the GuardPoint. Supported for only LDT policies.\n","tags":["CTE/Clients-GuardPoints"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create LDT Group Communication Service","description":"Creates a CTE LDT Group communication service on the CipherTrust Manager.","tags":["CTE/LDTGroupCommServices"],"parameters":[{"name":"body","in":"body","description":"CTE LDT group communication service creation parameters.","schema":{"type":"object","title":"Create CTE LDT group communication service","required":["name"],"properties":{"name":{"description":"Name to uniquely identify the LDT group communication service. This name will be visible on the CipherTrust Manager.","type":"string"},"description":{"description":"Description to identify the LDT group communication service.","type":"string"}},"example":{"name":"LDTGroupCommService_1","description":"Test LDTGroupCommService"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]},"examples":{"application/json":{"id":"aa360d01-2cd6-4129-b376-753f882b4e67","uri":"kylo:kylo:henry:ldtGroupCommService:LDTGroupCommService_test5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-23T08:11:30.292240179Z","name":"LDTGroupCommService_1","updatedAt":"2021-07-23T08:11:30.292240179Z","description":"Test LDTGroupCommService"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List LDT Group Communication Service","description":"Returns the list of LDT group communication services. The results can be filtered using the query parameters.\n","tags":["CTE/LDTGroupCommServices"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by name of LDT group communication service. Use wildcards to search for LDT group communication services matching the specified pattern in their names."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"5bb9802d-5792-43a0-a207-1fb8750d7255","uri":"kylo:kylo:henry:ldtGroupCommService:LDTGroupCommService_test1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T03:33:03.336094Z","name":"LDTGroupCommService_1","updatedAt":"2021-07-26T03:33:03.336094Z","description":"Test LDTGroupCommService"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get LDT Group Communication Service","description":"Returns the details of an LDT group communication service with the given identifier. This identifier can be Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]},"examples":{"application/json":[{"id":"5bb9802d-5792-43a0-a207-1fb8750d7255","uri":"kylo:kylo:henry:ldtGroupCommService:LDTGroupCommService_test1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T03:33:03.336094Z","name":"LDTGroupCommService_1","updatedAt":"2021-07-26T03:33:03.336094Z","description":"Test LDTGroupCommService"}]}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update LDT Group Communication Service","description":"Updates the details of an LDT group communication service with the given identifier. This identifier can be Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"parameters":[{"name":"body","in":"body","description":"CTE LDT group communication service description parameters to be modified.","schema":{"type":"object","title":"Update CTE LDT group communication service","properties":{"description":{"description":"Description of the LDT group communication service.","type":"string"}},"example":{"description":"LDTGroupCommService_1 API description is updated"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of LDTGroupCommService`.","type":"string"}}}]},"examples":{"application/json":[{"id":"5bb9802d-5792-43a0-a207-1fb8750d7255","uri":"kylo:kylo:henry:ldtGroupCommService:LDTGroupCommService_test1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T03:33:03.336094Z","name":"LDTGroupCommService_1","updatedAt":"2021-07-26T03:33:03.336094Z","description":"LDTGroupCommService_1 API description is updated"}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete LDT Group Communication Service","description":"Deletes an LDT group communication service with the given identifier. This identifier can be Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/{id}/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Client to LDT Group Communication Service","description":"Adds clients to an LDT group communication service with the given identifier. This identifier can be the Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE LDT group communication service. This identifier can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"CTE LDT group communication service-client association parameters.","schema":{"type":"object","title":"Add Client to LDT group communication service","required":["client_list"],"properties":{"client_list":{"description":"List of identifiers of clients to be associated with the LDT group communication service. This identifier can be the Name, ID (a UUIDv4), URI, or slug of the client.","type":"array","items":{"type":"string"}}},"example":{"client_list":["Client1","Client2"]}}}],"responses":{"201":{"description":"Client added to LDT group communication service.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-LDTGroupCommService Association","type":"array","items":{"type":"object","title":"Resource","properties":{"ldt_group_comm_service_id":{"type":"string","description":"UUID of CTE LDTGroupCommService."},"client_id":{"type":"string","description":"UUID of CTE Client."},"ldt_group_comm_service_name":{"type":"string","description":"Name of CTE LDTGroupCommService."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]}},"207":{"description":"Client added to LDT group communication service.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-LDTGroupCommService Association","type":"array","items":{"type":"object","title":"Resource","properties":{"ldt_group_comm_service_id":{"type":"string","description":"UUID of CTE LDTGroupCommService."},"client_id":{"type":"string","description":"UUID of CTE Client."},"ldt_group_comm_service_name":{"type":"string","description":"Name of CTE LDTGroupCommService."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"examples":{"application/json":{"association_response":[{"id":"7365a8df-90d5-46c0-9971-0b981d09822b","uri":"kylo:kylo:henry:ldtGroupCommServiceClientAssn:7365a8df-90d5-46c0-9971-0b981d09822b","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-26T03:34:21.694487705Z","updatedAt":"2021-07-26T03:34:21.694487705Z","ldt_group_comm_service_id":"5bb9802d-5792-43a0-a207-1fb8750d7255","client_id":"7286b730-518d-471c-8089-70536ddde34c","ldt_group_comm_service_name":"LDTGroupCommService_test1","client_name":"client1"},{"id":"9b1307be-09ee-42cb-8ad7-46e418665375","uri":"kylo:kylo:henry:ldtGroupCommServiceClientAssn:9b1307be-09ee-42cb-8ad7-46e418665375","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-26T09:44:31.259292317Z","updatedAt":"2021-07-26T09:44:31.259292317Z","ldt_group_comm_service_id":"5bb9802d-5792-43a0-a207-1fb8750d7255","client_id":"69f5890e-34cc-4365-850c-cd1231ff0329","ldt_group_comm_service_name":"LDTGroupCommService_test1","client_name":"client2"}],"num_failed_association":0,"failed_associations":null}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List Clients in LDT Group Communication Service","description":"Returns the list of clients in an LDT group communication service with the given identifier. This identifier can be the Name, ID (a UUIDv4), or URI.\n","tags":["CTE/LDTGroupCommServices"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE LDT group communication service. This identifier can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter the results by name of client."},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by OS type of the client. Valid values are LINUX and WINDOWS."},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter clients by profile name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"69f5890e-34cc-4365-850c-cd1231ff0329","uri":"kylo:kylo:henry:client:client2","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T06:30:59.944525Z","name":"client2","updatedAt":"2021-07-26T06:30:59.944525Z","os_type":"UNKNOWN","os_sub_type":"","os_kernel":"","uor_version":"","client_reg_id":"","server_host_name":"","description":"Test Client","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":"","min_comm_version":0,"max_comm_version":0,"registration_allowed":false,"communication_enabled":false,"auth_binaries":"","del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"","status_ref":0,"config_ref":"0001-01-01T00:00:00Z","auth_binaries_from":"client2","capabilities":"CBC","enabled_capabilities":"","attributes_from":"client2","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","warnings":"[]","errors":"[]","client_health_status":"UNREGISTERED","profile_id":"b59b30c4-a922-40ff-a1ab-2cc1d53af9a7","profile_name":"DefaultClientProfile","ldt_status":"","ldt_enabled":false,"client_errors":"","client_warnings":"","ldt_group_comm_service_id":"587b7dfa-2f01-43da-865e-38f88ce4b356","ldt_group_comm_service_name":"LDTGroupCommService_1","assigned_with_ldt_group_comm_service":true},{"id":"7286b730-518d-471c-8089-70536ddde34c","uri":"kylo:kylo:henry:client:client1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-26T03:32:43.982274Z","name":"client1","updatedAt":"2021-07-26T03:32:43.982274Z","os_type":"UNKNOWN","os_sub_type":"","os_kernel":"","uor_version":"","client_reg_id":"","server_host_name":"","description":"","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","client_version":"","min_comm_version":0,"max_comm_version":0,"registration_allowed":false,"communication_enabled":false,"auth_binaries":"","del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"","status_ref":0,"config_ref":"0001-01-01T00:00:00Z","auth_binaries_from":"client1","capabilities":"CBC","enabled_capabilities":"","attributes_from":"client1","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","warnings":"[]","errors":"[]","client_health_status":"UNREGISTERED","profile_id":"b59b30c4-a922-40ff-a1ab-2cc1d53af9a7","profile_name":"DefaultClientProfile","ldt_status":"","ldt_enabled":false,"client_errors":"","client_warnings":"","ldt_group_comm_service_id":"587b7dfa-2f01-43da-865e-38f88ce4b356","ldt_group_comm_service_name":"LDTGroupCommService_1","assigned_with_ldt_group_comm_service":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/{id}/clients/delete/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Delete Bulk Client from LDT Group Communication Service","description":"Deletes a large number of clients from an LDT group communication service with the given identifier. This identifier can be the Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE LDT group communication service. This identifier can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"CTE LDT group communication service-Client association bulk delete parameters.","schema":{"type":"object","title":"Delete Bulk Client from LDT group communication service","required":["client_list"],"properties":{"client_list":{"description":"List of identifiers of clients to be deleted from the LDT group communication service. This identifier can be the Name, ID (a UUIDv4), URI, or slug of client.","type":"array","items":{"type":"string"}}},"example":{"client_list":["Client1","Client2","Client3","Client4"]}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"clients":{"description":"List of successfully deleted clients.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"falied_clients":{"description":"List of clients that failed to delete.","type":"array","items":{"type":"object","properties":{"client_id":{"description":"ID of deleted client.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}}}}]},"examples":{"application/json":{"clients":[{"client_id":"Client1","status_code":200},{"client_id":"Client2","status_code":200}],"failed_clients":[{"client_id":"Client3","error":"RemoveClientFromLDTGroupCommService: Failed to get CTE Client: record not found","status_code":404},{"client_id":"Client4","error":"RemoveClientFromLDTGroupCommService: Failed to get CTE Client: record not found","status_code":404}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/ldtgroupcommservice/{id}/clients/{client_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"delete":{"summary":"Remove Client from LDT Group Communication Service","description":"Removes a client with the given identifier from an LDT group communication service with the given identifier. This identifier can be the Name, ID (a UUIDv4), or URI.","tags":["CTE/LDTGroupCommServices"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE LDT group communication service. This identifier can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE Client. This identifer can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/permissions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of CTE permissions.\n","tags":["CTE/Permissions"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"cte_permissions":{"description":"List of CTE Permissions.","type":"array","items":{"type":"object","properties":{"type":{"description":"CTE Resource type.","type":"string"},"permissions":{"description":"List of CTE Permissions avaialble for resource type.","type":"array"}}}}}}]},"examples":{"application/json":{"cte_permissions":[{"type":"Client","permissions":["ReadClientCTE","UpdateClientCTE","DeleteClientCTE"]},{"type":"SignatureSet","permissions":["ReadSignatureSetCTE","UpdateSignatureSetCTE","DeleteSignatureSetCTE"]}]}}}}}},"/v1/transparent-encryption/remediationconfig/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Update","description":"Update remediation configuration for Knox Identifier.","tags":["CTE/RemediationConfig"],"parameters":[{"name":"body","in":"body","description":"CTE Remediation configuration parameters.","schema":{"type":"object","title":"Update RemediationConfig","properties":{"knox_connection_identifier":{"description":"Knox Identifier which will be used CTE Remediation","type":"string"},"pqs_connection_schema":{"description":"Schema name of PQS which will be used for CTE Remediation","type":"string"},"pqs_connection_uri":{"description":"PQS connection URI","type":"string"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"knox_connection_identifier":{"description":"Knox Identifier which will be used CTE Remediation","type":"string"},"pqs_connection_schema":{"description":"Schema name of PQS which will be used for CTE Remediation","type":"string"},"pqs_connection_status":{"description":"PQS Connection status","type":"string"},"pqs_connection_uri":{"description":"PQS connection URI","type":"string"}}}]},"examples":{"knox_connection_identifier":"MyKnox1","pqs_connection_schema":"CTE","pqs_connection_uri":"/gateway/default/avatica"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns details of a RemediationConfig which will be used for CTE Remediation","tags":["CTE/RemediationConfig"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"knox_connection_identifier":{"description":"Knox Identifier which will be used CTE Remediation","type":"string"},"pqs_connection_schema":{"description":"Schema name of PQS which will be used for CTE Remediation","type":"string"},"pqs_connection_status":{"description":"PQS Connection status","type":"string"},"pqs_connection_uri":{"description":"PQS connection URI","type":"string"}}}]},"examples":{"application/json":[{"id":"3178e5d7-db02-4494-8162-0d5aa1ced815","uri":"kylo:kylo:henry:remediationconfig:3178e5d7-db02-4494-8162-0d5aa1ced815","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-02-15T06:31:22.260461Z","updatedAt":"2021-02-15T09:05:59.387273Z","knox_connection_identifier":"Knox-R","pqs_connection_schema":"CTE","pqs_connection_status":"Ready","pqs_connection_uri":"/gateway/default/avatica"}]}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a CTE ClientGroup.","tags":["CTE/ClientGroups"],"parameters":[{"name":"body","in":"body","description":"CTE ClientGroup creation parameters.","schema":{"type":"object","title":"Create CTE ClientGroup","required":["name","cluster_type"],"properties":{"name":{"description":"Name of the ClientGroup.","type":"string"},"description":{"description":"Description of the ClientGroup.","type":"string"},"cluster_type":{"description":"Cluster type of the ClientGroup, valid values are NON-CLUSTER and HDFS.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"password":{"description":"User supplied password if password_creation_method is MANUAL. The password MUST be minimum 8 characters and MUST contain one alphabet,\none number, and one of the !@#$%^&*(){}[] special characters.\n","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"}},"example":{"name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of ClientGroups added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/ClientGroups"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","required":false,"type":"string","description":"Filter result using the clientgroup name."},{"name":"cluster_type","in":"query","required":false,"type":"string","description":"Filter result using the clientgroup cluster type. Valid values are \"HDFS\" and \"NON-CLUSTER\"."},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"enable_domain_sharing","description":"Filter resources based on whether cross-domain sharing is enabled.","in":"query","required":false,"type":"boolean"},{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns details of a ClientGroup with the given id.","tags":["CTE/ClientGroups"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":[{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile"}]}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update","description":"Updates details of a CTE ClientGroup.","tags":["CTE/ClientGroups"],"parameters":[{"name":"body","in":"body","description":"CTE ClientGroup parameters to be modified.\n","schema":{"type":"object","title":"Update CTE ClientGroup","properties":{"client_locked":{"description":"Is FS Agent locked? Enables locking the configuration of the File System Agent on the client. This will prevent updates to any policies on the client. Default value is `false`.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"description":{"description":"Description of the ClientGroup.","type":"string"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"password":{"description":"User supplied password if password_creation_method is MANUAL. The password MUST be minimum 8 characters and MUST contain one alphabet,\none number, and one of the !@#$%^&*(){}[] special characters.\n","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"enabled_capabilities":{"description":"Comma separated agent capabilities which are enabled. Currently only `RESIGN` for re-signing client settings can be enabled.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"shared_domain_list":{"description":"List of domains with which ClientGroup needs to be shared.","type":"array","items":{"type":"string"}},"enable_domain_sharing":{"description":"Whether to enable domain sharing for ClientGroup","type":"boolean"}},"example":{"client_locked":true,"system_locked":false,"description":"Test","password_creation_method":"MANUAL","password":"Hello@1","communication_enabled":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Deletes a ClientGroup from the CipherTrust Manager.\n","tags":["CTE/ClientGroups"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/auth-binaries":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update Client Settings","description":"Updates client settings for a ClientGroup.","tags":["CTE/ClientGroups"],"parameters":[{"name":"body","in":"body","description":"Client setting parameters to be modified.\n","schema":{"type":"object","title":"Update client settings for a CTE ClientGroup.","properties":{"re_sign":{"description":"Whether to re-sign the client settings.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.\nSignature set can be provided in +sig= format.\nFor example:\n{\n \\\"privilege\\\": \\\"authenticator+sig=TestSignSet\\\",\n \\\"filename\\\": \\\"/usr/sbin/tsm\\\"\n}\n","type":"string"}},"example":{"re_sign":true,"auth_binaries":"[ { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/tsm\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/sbin/sshd\" }, { \"privilege\": \"authenticator\", \"filename\": \"/usr/dt/bin/dtlogin\" }, { \"privilege\": \"authenticator_euid\", \"filename\": \"/usr/sbin/ftpd\" } ]"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/resetpassword":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Reset Password for CTE ClientGroup","description":"Resets the password for a ClientGroup.","tags":["CTE/ClientGroups"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"cluster_type":{"description":"Cluster Type (NON-CLUSTER).","type":"string"},"description":{"description":"Descriptive string for ClientGroup","type":"string"},"client_locked":{"description":"Is FS Agent locked ?","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.\nWhen enabled, patches to the operating system of the client will fail due to the protection of these files.\n","type":"boolean"},"password_creation_method":{"description":"Password creation method, GENERATE or MANUAL.","type":"string"},"communication_enabled":{"description":"Whether the File System communication is enabled.","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Currently only `RESIGN` for re-signing client settings is available.","type":"string"},"enabled_capabilities":{"description":"Comma-separated agent capabilities that are enabled. Currently, only RESIGN can be enabled for re-signing client settings.","type":"string"},"profile_id":{"description":"ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS).","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:clientgroup:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-05T09:06:16.16117433Z","updatedAt":"0001-01-01T00:00:00Z","name":"ClientGroup1","description":"Test ClientGroup","cluster_type":"NON-CLUSTER","client_locked":false,"system_locked":false,"password_creation_method":"GENERATE","communication_enabled":true,"auth_binaries":"","capabilities":"RESIGN","enabled_capabilities":"","profile_id":"2a23f919-b777-4e88-9baa-4bfdc1808d70","profile_name":"DefaultClientProfile"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/clients/{client_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"delete":{"summary":"Remove Client from ClientGroup","description":"Removes a client from the ClientGroup.","tags":["CTE/ClientGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE ClientGroup. This can be either ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE Client. This can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get ClientGroup Client Association","description":"Returns the association between a ClientGroup and a client.","tags":["CTE/ClientGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE ClientGroup. This can be either ID (a UUIDv4), the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE Client. This can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:henry:clientgroupclientassn:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","client_group_id":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","client_id":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","client_group_name":"ClientGroup1","client_name":"Client_1"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Client to ClientGroup","description":"Adds a client to an existing ClientGroup.","tags":["CTE/ClientGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE ClientGroup. This can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"CTE ClientGroup-Client association parameters.","schema":{"type":"object","title":"Add Client to ClientGroup","required":["inherit_attributes","client_list"],"properties":{"inherit_attributes":{"type":"boolean","description":"Whether the client should inherit attributes from the ClientGroup."},"client_list":{"description":"List of Client identifier which are to be associated with clientgroup. This identifier can be the Name, ID (a UUIDv4), URI, or slug of the client.","type":"array","items":{"type":"string"}}},"example":{"client_list":["Client1","Client2"],"inherit_attributes":true}}}],"responses":{"201":{"description":"Client added to ClientGroup.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-ClientGroup Association","type":"array","items":{"type":"object","title":"Resource","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]}},"207":{"description":"Client added to ClientGroup.","schema":{"allOf":[{"type":"object","properties":{"association_response":{"description":"List of successful Client-ClientGroup Association","type":"array","items":{"type":"object","title":"Resource","properties":{"client_group_id":{"type":"string","description":"UUID of CTE ClientGroup."},"client_id":{"type":"string","description":"UUID of CTE Client."},"client_group_name":{"type":"string","description":"Name of CTE ClientGroup."},"client_name":{"type":"string","description":"Name of CTE Client."}}}},"num_failed_association":{"type":"integer","description":"Number of clients failed to get associated. It shall be 0 in case all clients get successfully associated"},"failed_associations":{"type":"string","description":"Failed client with the reason for failure provided in a Key-Value pair where key is Client-Identifier and value is the failure reason along with return code.\nIt shall be nil in case all clients get successfully associated\n","format":"JSON"}}}]},"examples":{"application/json":{"association_response":[{"id":"bb9588ad-3c18-4bb4-9571-b90caa2f6675","uri":"kylo:kylo:henry:clientgroupclientassn:bb9588ad-3c18-4bb4-9571-b90caa2f6675","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-04-04T09:57:18.490128478Z","updatedAt":"2020-04-04T09:57:18.490128478Z","client_group_id":"4687c178-5579-40f2-9a64-48cb6196fe4f","client_id":"cb68453a-234f-44f1-abf6-8e93509ae955","client_group_name":"CG1","client_name":"ubuntu_vm"}],"num_failed_association":1,"failed_associations":{"centos_vm":{"reason":"AddBulkClientToClientGroup : Failed to create Client-ClientGroup Association. Error:could not create clientgroupclientassn as it already exists","return_code":409}}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List Clients in ClientGroup","description":"Returns the list of clients in a ClientGroup.\n","tags":["CTE/ClientGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE ClientGroup. This can be the ID (a UUIDv4), URI, or slug (which is the last component of the URI).","type":"string","required":true},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter the results by name of client."},{"name":"num_errors","in":"query","required":false,"type":"integer","description":"Filter clients which have number of errors EQUAL to this value."},{"name":"num_gp_errors","in":"query","required":false,"type":"integer","description":"Filter clients which have number of GuardPoint errors EQUAL to this value."},{"name":"num_warnings","in":"query","required":false,"type":"integer","description":"Filter clients which have number of warnings EQUAL to this value."},{"name":"client_health_status","in":"query","required":false,"type":"string","description":"Filter clients by client health status. Valid values are UNREGISTERED, ERROR, WARNING, HEALTHY, EXPUNGED, WAITING FOR CONNECTION, NOT CONNECTED.\nTo filter clients by multiple status provide comma-delimited list of status.\nFor example: HEALTHY,WARNING\n...will filter clients which have HEALTHY or WARNING client health status.\n"},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS and AIX."},{"name":"client_version","description":"Filter clients by version of client.","in":"query","required":false,"type":"string"},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter clients by profile name."},{"name":"profile_id","in":"query","required":false,"description":"Filter clients by profile identifier.","type":"string"},{"name":"ldt_enabled","description":"Filter clients by ldt_enabled flag.","in":"query","required":false,"type":"boolean"},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"pem_type":"fs_vmd","password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,ES,CBCCS1","enabled_capabilities":"LDT,ES","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":""},{"id":"3604b51e-17d7-4d85-abc5-a414114966d3","uri":"kylo:kylo:henry:client:10.164.13.18","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de5c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"pem_type":"fs_vmd","password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,ES,CBCCS1","enabled_capabilities":"LDT,ES","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":""}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true}],"post":{"summary":"Create","description":"Adds a new CTE GuardPoint to the ClientGroup.","tags":["CTE/ClientGroups-GuardPoints"],"parameters":[{"name":"body","in":"body","description":"CTE GuardPoint creation parameters.","schema":{"type":"object","title":"Create GuardPoint","required":["guard_paths","guard_point_params"],"properties":{"guard_paths":{"description":"List of GuardPaths to be created.","type":"array","items":{"type":"string"}},"guard_point_params":{"description":"Parameters for creating a GuardPoint.","type":"object","required":["policy_id","guard_point_type"],"properties":{"guard_point_type":{"description":"Type of the GuardPoint. The valid values are “directory_auto”, “directory_manual”, “rawdevice_manual”,\n“rawdevice_auto”, “cloudstorage_auto”, “cloudstorage_manual”, or \"ransomware\".\n","type":"string"},"automount_enabled":{"description":"Whether automount is enabled with the GuardPoint. Supported for Standard and LDT policies.","type":"boolean"},"policy_id":{"description":"ID of the policy which is applied with this GuardPoint. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Whether to preserve sparse file regions. Available on LDT enabled clients only. The default value is true. If you disable the setting, it cannot be enabled again. Supported for Standard and LDT policies.","type":"boolean"},"cifs_enabled":{"description":"Whether to enable CIFS. Available on LDT enabled windows clients only. The default value is false. If you enable the setting, it cannot be disabled. Supported for only LDT policies.","type":"boolean"},"data_classification_enabled":{"description":"Whether data classification (tagging) is enabled. Enabled by default if the aligned policy contains ClassificationTags. Supported for Standard and LDT policies.","type":"boolean"},"data_lineage_enabled":{"description":"Whether data lineage (tracking) is enabled. Enabled only if data classification is enabled. Supported for Standard and LDT policies.","type":"boolean"},"early_access":{"description":"Whether secure start (early access) is turned on. Secure start is applicable to Windows clients only. Supported for Standard and LDT policies. The default value is false.","type":"boolean"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"network_share_credentials_id":{"description":"ID/Name of the credentials if the GuardPoint is applied to a network share. Supported for only LDT policies.","type":"string"},"intelligent_protection":{"description":"Flag to enable intelligent protection for this GuardPoint. This flag is valid for GuardPoints with classification based policy only. Can only be set during GuardPoint creation.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether to enable MFA (Multi Factor Authentication).","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}},"example":{"guard_paths":["/opt/path1/","/opt/path2"],"guard_point_params":{"guard_point_type":"directory_auto","policy_id":"TestPolicy","data_classification_enabled":false,"data_lineage_enabled":false,"early_access":true,"preserve_sparse_regions":true}}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path1/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true},"status_code":201},{"guardpoint":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path2/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true},"status_code":201}],"failed_guard_points":[{"guard_path":"/opt/path3","error":"Duplicate Path","status_code":409},{"guard_path":"/opt/path4","error":"Duplicate Path","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List","description":"Returns the list of GuardPoints added to a ClientGroup. The results can be filtered using the query parameters.\n","tags":["CTE/ClientGroups-GuardPoints"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"uri_list","in":"query","required":false,"type":"string","description":"Filter the results by uri. To fetch multiple resources provide comma-delimited list of uri."},{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter the results by policy id of GuardPoint. MUST be a UUID value."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter the results by policy name of GuardPoint."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guard enabled values of GuardPoint. Valid values are Yes/No and True/False."},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by GuardPath of GuardPoint."},{"name":"mfa_enabled","description":"Filter GuardPoints based on MFA status - enabled or not.","in":"query","required":false,"type":"boolean"},{"name":"type","in":"query","required":false,"type":"string","description":"Filter the results by type of GuardPoint. Valid values are CLIENT and CLIENTGROUP."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by createdAt, guard_enabled, type, guard_point_state, policy_id and policy_name. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n -createdAt\n\n...will sort the results by `createdAt`, descending.\n"},{"name":"native_domain","in":"query","required":false,"type":"string","description":"Filter result based on the native domain, that is, the domain where the resource is created. \nIt will be relevant when some resources are shared across multiple domains.\nUse a comma-separated list to pass names of multiple domains in one go.\n"},{"name":"fetch_current_domain_resources_only","description":"Filter resources belonging to the current domain only.","in":"query","required":false,"type":"boolean"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true},{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"","client_group_id":"89a8ed59-e52e-4fad-a830-e57789e661db","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/testuser2/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/upload-list":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true}],"post":{"summary":"Upload","description":"Creates a large number of GuardPoints using a CSV file. List the required GuardPaths in the CSV file. Set the content type to multipart/form-data and provide the pathfile and param as form-data.","tags":["CTE/ClientGroups-GuardPoints"],"consumes":["multipart/form-data"],"parameters":[{"name":"pathfile","in":"formData","type":"file"},{"name":"param","in":"formData","type":"string","description":"Create GuardPoint parameters, for example: {\"guard_point_type\": \"directory_auto\",\"policy_id\": \"TestPolicy\"}\n"}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully created GuardPoints.","type":"array","items":{"type":"object","properties":{"guardpoint":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]}},"status_code":{"description":"Status code for deleted client.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to create.","type":"array","items":{"type":"object","properties":{"guard_path":{"description":"path of guard_point.","type":"string"},"error":{"description":"Error reason.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path1/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true},"status_code":201},{"guardpoint":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"89a8ed59-e52e-4fad-a830-e52267e661db","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/home/path2/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true},"status_code":201}],"failed_guard_points":[{"guard_path":"/opt/path3","error":"Duplicate Path","status_code":409},{"guard_path":"/opt/path4","error":"Duplicate Path","status_code":409}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/unguard/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true}],"patch":{"summary":"Unguard GuardPoints","description":"Unguards multiple GuardPoints from a ClientGroup.\n","tags":["CTE/ClientGroups-GuardPoints"],"parameters":[{"name":"body","in":"body","description":"CTE GuardPoint bulk unguard parameters.","schema":{"type":"object","title":"Unguard GuardPoints","required":["guard_point_id_list"],"properties":{"guard_point_id_list":{"description":"Comma-separated IDs of GuardPoints to be dissociated from a ClientGroup. The IDs can be the Name, ID (a UUIDv4), URI, or slug of the ClientGroup.","type":"array","items":{"type":"string"}}},"example":{"guard_point_id_list":["id1","id2"]}}}],"responses":{"207":{"description":"Multi-Status","schema":{"allOf":[{"type":"object","properties":{"guardpoints":{"description":"List of successfully unguarded guard_points.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"status_code":{"description":"Status code for success.","type":"integer"}}}},"failed_guard_points":{"description":"List of guard_points which are failed to unguard.","type":"array","items":{"type":"object","properties":{"guard_point_id":{"description":"ID of guard_point.","type":"string"},"guard_path":{"description":"Path of guard_point.","type":"string"},"error":{"description":"Error reaon.","type":"string"},"status_code":{"description":"Failed status code for guard_point.","type":"integer"}}}}}}]},"examples":{"guardpoints":[{"guard_point_id":"b940678b-6ba1-4598-8e61-9762d2ac033f","guard_path":"/opt/path1","status_code":204}],"failed_guard_points":[{"guard_point_id":"id2","guard_path":"","error":"record not found","status_code":404}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/{guardpointId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Update","description":"Modify GuardPoint parameters. The parameters to be modified are placed in the body parameters. There is no default value for parameters.\n","tags":["CTE/ClientGroups-GuardPoints"],"parameters":[{"name":"body","in":"body","description":"CTE GuardPoint parameters.","schema":{"type":"object","title":"Modify GuardPoint.","properties":{"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"network_share_credentials_id":{"description":"ID/Name of the credentials if the GuardPoint is applied to a network share. Supported for only LDT policies.","type":"string"},"mfa_enabled":{"description":"Whether to enable MFA (Multi Factor Authentication) or not.","type":"boolean"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block).","type":"string"}},"example":{"guard_enabled":false,"network_share_credentials_id":"test-credentials"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns details of a GuardPoint with the given id.\n","tags":["CTE/ClientGroups-GuardPoints"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser2/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/{guardpointId}/unguard":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE ClientGroup.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Unguard","description":"Unguards a GuardPoint from a ClientGroup.\n","tags":["CTE/ClientGroups-GuardPoints"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"DELETE","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/{guardpointId}/early-access":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE Client Group.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Update Early Access on GuardPoint","description":"Enables or disables early access on a GuardPoint. Supported for Standard and LDT policies.\n","tags":["CTE/ClientGroups-GuardPoints"],"parameters":[{"name":"body","in":"body","description":"CTE Guardpoint Early Access value.","schema":{"type":"object","title":"Modify GuardPoint Early Access.","required":["early_access"],"properties":{"early_access":{"description":"Whether to enable early access on the GuardPoint.","type":"boolean"}},"example":{"early_access":true}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"DELETE","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{clientGroupId}/guardpoints/{guardpointId}/preserve-sparse-regions-off":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"clientGroupId","in":"path","type":"string","description":"An identifier of the CTE Client Group.\nThis can be the ID (a UUIDv4), URI, or name of ClientGroup.\n","required":true},{"name":"guardpointId","in":"path","type":"string","description":"An identifier of the CTE GuardPoint.\nThis can be either the ID (a UUIDv4) or URI of GuardPoint.\n","required":true}],"patch":{"summary":"Turn Off Preserve Spase Region","description":"Turn off preserve sparse regions on the GuardPoint. Supported for Standard and LDT policies.\n","tags":["CTE/ClientGroups-GuardPoints"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":false,"automount_enabled":false,"guard_path":"/home/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":false,"early_access":true}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clientgroups/{id}/ldtpause/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Send LDT Suspend/Resume Request to CTE ClientGroup","description":"Creates and sends an LDT suspend/resume request to all clients of a CTE ClientGroup.","tags":["CTE/ClientGroups"],"parameters":[{"name":"body","in":"body","description":"CTE ClientGroup LDT Suspend/Resume parameters.","schema":{"type":"object","title":"CTE ClientGroup LDT Suspend/Resume parameters","required":["paused"],"properties":{"paused":{"description":"Suspend/resume the rekey operation on an LDT GuardPoint. Set the value to true to pause (suspend) the rekey. Set the value to false to resume rekey.","type":"boolean"}},"example":{"paused":true}}}],"responses":{"201":{"description":"OK"},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/ldtpause/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Send LDT Suspend/Resume Request to CTE Client","description":"Creates and sends an LDT suspend/resume request to a client.","tags":["CTE/Clients"],"parameters":[{"name":"body","in":"body","description":"CTE Client LDT Suspend/Resume parameters.","schema":{"type":"object","title":"CTE Client LDT Suspend/Resume parameters","required":["paused"],"properties":{"paused":{"description":"Suspend/resume the rekey operation on an LDT GuardPoint. Set the value to true to pause (suspend) the rekey. Set the value to false to resume rekey.","type":"boolean"}},"example":{"paused":true}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Status of Request (OK or FAIL).","type":"string"},"reference_id":{"description":"Reference ID for the request.","type":"string"}}},"examples":{"status":"OK","reference_id":"kCLyiYReaBVPfyIN"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/validatecosparams/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Validate Cloud Object Storage","description":"Validates the AWS S3 bucket before creating a GuardPoint for it.","tags":["CTE/CloudObjectStorage"],"parameters":[{"name":"body","in":"body","description":"CTE AWS S3 Bucket validation parameters","schema":{"type":"object","title":"Validate AWS S3 bucket","required":["access_key_id","secret_access_key","bucket_url"],"properties":{"access_key_id":{"type":"string","description":"ID of the AWS access key."},"secret_access_key":{"type":"string","description":"AWS secret access key."},"bucket_url":{"type":"string","description":"Complete URL of the S3 bucket."},"bucket_region":{"type":"string","description":"Region of the bucket. Specify if the bucket URL does not contain the region."}},"example":{"access_key_id":"AKUIYYHDNJ6574HKDJ","secret_access_key":"Jvxhd34fpvnrunjn+jfmmkGTVVgnh0ZUU","bucket_url":"https://s3.amazonaws.com/henrytest","bucket_region":"us-east-1"}}}],"responses":{"200":{"description":"OK","schema":{"type":"string"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/clients/{id}/challenge-response/{challenge}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"challenge","in":"path","type":"string","description":"The challenge string generated on CTE client.","required":true}],"get":{"summary":"Get Challenge-Response","description":"Returns a response for the password challenge.\nWhen the CipherTrust Manager is unreachable from a protected client, the data stored in GuardPoints on the client cannot be accessed without the challenge-response.\nSpecify the client `id` and the `challenge` generated on that client when making the API call.\n","tags":["CTE/Clients"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"challenge_response":{"description":"When the CipherTrust Manager is unreachable from a protected client, the data stored in GuardPoints on the client cannot be accessed without the challenge-response.","type":"object","items":{"type":"object","properties":{"response_part1":{"description":"challenge response part 1.","type":"string"},"response_part2":{"description":"challenge response part 2.","type":"string"},"response_part3":{"description":"challenge response part 3.","type":"string"},"response_part4":{"description":"challenge response part 4.","type":"string"}}}}}}]},"examples":{"challenge_response":{"response_part1":"LVH3-4FWX-SROO-IL5X","response_part2":"45VH-WOWY-N5NW-SFIC","response_part3":"RMVC-OEMG-L5FL-TV2K","response_part4":"Z7Z7-WJ2G-EQIF-ROOT"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/compatibility-matrix":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Upload the kernel Compatibility Matrix (only .tgz files). Set the content type to multipart/form-data and provide the file as form-data.\nThe CipherTrust Manager uses the Compatibility Matrix to automatically match the kernels running on the registered clients.\nIf a client is running an incompatible kernel, its status becomes Warning on the GUI.\n","tags":["CTE/Clients"],"consumes":["multipart/form-data"],"parameters":[{"name":"kernelJSONFile","in":"formData","type":"file"}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"75d386c3-c58d-4def-98b6-63b02838bdb5","uri":"kylo:kylo:henry:kernelversion:75d386c3-c58d-4def-98b6-63b02838bdb5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-11-02T12:36:56.46491092Z","updatedAt":"2020-11-02T12:36:56.46491092Z","MAPPING":{"MAPPING":[{"OS":"AL2017.09","KERNEL":[{"NUM":"4.9.51-10.52.amzn1.x86_64","START":"6.0.3.18","END":"0"},{"NUM":"4.9.58-18.51.amzn1.x86_64","START":"6.0.3.18","END":"0"},{"NUM":"4.9.58-18.55.amzn1.x86_64","START":"6.0.3.18","END":"0"}]}]}}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}},"get":{"summary":"Get","description":"Get a kernel compatibility-matrix.","produces":["text/plain"],"tags":["CTE/Clients"],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Delete","description":"Delete a kernel compatibility-matrix.","tags":["CTE/Clients"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/idtkeyrules/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true}],"get":{"summary":"List","description":"Returns the list of IDT key rules added to the CipherTrust Manager. The results can be filtered using the query parameters.\n","tags":["CTE/Policies-IDTRules"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"current_key":{"description":"ID of the key currently linked with the rule.","type":"string"},"transformation_key":{"description":"ID of the transformation key to link with the rule.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","current_key":"clear_key","transformation_key":"MyKey"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/policies/{policyId}/idtkeyrules/{idtRuleId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policyId","in":"path","type":"string","description":"An identifier of the CTE Policy.\nThis can be the ID (a UUIDv4), URI, or name of Policy.\n","required":true},{"name":"idtRuleId","in":"path","type":"string","description":"An identifier of the CTE IDT Key Rule.\nThis can be either the ID (a UUIDv4) or URI of Rule.\n","required":true}],"patch":{"summary":"Update","description":"Modifies the IDT rule parameters. The parameters to be modified are placed in the body parameters. There is no default value for these parameters.\n","tags":["CTE/Policies-IDTRules"],"parameters":[{"name":"body","in":"body","description":"CTE IDT Rule parameters.","schema":{"type":"object","title":"Modify IDT Rule","properties":{"current_key":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id.\n**Note**: For decryption, where a clear key is to be supplied, use the string \"clear_key\" only. Do not specify any other identifier.\n","type":"string"},"current_key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"},"transformation_key":{"description":"Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid or key_id.\n","type":"string"},"transformation_key_type":{"description":"Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred.","type":"string"}},"example":{"transformation_key":"MyKey"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"current_key":{"description":"ID of the key currently linked with the rule.","type":"string"},"transformation_key":{"description":"ID of the transformation key to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","current_key":"clear_key","transformation_key":"MyKey"}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get","description":"Returns the details of a key rule with the given id.\n","tags":["CTE/Policies-IDTRules"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"description":"Unique identifier for the Policy with which the Key Rule aligned.","type":"string"},"current_key":{"description":"ID of the key currently linked with the rule.","type":"string"},"transformation_key":{"description":"ID of the transformation key to link with the rule.","type":"string"}}}]},"examples":{"application/json":{"id":"1261e65c-4f03-428a-b14d-385a7d8e975d","policy_id":"548d8d6e-c27e-4a51-8754-b86d373e148c","current_key":"clear_key","transformation_key":"MyKey"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Client Health report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"status","in":"query","required":false,"type":"string","description":"Filter clients by client health status. Valid values are UNREGISTERED, ERROR, WARNING, HEALTHY, EXPUNGED, WAITING FOR CONNECTION, NOT CONNECTED.\nTo filter clients by multiple status provide comma-delimited list of status.\nFor example: HEALTHY,WARNING\n...will filter clients which have HEALTHY or WARNING client health status.\n"},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, AIX and UNKNOWN. To filter clients by multiple os provide comma-delimited list of os."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,status,os_type,total_gp,enabled_gp.\nFor example:\n\n client_name,-status\n\n...will sort the results first by `client_name`, ascending, then by `status`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of Operation System. Ex. RHEL, Windows 7","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED or UNREGISTERED","type":"string"},"total_gp":{"description":"Number of GuardPoint on client.","type":"integer"},"enabled_gp":{"description":"Number of enabled GuardPoint on client.","type":"integer"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","account":"kylo:kylo:admin:accounts:kylo","os_type":"UNKNOWN","os_sub_type":"","os_kernel":"","client_version":"","status":"UNREGISTERED","total_gp":1,"enabled_gp":0}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients/download/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Returns the Client Health report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"status","in":"query","required":false,"type":"string","description":"Filter clients by client health status. Valid values are UNREGISTERED, ERROR, WARNING, HEALTHY, EXPUNGED, WAITING FOR CONNECTION, NOT CONNECTED.\nTo filter clients by multiple status provide comma-delimited list of status.\nFor example: HEALTHY,WARNING\n...will filter clients which have HEALTHY or WARNING client health status.\n"},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, AIX and UNKNOWN. To filter clients by multiple os provide comma-delimited list of os."},{"name":"addon_fields","in":"query","required":false,"type":"string","description":"Fields to be added in the downloaded report. Valid values are os_type, os_sub_type, os_kernel, client_version, total_gp, and enabled_gp."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,status,os_type,total_gp,enabled_gp.\nFor example:\n\n client_name,-status\n\n...will sort the results first by `client_name`, ascending, then by `status`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-keys/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Client Keys report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"key_name","in":"query","required":false,"type":"string","description":"Filter report by Key name."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,key_name.\nFor example:\n\n client_name,-key_name\n\n...will sort the results first by `client_name`, ascending, then by `key_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"keys_name":{"description":"Name of configured Key.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","account":"kylo:kylo:admin:accounts:kylo","key_name":"MyKey"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-keys/download/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Client Keys report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"key_name","in":"query","required":false,"type":"string","description":"Filter report by Key name."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,key_name.\nFor example:\n\n client_name,-key_name\n\n...will sort the results first by `client_name`, ascending, then by `key_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-profiles/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Client Profile report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter report by Profile name."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,profile_name.\nFor example:\n\n client_name,-profile_name\n\n...will sort the results first by `client_name`, ascending, then by `profile_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"profile_name":{"description":"Name of configured Profile.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","account":"kylo:kylo:admin:accounts:kylo","profile_name":"MyProfile"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-profiles/download/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Client Profiles report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"profile_name","in":"query","required":false,"type":"string","description":"Filter report by Profile name."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,profile_name.\nFor example:\n\n client_name,-profile_name\n\n...will sort the results first by `client_name`, ascending, then by `profile_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-policies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Clients Policies report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, AIX and UNKNOWN. To filter clients by multiple os provide comma-delimited list of os."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter report by Policy type. Valid values are “Standard”, “LDT”, \"IDT\" and “Cloud_Object_Storage”."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,policy_type,os_type,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"policy_type":{"description":"HostName or IP Address of Client.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","account":"kylo:kylo:admin:accounts:kylo","os_type":"LINUX","policy_name":"MyPolicy","policy_type":"STANDARD","guard_enabled":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-policies/download/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Clients Policies report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"os_type","in":"query","required":false,"type":"string","description":"Filter clients by os type of client.Valid values are LINUX, WINDOWS, AIX and UNKNOWN. To filter clients by multiple os provide comma-delimited list of os."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter report by Policy type. Valid values are “Standard”, “LDT”, \"IDT\" and “Cloud_Object_Storage”."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"omit_fields","in":"query","required":false,"type":"string","description":"Fields to be omitted from the report. Valid values are os_type, policy_type, and guard_enabled."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,policy_type,os_type,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/policies-keys/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Policies Keys report for the resources available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter report by Policy type. Valid values are “Standard”, “LDT”, \"IDT\" and “Cloud_Object_Storage”."},{"name":"key_name","in":"query","required":false,"type":"string","description":"Filter the results by Key Name."},{"name":"sort","in":"query","default":"policy_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are policy_name,policy_type,key_name.\nFor example:\n\n key_name,-policy_name\n\n...will sort the results first by `key_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"policy_type":{"description":"HostName or IP Address of Client.","type":"string"},"keys_name":{"description":"Name of configured Key.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","key_name":"MyKey","account":"kylo:kylo:admin:accounts:kylo","policy_name":"MyPolicy","policy_type":"STANDARD"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/policies-keys/download/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Policies Keys report for the resources available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"policy_type","in":"query","required":false,"type":"string","description":"Filter report by Policy type. Valid values are “Standard”, “LDT”, \"IDT\" and “Cloud_Object_Storage”."},{"name":"key_name","in":"query","required":false,"type":"string","description":"Filter the results by Key Name."},{"name":"sort","in":"query","default":"policy_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are policy_name,policy_type,key_name.\nFor example:\n\n key_name,-policy_name\n\n...will sort the results first by `key_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/guardpoints/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the GuardPoints report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"guard_point_type","in":"query","required":false,"type":"string","description":"Filter report by GuardPoint type. To filter using multiple values, provide comma-delimited list of type. The options are - directory_auto - directory_manual - rawdevice_manual - rawdevice_auto - cloudstorage_auto - cloudstorage_manual"},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by guard path of Guardpoint."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,guard_point_type,guard_path,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"guard_point_type":{"description":"Type of the GuardPoint, that is, directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","account":"kylo:kylo:admin:accounts:kylo","guard_path":"/opt/pqr","policy_name":"MyPolicy","guard_point_type":"directory_auto","guard_enabled":true}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/guardpoints/download/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the GuardPoints report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"guard_point_type","in":"query","required":false,"type":"string","description":"Filter report by GuardPoint type. To filter using multiple values, provide comma-delimited list of type. The options are - directory_auto - directory_manual - rawdevice_manual - rawdevice_auto - cloudstorage_auto - cloudstorage_manual"},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by guard path of Guardpoint."},{"name":"omit_fields","in":"query","required":false,"type":"string","description":"Fields to be omitted from the report. Valid values are guard_point_type and guard_enabled."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,guard_point_type,guard_path,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-guard-status/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the Clients GuardPoint Status report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of Guardpoint. Valid values are ACTIVE, INACTIVE, UNKNOWN, DISABLED. To filter using multiple values, provide comma-delimited list."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by guard path of Guardpoint."},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,guard_point_state,guard_path,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"domain_name":{"description":"Name of the domain.","type":"string"},"client_name":{"description":"HostName or IP Address of Client.","type":"string"},"policy_name":{"description":"Name of CTE Policy.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"guard_point_state":{"description":"Current state of GuardPoint e.g. UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"rekey_status":{"description":"Status of the rekey operation at CTE.","type":"string"},"est_rekey_time":{"description":"Estimated Rekey time in Day:Hour:Min.","type":"string"},"rekey_start_time":{"description":"Rekey start time.","type":"string"},"rekey_end_time":{"description":"Rekey end time.","type":"string"},"total_file":{"description":"Total files to be Transformed.","type":"integer"},"file_rekeyed":{"description":"Total files Transformed.","type":"integer"},"file_deleted":{"description":"Total Number of Files Deleted.","type":"integer"},"file_skipped":{"description":"Total files skipped.","type":"integer"},"total_size":{"description":"Total bytes to be Transformed.","type":"integer"},"byte_rekeyed":{"description":"Total bytes Transformed.","type":"integer"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"domain_name":"domain_1","client_name":"Client_1","account":"kylo:kylo:admin:accounts:kylo","guard_path":"/opt/pqr","policy_name":"MyPolicy","guard_point_state":"ACTIVE","guard_enabled":true,"rekey_status":"REKEYED","est_rekey_time":"000:00:00","rekey_start_time":"2020-10-30 07:56:31","rekey_end_time":"2020-10-30 07:56:32","total_file":10,"file_rekeyed":10,"file_deleted":0,"file_skipped":0,"total_size":204800,"byte_rekeyed":204800}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/reports/clients-guard-status/download/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Download Report","description":"Download the Clients GuardPoint Status report for the CTE Clients available on the appliance. The results can be filtered using the query parameters.\n","tags":["CTE/Reports"],"produces":["application/pdf","text/plain"],"parameters":[{"name":"domain_name","in":"query","required":false,"type":"string","description":"Filter reports by domain name.\nTo filter reports by multiple domains, provide comma-delimited list of domains.\nFor example: domain1,domain2\n"},{"name":"report_type","in":"query","required":true,"type":"string","description":"Type of Report. Valid values are csv and pdf."},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter report by Client name."},{"name":"client_type","in":"query","required":false,"type":"string","description":"Filter clients by Client type. Valid values are FS, CSI, CTE-U."},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter report by Policy name."},{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of Guardpoint. Valid values are ACTIVE, INACTIVE, UNKNOWN, DISABLED. To filter using multiple values, provide comma-delimited list."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guardpath enable state i.e. True or False"},{"name":"guard_path","in":"query","required":false,"type":"string","description":"Filter the results by guard path of Guardpoint."},{"name":"addon_fields","in":"query","required":false,"type":"string","description":"Additional fields that can be added to the report. Maximum of 2 additional fields can be added for PDF reports. Valid values are guard_enabled, rekey_status, est_rekey_time, rekey_start_time, rekey_end_time, total_file, file_deleted, file_skipped, total_size, byte_rekeyed, file_rekeyed"},{"name":"exclude_domain_sharing_data","in":"query","required":false,"type":"boolean","description":"Whether to exclude domain sharing data in reports or not. Valid values are true/false."},{"name":"sort","in":"query","default":"client_name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nValid values are client_name,policy_name,guard_point_state,guard_path,guard_enabled.\nFor example:\n\n client_name,-policy_name\n\n...will sort the results first by `client_name`, ascending, then by `policy_name`, descending.\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"file"}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"403":{"description":"Forbidden","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/csigroups/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a CTE CSI storage group on the CipherTrust Manager.","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"body","in":"body","description":"CTE CSI storage group creation parameters.","schema":{"type":"object","title":"Create CTE CSI Storage Group","required":["name","k8s_namespace","k8s_storage_class"],"properties":{"name":{"description":"Name to uniquely identify the CSI storage group. This name will be visible on the CipherTrust Manager.","type":"string"},"k8s_namespace":{"description":"Name of the K8s namespace.","type":"string"},"k8s_storage_class":{"description":"Name of the K8s StorageClass.","type":"string"},"description":{"description":"Optional description for the storage group.","type":"string"},"client_profile":{"description":"Optional Client Profile for the storage group. If not provided, the default profile will be used.","type":"string"}},"example":{"name":"CSIStorageGroup_1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSIStorageGroup","client_profile":"DefaultClientProfile"}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]},"examples":{"application/json":{"id":"aa360d01-2cd6-4129-b376-753f882b4e67","uri":"kylo:kylo:henry:storagegroup:csistoragegroup_1:aa360d01-2cd6-4129-b376-753f882b4e67","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-20T08:11:30.292240179Z","updatedAt":"2021-09-20T08:11:30.292240179Z","name":"CSIStorageGroup_1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSIStorageGroup","client_profile_name":"DefaultClientProfile","client_profile_id":"bb360d01-2cd6-4129-b376-753f882b4e676"}}}}},"get":{"summary":"List","description":"Returns the list of CSI storage groups. The results can be filtered using the query parameters. The sorting can be done by `name`, `k8s_namespace`, and `k8s_storage_class`.\n","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter the results by name of CSI storage groups. Use wildcards to search for CSI storage groups matching the specified pattern in their names."},{"name":"k8s_namespace","in":"query","required":false,"type":"string","description":"Filter the results by namespace of CSI storage groups. Use wildcards to search for CSI storage groups matching the specified pattern in their namespaces."},{"name":"k8s_storage_class","in":"query","required":false,"type":"string","description":"Filter the results by StorageClass of CSI storage groups. Use wildcards to search for CSI storage groups matching the specified pattern in their StorageClasses."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"5bb9802d-5792-43a0-a207-1fb8750d7255","uri":"kylo:kylo:henry:storagegroup:csistoragegroup_1-5bb9802d-5792-43a0-a207-1fb8750d7255","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-20T03:33:03.336094Z","updatedAt":"2021-09-20T03:34:03.336094Z","name":"CSIStorageGroup_1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSIStorageGroup","client_profile_name":"DefaultClientProfile","client_profile_id":"bb360d01-2cd6-4129-b376-753f882b4e676"}]}}}}}},"/v1/transparent-encryption/csigroups/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a CSI storage group with the given id.","tags":["CTE/CSIStorageGroups"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]},"examples":{"application/json":[{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:storagegroup:csi_sg1-dadf478d-baf6-41a6-b00e-92efbf2bd5c3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-20T09:06:16.16117433Z","updatedAt":"2021-09-20T10:00:00Z","name":"csi_sg1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSI StorageGroup","client_profile_name":"DefaultClientProfile","client_profile_id":"bb360d01-2cd6-4129-b376-753f882b4e676"}]}},"404":{"description":"CSI storage group not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the details of a CSI storage group with the given id.","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"body","in":"body","description":"CSI storage group parameters to be modified.\n","schema":{"type":"object","title":"Update CSI StorageGroup","properties":{"description":{"description":"Description of the storage group.","type":"string"},"client_profile":{"description":"Client profile for the storage group.","type":"string"}},"example":{"description":"Test"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"k8s_namespace":{"description":"k8s_namespace name.","type":"string"},"k8s_storage_class":{"description":"k8s_storage_class name.","type":"string"},"description":{"description":"Description of CSI Storage Group.","type":"string"},"client_profile_id":{"description":"Client Profile ID of CSI Storage Group.","type":"string"},"client_profile_name":{"description":"Client Profile Name of CSI Storage Group.","type":"string"}}}]},"examples":{"application/json":{"id":"dadf478d-baf6-41a6-b00e-92efbf2bd5c3","uri":"kylo:kylo:henry:storagegroup:csi_sg1-dadf478d-baf6-41a6-b00e-92efbf2bd5c3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-20T09:06:16.16117433Z","updatedAt":"2021-09-20T10:00:00Z","name":"csi_sg1","k8s_namespace":"K8sNamespace_1","k8s_storage_class":"K8sStorageClass_1","description":"Test CSI StorageGroup","client_profile_name":"DefaultClientProfile","client_profile_id":"bb360d01-2cd6-4129-b376-753f882b4e676"}}},"404":{"description":"CSI StorageGroup not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a CSI storage group with the given id from the CipherTrust Manager.\n","tags":["CTE/CSIStorageGroups"],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"404":{"description":"CSI storage group not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/transparent-encryption/csigroups/{id}/clients/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Clients to Storage Group","description":"Adds CSI clients to an existing storage group.","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"body","in":"body","description":"CTE storage group and client association parameters.","schema":{"type":"object","title":"Add Clients to Storage Group","required":["client_list"],"properties":{"client_list":{"description":"List of identifiers of clients to be associated with the client group. This identifier can be the name or UUID.","type":"array","items":{"type":"string"}}},"example":{"client_list":["Client1","Client2"]}}}],"responses":{"201":{"description":"Client added to storage group.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"storage_group_id":{"type":"string","description":"UUID of CTE Storage Group."},"client_id":{"type":"string","description":"UUID of CTE Client."},"storage_group_name":{"type":"string","description":"Name of CTE Storage Group."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]}},"207":{"description":"Client added to storage group.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"storage_group_id":{"type":"string","description":"UUID of CTE Storage Group."},"client_id":{"type":"string","description":"UUID of CTE Client."},"storage_group_name":{"type":"string","description":"Name of CTE Storage Group."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"examples":{"application/json":{"association_response":[{"id":"bb9588ad-3c18-4bb4-9571-b90caa2f6675","uri":"kylo:kylo:henry:storagegroupclientassn:bb9588ad-3c18-4bb4-9571-b90caa2f6675","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-04-04T09:57:18.490128478Z","updatedAt":"2020-04-04T09:57:18.490128478Z","storage_group_id":"4687c178-5579-40f2-9a64-48cb6196fe4f","client_id":"cb68453a-234f-44f1-abf6-8e93509ae955","storage_group_name":"SG1","client_name":"ubuntu_vm"}],"num_failed_association":1,"failed_associations":{"centos_vm":{"reason":"Failed to attach client to group","return_code":422}}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List Clients in Storage Group","description":"Returns the list of clients in a storage group. The sorting can be done by `name`, `id`, `num_errors`, `num_gp_errors`, `num_warnings`, `client_health_status`, `profile_id`, `profile_name`, `updatedAt`, `createdAt`, and `client_type`.\n","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"client_name","in":"query","required":false,"type":"string","description":"Filter the results by name of client."},{"name":"client_id","in":"query","required":false,"type":"string","description":"Filter the results by UUID of client."},{"name":"client_health_status","in":"query","required":false,"type":"string","description":"Filter the results by health status of client. Multiple values can be provided separated by comma. Health status can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"os_type":{"description":"Operating system type of CTE client (windows or linux). Default value is `Unknown`.","type":"string"},"os_sub_type":{"description":"Flavour of operation system. For example, RHEL, Windows 7.","type":"string"},"client_reg_id":{"description":"Client ID generated after certificates are exchanged during registration.","type":"string"},"server_host_name":{"description":"Host name or IP address of the key server.","type":"string"},"description":{"description":"Description of the client.","type":"string"},"client_locked":{"description":"Whether to lock the client. Use this tag to lock/unlock the configuration of the File System Agent on the client. Locking the configuration prevents updates to policies on the client. The default value is false.","type":"boolean"},"system_locked":{"description":"Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.","type":"boolean"},"password_creation_method":{"description":"Method to create password (GENERATE, MANUAL). Default value is `GENERATE`.\nThe client uses this password as a wrapper to encrypt the data encryption key when it passes between the\nclient and the CipherTrust Manager k170v in the case of a CTE agent client, or saved to disk in the case of a VDE agent. This same\npassword is used for the challenge and response, to unlock the agent when there is no network connection\nbetween the client and the CipherTrust Manager k170v.\n\n`GENERATE` - When `GENERATE` is selected, the client user must request a new password from a CipherTrust Manager k170v\nadministrator each time a client password is required. If GENERATE is selected, the Regenerate Password\noption is displayed, select to download a new randomly generated password to the client. This new password\nwill be used to wrap the data encryption key.\n\n`MANUAL` - Enter the password for unlocking a GuardPoint when there is no server connection.\nPassword / Confirm Password, displayed when Password Creation Method is set to MANUAL, re-enter the\npassword.\n","type":"string"},"client_version":{"description":"Version of CTE Client.","type":"string"},"registration_allowed":{"description":"Is registration allowed for this client?","type":"boolean"},"communication_enabled":{"description":"Is communication enabled between k170v and CTE client?","type":"boolean"},"auth_binaries":{"description":"Array of authorized binaries in the privilege-filename pair JSON format.","type":"string"},"min_comm_version":{"description":"communication_version_min.","type":"integer"},"max_comm_version":{"description":"communication_version_max.","type":"integer"},"del_client":{"description":"Identifies that client delete is triggered.","type":"boolean"},"max_space_cache_log":{"description":"Maximum space for the cached logs.","type":"integer"},"max_num_cache_log":{"description":"Maximum number of logs to cache.","type":"integer"},"install_directory":{"description":"CTE client install directory.","type":"string"},"status_ref":{"description":"Reference value received from CTE client.","type":"integer"},"config_ref":{"description":"Reference value sent to CTE client.","type":"integer"},"auth_binaries_from":{"description":"ClientGroup name whose authentication binaries client has inherited.","type":"string"},"capabilities":{"description":"Comma separated agent capabilities. Available options are:\n\n`LDT` - Live Data Transformation. Implies `QOS` and `XRULE`.\n\n`ES` - Efficient Storage GuardPoint. Implies `XTS` and `IDT`.\n\n`DOCKER` - Docker Support. Avaiable on RedHat and CentOS Linux only.\n\n`IDT` - Inplace Data Transformation capable.\n\n`COS` - Cloud Storage Protection. Available for S3 only.\n\n`EKP` - Encryption Key Protection capable.\n\n`CLOG` - Concise Logging.\n\n`RESIGN` - Re-Sign Client Settings.\n\n`EA` - Secure Start GuardPoint. Available on Windows only.\n\n`CBCCS1` - CBC-CS1 encryption mode capable.\n\n`XTS` - XTS encryption mode capable.\n\n`QOS` - LDT rekey quality of service capable.\n\n`XRULE` - LDT key rule exclusion capable.\n","type":"string"},"enabled_capabilities":{"description":"Enable disabled feature(s). Separate multiple features by commas. The options are:\n\n`LDT` - Live Data Transformation.\n\n`EKP` - Encryption Key Protection.\n\n`ES` - Efficient Storage.\n","type":"string"},"attributes_from":{"description":"ClientGroup name whose attributes client has inherited.","type":"string"},"num_errors":{"description":"Number of errors on client.","type":"integer"},"num_gp_errors":{"description":"Number of GuardPoint errors on client.","type":"integer"},"num_warnings":{"description":"Number of warnings on client.","type":"integer"},"gp_errors":{"description":"GuardPoint errors on client.","type":"string"},"warnings":{"description":"Warnings on client.","type":"string"},"errors":{"description":"Errors on client.","type":"string"},"client_health_status":{"description":"Health status of client. Can be HEALTHY, ERROR, WARNING, WAITING FOR CONNECTION, NOT CONNECTED, or UNREGISTERED.","type":"string"},"disable_capability":{"description":"Disable an enabled feature. Only one capability can be disabled at a time. The options are:\n\n`LDT` - Live Data Transformation.\n","type":"string"},"profile_id":{"description":"Client profile which is to be cofigured for logger, logging, and QOS schedules custom cofiguration.\n"},"ldt_status":{"description":"LDT status of the CTE client.","type":"string"},"client_errors":{"description":"Errors reported by the CTE client.","type":"string"},"client_warnings":{"description":"Warnings reported by the CTE client.","type":"string"},"client_mfa_enabled":{"description":"Whether MFA is enabled on the CTE client.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:henry:client:10.164.13.17","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de7c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,ES,CBCCS1","enabled_capabilities":"LDT,ES","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":""},{"id":"3604b51e-17d7-4d85-abc5-a414114966d3","uri":"kylo:kylo:henry:client:10.164.13.18","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-16T09:56:28.946701Z","name":"10.164.13.17","updatedAt":"2019-07-16T09:56:28.946701Z","os_type":"LINUX","os_sub_type":"Red Hat Enterprise Linux Server release 7.4 (Maipo)","client_reg_id":"a1138c72-6ff1-4103-a626-90c219de5c7f","server_host_name":"10.164.115.18","description":"","client_locked":false,"system_locked":false,"one_way_communication":false,"password_creation_method":"GENERATE","client_version":9,"min_comm_version":0,"max_comm_version":0,"registration_allowed":true,"communication_enabled":true,"auth_binaries":null,"del_client":false,"max_space_cache_log":0,"max_num_cache_log":0,"install_directory":"/opt/vormetric/DataSecurityExpert","auth_binaries_from":"","status_ref":100536,"config_ref":78651,"capabilities":"LDT,DOCKER,ES,CBCCS1","enabled_capabilities":"LDT,ES","attributes_from":"","num_errors":0,"num_gp_errors":0,"num_warnings":0,"gp_errors":"{}","errors":"[]","warnings":"[]","client_health_status":"HEALTHY","ldt_status":""}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/csigroups/{id}/clients/{client_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"delete":{"summary":"Remove Client from Storage Group","description":"Removes a client with the given id from a storage group with the given id.","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE client. This identifier can be the name or UUID.","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"Get StorageGroup Client Association","description":"Returns the association between a storage group and a client.","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"client_id","in":"path","description":"An identifier of the CTE client. This identifier can be the name or UUID.","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"storage_group_id":{"type":"string","description":"UUID of CTE Storage Group."},"client_id":{"type":"string","description":"UUID of CTE Client."},"storage_group_name":{"type":"string","description":"Name of CTE Storage Group."},"client_name":{"type":"integer","description":"Name of CTE Client."}}}]},"examples":{"application/json":{"id":"f5d29707-6572-4ab8-8c14-aff8b7195664","uri":"kylo:kylo:henry:storagegroupclientassn:U5","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2018-05-23T16:19:56.428692275Z","updatedAt":"2018-05-23T16:19:56.428692275Z","storage_group_id":"79a27b89-7e02-4afa-85d2-8ac5d5677f23","client_id":"db0b7cd9-a27e-4334-bfd9-a3c375b07fde","storage_group_name":"StorageGroup1","client_name":"Client_1"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/csigroups/{id}/guardpoints/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add GuardPolicy to Storage Group","description":"Adds GuardPolicies to an existing storage group.","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"body","in":"body","description":"CSI storage group and guard policy association parameters.","schema":{"type":"object","title":"Add GuardPolicies to StorageGroup","required":["policy_list"],"properties":{"policy_list":{"description":"List of CSI policy identifiers to be associated with the storage group. This identifier can be the name or UUID.","type":"array","items":{"type":"string"}}},"example":{"policy_list":["CSI_Policy_1","CSI_Policy_2"]}}}],"responses":{"201":{"description":"Policy added to StorageGroup.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"dc763c13-b1a5-42ad-abe3-b11978a978c9","uri":"kylo:kylo:henry:guardpoint:dc763c13-b1a5-42ad-abe3-b11978a978c9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:37:14.764655844Z","updatedAt":"2021-11-02T09:37:14.764655844Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_7","policy_id":"92472414-8a7f-4bb8-8160-c47cd8a4430d","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_7","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"is_esg_capable_device":false,"metadata":"{}"},"status_code":201},{"guardpoint":{"id":"1bb66909-82a2-4aec-b262-20eecd392da7","uri":"kylo:kylo:henry:guardpoint:1bb66909-82a2-4aec-b262-20eecd392da7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:37:14.773016061Z","updatedAt":"2021-11-02T09:37:14.773016061Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_8","policy_id":"a4063732-5573-43ba-a5d5-ba66dae1da1f","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_8","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"is_esg_capable_device":false,"metadata":"{}"},"status_code":201}]}}},"207":{"description":"Policies added to storage group.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"guardpoints":[{"guardpoint":{"id":"476e5245-172a-47e8-bd5c-9adc5d535e1d","uri":"kylo:kylo:henry:guardpoint:476e5245-172a-47e8-bd5c-9adc5d535e1d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:39:28.310494007Z","updatedAt":"2021-11-02T09:39:28.310494007Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_9","policy_id":"49ca4c8d-295e-40ad-a221-65ef1b9e3daf","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_9","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"is_esg_capable_device":false,"metadata":"{}"},"status_code":201}],"failed_guard_points":[{"guard_path":"Non_CSI_Policy","error":"invalid policy type","status_code":400}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"409":{"description":"Conflict","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"get":{"summary":"List GuardPolicies in Storage Group","description":"Returns the list of GuardPolicies in a storage group. The results can be sorted by `updatedAt`, `createdAt`, `guard_enabled`, `type`, `guard_point_state`, `policy_id`, and `policy_name`.\n","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"id","in":"path","description":"An identifier of the CTE storage group. This identifier can be the name or UUID.","type":"string","required":true},{"name":"policy_name","in":"query","required":false,"type":"string","description":"Filter the results by name of CSI GuardPolicy."},{"name":"policy_id","in":"query","required":false,"type":"string","description":"Filter the results by id of CSI GuardPolicy."},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by state of GuardPolicy."},{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of CSI GuardPolicy."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"476e5245-172a-47e8-bd5c-9adc5d535e1d","uri":"kylo:kylo:henry:guardpoint:476e5245-172a-47e8-bd5c-9adc5d535e1d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:39:28.310494Z","updatedAt":"2021-11-02T09:39:28.310494Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_9","policy_id":"49ca4c8d-295e-40ad-a221-65ef1b9e3daf","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_9","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"is_esg_capable_device":false,"metadata":"{}"},{"id":"1bb66909-82a2-4aec-b262-20eecd392da7","uri":"kylo:kylo:henry:guardpoint:1bb66909-82a2-4aec-b262-20eecd392da7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:37:14.773016Z","updatedAt":"2021-11-02T09:37:14.773016Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Policy_8","policy_id":"a4063732-5573-43ba-a5d5-ba66dae1da1f","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_8","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"is_esg_capable_device":false,"metadata":"{}"}]}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"NotFound","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/transparent-encryption/csigroups/guardpoints/{gp_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get GuardPolicy from Storage Group","description":"Gets a GuardPolicy with the given gp_id.","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"gp_id","in":"path","description":"UUID of the CSI GuardPolicy.","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"13858f5a-cca6-46a1-b483-3f1463ebff14","uri":"kylo:kylo:henry:guardpoint:13858f5a-cca6-46a1-b483-3f1463ebff14","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-01T14:21:13.803782Z","updatedAt":"2021-11-01T14:21:13.803782Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":true,"automount_enabled":false,"guard_path":"/CSI_Client_Policy_1","policy_id":"e2c4473c-292c-4fd1-8793-cfae4ce4338d","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Client_Policy_1","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"is_esg_capable_device":false,"metadata":"{}"}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"Not found","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"patch":{"summary":"Update GuardPolicy in Storage Group","description":"Updates a GuardPolicy attached to a storage group.\n","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"gp_id","in":"path","description":"UUID of the CSI GuardPolicy.","type":"string","required":true},{"name":"body","in":"body","description":"GuardPolicy parameters to be modified.\n","schema":{"type":"object","title":"Update GuardPolicy for a CSI Storage Group.","properties":{"guard_enabled":{"description":"Enable or disable the GuardPolicy. Set to `true` to enable, `false` to disable.","type":"boolean"}},"example":{"guard_enabled":false}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]},"examples":{"application/json":{"id":"1bb66909-82a2-4aec-b262-20eecd392da7","uri":"kylo:kylo:henry:guardpoint:1bb66909-82a2-4aec-b262-20eecd392da7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-02T09:37:14.773016Z","updatedAt":"2021-11-02T09:37:14.773016Z","client_id":"00000000-0000-0000-0000-000000000000","client_group_id":"5f33954e-b518-4425-b251-6e536b227c38","client_name":"","client_group_name":"SG_1","guard_point_type":"directory_manual","guard_enabled":false,"automount_enabled":false,"guard_path":"/CSI_Policy_8","policy_id":"a4063732-5573-43ba-a5d5-ba66dae1da1f","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"docker_img_id":"","docker_cont_id":"","early_access":false,"type":"CSIGROUP","data_classification_enabled":false,"data_lineage_enabled":false,"policy_name":"CSI_Policy_8","network_share_credentials_id":"","disabled_reason":"","guard_point_state":"UNKNOWN","attr":{},"is_idt_capable_device":false,"cifs_enabled":false,"is_esg_capable_device":false,"metadata":"{}"}}},"400":{"description":"Bad request","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"Not found","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"Unprocessable entity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}},"delete":{"summary":"Remove GuardPolicy from CSI Storage Group","description":"Removes a GuardPolicy from a storage group with the given gp_id.","tags":["CTE/CSIStorageGroups"],"parameters":[{"name":"gp_id","in":"path","description":"UUID of the CSI GuardPolicy.","type":"string","required":true}],"responses":{"204":{"description":"OK","schema":{"type":"string"}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}},"404":{"description":"Not found","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"422":{"description":"UnprocessableEntity","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}}}}},"/v1/protectdb/databases":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of databases added for migration.","tags":["CDP/Database"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","name":"mydbname","database_type":"Oracle","host":"1.1.1.1","connection_protocol":"TCP","ddatabase_name":"mydb","database_user":"admin","database_password":"asdf1234","metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","port":"7896","schema":"qwerty","success":true}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Add","description":"Adds a new database for migration.","tags":["CDP/Database"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}}],"responses":{"202":{"description":"Successfully added database.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","name":"mydbname","database_type":"Oracle","host":"1.1.1.1","connectionProtocol":"TCP","databaseName":"mydb","databaseUser":"admin","databasePassword":"asdf1234","metaDbName":"mydbmeta","metaPassword":"asdf1234","metaUser":"metauser","port":"7896","schema":"qwerty","success":true}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/cert":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Uploads a new database certificate for SSL connection.","tags":["CDP/Database"],"parameters":[{"name":"body","in":"body","description":"CA certificate parameters.","schema":{"type":"object","title":"Uploads CA Request.","required":["name","cert"],"properties":{"name":{"type":"string","description":"Unique name for the certificate to be uploaded."},"cert":{"type":"string","description":"External CA certificate in PEM format."}},"example":{"name":"myCert","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}}],"responses":{"201":{"description":"Successfully uploaded database certificate.","schema":{"type":"object"},"examples":{"application/json":{"id":"58212a4b-81f5-4de2-aeae-60b8b6f1091e","uri":"kylo:kylo:naboo:external_ca:58212a4b-81f5-4de2-aeae-60b8b6f1091e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2017-09-29T14:46:38.1078Z","updatedAt":"2017-09-29T14:46:38.1078Z","cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/request/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"GetRequest","description":"Returns details of the requestID with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"data":"Object","type":"requestType","status":"status","resources":"","error":""}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns details of the database with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","name":"mydbname","database_type":"Oracle","host":"1.1.1.1","connectionProtocol":"TCP","databaseName":"mydb","databaseUser":"admin","databasePassword":"asdf1234","metaDbName":"mydbmeta","metaPassword":"asdf1234","metaUser":"metauser","port":"7896","schema":"qwerty","success":true}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"patch":{"summary":"Update","description":"Updates the parameters of the specified database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Database information to be updated.","required":true,"schema":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}}],"responses":{"201":{"description":"Successfully updated database parameters.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","name":"mydbname","database_type":"Oracle","host":"1.1.1.1","connectionProtocol":"TCP","databaseName":"mydb","databaseUser":"admin","databasePassword":"asdf1234","metaDbName":"mydbmeta","metaPassword":"asdf1234","metaUser":"metauser","port":"7896","schema":"qwerty","success":true}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"delete":{"summary":"Delete","description":"Deletes Database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successfully deleted database."},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/tables":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Tables","description":"Returns the list of tables inside the specified database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"skip","in":"query","description":"Specify the tables to skip for listing.","type":"integer","default":0},{"name":"limit","in":"query","description":"Specify the tables for which the detail is to be listed.","type":"integer","default":10},{"name":"schema","in":"query","description":"(optional) Specify the schema name to list empty table.","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}}}}]},"examples":{"application/json":{"data":{"type":"getTableList","status":"Success","skip":0,"limit":10,"total":10,"resources":{"PlainTables":[{"tableName":"tableName1"},{"tableName":"tableName2"}],"EncTables":[{"tableName":"tableName1"},{"tableName":"tableName2"}]},"error":""}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/table":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get Table","description":"Returns the details of a table with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name for which information is required.","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}}}}]},"examples":{"application/json":{"data":{"type":"getTableInfo","status":"Success","resources":{"oldDataExists":"true","owner":"INGRIAN","tableName":"TBLTEST","tableSpaceName":"","tableStatus":"Encrypted","viewCreated":"true"}}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/column":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get Column","description":"Returns the details of columns inside the specified table.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name which holds columns.","type":"string"},{"name":"column","in":"query","description":"Specify the column name.","type":"string"},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}}}}}]},"examples":{"application/json":{"data":{"type":"getColumn","status":"Success","resources":{"algorithm":"AES","attributes":"nullable","attributesFlag":[{"checkedColumn":"false","computedColumn":"false","default":"false","foriegnKey":"false","index":"false","isIdentity":"false","isUnique":"false","nullable":"true","partitioningKey":"false","priKey":"false","referenced":"false"}],"colName":"colName","colType":"colType","colWidth":"16","columnIv":"55BFB0F95532C03AC879D047BE2CCDB1","encType":"Standard","ivType":"column","key":"keyName","migrated":"false","mode":"CBC","newName":"colName_NEW","newType":"RAW","newWidth":"16","padding":"NoPadding","triggerPresent":"false"}}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/columns":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Columns","description":"Returns the lsit columns inside the specified database table.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name which holds the columns.","type":"string"},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"}],"responses":{"201":{"description":"Successfully updated column.","schema":{"type":"object","allOf":[{"type":"object","properties":{"table":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}},"database":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},"resources":{"type":"array","items":{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}}}}}]},"examples":{"application/json":{"data":{"type":"getColumnList","status":"Success","resources":{"algorithm":"AES","attributes":"nullable","attributesFlag":[{"checkedColumn":"false","computedColumn":"false","default":"false","foriegnKey":"false","index":"false","isIdentity":"false","isUnique":"false","nullable":"true","partitioningKey":"false","priKey":"false","referenced":"false"}],"colName":"colName","colType":"colType","colWidth":"16","columnIv":"55BFB0F95532C03AC879D047BE2CCDB1","encType":"Standard","ivType":"column","key":"keyName","migrated":"false","mode":"CBC","newName":"colName_NEW","newType":"RAW","newWidth":"16","padding":"NoPadding","triggerPresent":"false"}}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"patch":{"summary":"Update Column","description":"Updates column with encyption parameters.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name for which columns are to be updated.","type":"string"},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"},{"name":"body","in":"body","description":"Column details to be updated.","required":true,"schema":{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}}}],"responses":{"201":{"description":"Successfully updated column.","schema":{"type":"object","properties":{"database":{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},"table":{"type":"object","title":"Table","properties":{"tableName":{"type":"string","description":"Name of the table."}},"example":{"tableName":"CUSTOMERS"}}},"allOf":[{"type":"object","title":"Column","required":["encType","colName","key","algorithm","mode","ivType","errorType"],"properties":{"encType":{"type":"string","description":"Type of the encryption. Allowed types are Standard and FPE."},"colName":{"type":"string","description":"Name of the column to be encrypted."},"algorithm":{"type":"string","description":"Algorithm to encrypt column. Allowed algorithms are AES (128, 192 or 256) and FPE."},"key":{"type":"string","description":"Name of the key used to encrypt column."},"mode":{"type":"string","description":"The mode in which the encryption is to be peformed. Allowed modes are ECB and CBC.\nIt is recommended to use ECB mode for stronger encryption.\n"},"ivType":{"type":"string","description":"Initialization vector used for column encryption."},"fpeFormat":{"type":"string","description":"Select if encryption is to be performed on well formatted data without affecting its format post encryption.\nAllowed formats are:
— FIRST_SIX
— FIRST_SIX_LAST_FOUR
—FIRST_TWO_LAST_FOUR
—LAST_FOUR\n"},"tweakAlgo":{"type":"string","description":"(Optional)Tweak algotithm to be used. Possible values are:
— SHA1
— SHA256
— None(default)\n"},"tweakData":{"type":"string","description":"Required when tweak algorithm is used.\n"},"errorType":{"type":"string","description":"Replacement value type ,`None`,`ErrorReplacementValue`, `NullValue`, `EncryptedValue`."},"errorRepValue":{"type":"string","description":"Replacement value to be used as error."}}}]},"examples":{"application/json":{"data":{"status":"Processing","id":"37228fbb-0e5d-4d3b-a306-59c389e917db"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/domainIndex":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"CreateDomainIndex","description":"Creates domain index for Oracle database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Creates domain index.","required":true,"schema":{"type":"object","title":"CreateDomainIndex","required":["table","column","viewSqlOnly"],"properties":{"table":{"type":"string","description":"Name of the table on which domain Index is to be created."},"schema":{"type":"string","description":"Owner/schema of the table."},"column":{"type":"string","description":"Column name on which domain index is needed."},"indexName":{"type":"string","description":"Name of the index."},"dIXName":{"type":"string","description":"Name of the domain index."},"userspace":{"type":"string","description":"Userspace used for domain index."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."}},"example":{"table":"myTable","schema":"","column":"","indexName":"","dIXName":"","userspace":"","viewSqlOnly":true}}}],"responses":{"200":{"description":"OK"},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"delete":{"summary":"DeleteDomainIndex","description":"Deletes domain index from a column in Oracle database.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name from which domain index is to be dropped.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false},{"name":"column","in":"query","description":"Specify the column name from which domain index is to be dropped.","type":"string","required":true},{"name":"viewSqlOnly","in":"query","type":"boolean","description":"True or False"}],"responses":{"200":{"description":"OK"},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/user":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"ListMap","description":"Returns the list of user mappings for database and NAE users.","tags":["CDP/UserMapping"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"PatchUser","required":["dbUser"],"properties":{"dbUser":{"type":"string","description":"Database user to be mapped to NAE user."},"naeUser":{"type":"string","description":"NAE user with whom database user is to be mapped."},"naePassword":{"type":"string","description":"Password for NAE user."}}}}}}]},"examples":{"application/json":{"data":"Object","type":"getUserMap","status":"success","resources":[{"dbUser":"user1","naeUser":"naeUser"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"patch":{"summary":"UpdateMap","description":"Creates or updates user mappings.","tags":["CDP/UserMapping"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"User mapping to be updated.","required":true,"schema":{"type":"object","title":"PatchUser","required":["dbUser"],"properties":{"dbUser":{"type":"string","description":"Database user to be mapped to NAE user."},"naeUser":{"type":"string","description":"NAE user with whom database user is to be mapped."},"naePassword":{"type":"string","description":"Password for NAE user."}}}}],"responses":{"201":{"description":"Successfully updated user mapping.","schema":{"type":"object"},"examples":{"application/json":{"data":{"status":"Processing","id":"37228fbb-0e5d-4d3b-a306-59c389e917db"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/dbusers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"ListDBUsers","description":"Returns the list database users that are not mapped to NAE user.","tags":["CDP/UserMapping"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","title":"Database","required":["name","database_type","host","connection_Protocol","database_name","database_user","database_password","metadb_user","meta_Password","database_port"],"properties":{"name":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"database_type":{"type":"string","description":"Allowed databases are Oracle, SQLServer, and DB2."},"host":{"type":"string","description":"Hostname or IP address of the database server."},"database_port":{"type":"string","description":"Port on which the CDP will connect to the database. For SQL Server, to connect using an instance, specify I:instance_name as parameter.\n"},"connection_Protocol":{"type":"string","description":"Protocol used to connect to database driver and database. Possible options are- TCP and SSL."},"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."},"metadb_user":{"type":"string","description":"Name of the database where CipherTrust Database Protection metadata gets installed.\nThis parameter is optional for Oracle and DB2 but mandatory for SQL Server.\n"},"meta_Password":{"type":"string","description":"Database password that has permission to connect to the CipherTrust Database Protection metadata.\n"},"save_connection":{"type":"boolean","description":"Flag that allows to save database session details for furter logins.\nValid values : True and False\n"},"database_name":{"type":"string","description":"Name of the database that contains the tables and columns to be encrypted.\nFor Oracle, it is SID. However, you can also use service name I:.\n"},"secondryAuth":{"type":"string","description":"Required, if database_type is DB2.\n"},"schema":{"type":"string","description":"(Optional) Name of the schema. By default, the value is dbo.\n"}},"example":{"name":"mydbname","database_type":"Oracle","host":"1.1.1.1","database_port":"7896","connection_protocol":"TCP","database_name":"mydb","database_user":"admin","database_password":"asdf1234","save_connection":false,"metadb_name":"mydbmeta","meta_password":"asdf1234","metadb_user":"metauser","schema":"qwerty"}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"PatchUser","required":["dbUser"],"properties":{"dbUser":{"type":"string","description":"Database user to be mapped to NAE user."},"naeUser":{"type":"string","description":"NAE user with whom database user is to be mapped."},"naePassword":{"type":"string","description":"Password for NAE user."}}}}}}]},"examples":{"application/json":{"data":"Object","type":"getDBUser","status":"success","resources":[{"dbUser":"user1"}]}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/view":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create Views and Trigger","description":"Creates views and triggers.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Creates views and triggers.","required":true,"schema":{"type":"object","title":"CreateView","required":["alias","table","viewSqlOnly"],"properties":{"alias":{"type":"string","description":"Name/alias for the connection information. This field which uniquely identifies a database connection."},"table":{"type":"string","description":"Name of the table on which views and trigger are to be created."},"schema":{"type":"string","description":"The owner/schema name who owns the table if its other then used in connection."},"newtable":{"type":"string","description":"Name of the new table that holds the encrypted data. The default value is tablename_new."},"view":{"type":"string","description":"User specified view name. It is recommnded to use the default value which is same as the name of the table."},"insTrigger":{"type":"string","description":"Name of the insert trigger. The default trigger is tablename_ins_trig."},"updTrigger":{"type":"string","description":"Name of the updated trigger. The default value is tablename_upd_trig."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."}},"example":{"alias":"mydbname","table":"myTable","schema":"","newtable":"","view":"","insTrigger":"","updTrigger":"","viewSqlOnly":true}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}},"examples":{"application/json":{"data":{"type":"createView","status":"Success"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"delete":{"summary":"Delete Views and Trigger","description":"Deletes views and triggers.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name from which views and triggers are to be deleted.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"},{"name":"viewSqlOnly","in":"query","type":"boolean","description":"True or False"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}}]},"examples":{"application/json":{"data":{"type":"DeleteView","status":"Success"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Jobs","description":"Returns the list of jobs inside table with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name for which jobs are to be listed.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}}]},"examples":{"application/json":{"data":{"type":"getJobList","status":"Success","resources":{"job_type":[{"tableName":"tableName1"},{"tableName":"tableName2"}],"job_id":[{"tableName":"tableName1"},{"tableName":"tableName2"}]},"error":""}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/job-detail":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Job Details","description":"Returns the status of job with the given id.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"jobId","in":"query","description":"Specify the job id for which the status is to be checked.","type":"string","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","title":"Jobs","required":["table","schema"],"properties":{"table":{"type":"string","description":"Name of the table for which the job is to be listed.\n"},"schema":{"type":"string","description":"Name of the schema."}},"example":{"table":"mytable","schema":"owner"}}}}}]},"examples":{"application/json":{"data":{"type":"getJobStatus","status":"Job Success","resources":{"columns_affected":[{"columnName":"column1"},{"columnName":"column2"}],"rows_modified":"2","start_time":"Thu Jun 30 11:30:39","end_time":"Thu Jun 30 11:30:40","operation":"Delete Old Data"},"error":""}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/deleteData":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"delete":{"summary":"DeleteOldData","description":"Deletes old data.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"table","in":"query","description":"Specify the table name from which the old data is to be deleted.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false},{"name":"batch","in":"query","description":"Specify the batch size in which the old data is to be deleted.","type":"string","required":false},{"name":"viewSqlOnly","in":"query","type":"boolean","description":"True or False"}],"responses":{"200":{"description":"OK","examples":{"application/json":{"data":{"type":"DeleteData","status":"Success"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/auth":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"AuthorizeUser","description":"Verify whether the database user is authorized.","tags":["CDP/Database"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Authorizes the user.","required":true,"schema":{"type":"object","title":"GetAuth","required":["database_user","database_password"],"properties":{"database_user":{"type":"string","description":"Database login name that has permission to modify the tables to be migrated.\nThis user can be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.\n"},"database_password":{"type":"string","description":"Password of the database used in databaseUser parameter."}},"example":{"database_user":"admin","database_password":"asdf1234"}}}],"responses":{"201":{"description":"Successfully authorized user.","schema":{"type":"object"},"examples":{"application/json":{"data":{"status":"Processing","id":"37228fbb-0e5d-4d3b-a306-59c389e917db"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/migration-server":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Add","description":"Creates migration server.","tags":["CDP/Migration Server"],"parameters":[{"name":"body","in":"body","description":"The migration server to be added.\n","required":true,"schema":{"example":{"host":"","port":"","naeuser":"","naepassword":""},"type":"object","title":"PostMigrationServer","required":["host","port","naeuser","naepassword"],"properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}}}],"responses":{"202":{"description":"Successfully added migration server.","examples":{"application/json":{"data":{"type":"CreateMigrationServer","status":"Processing","resources":""}}}},"401":{"description":"Bad Request | The provided JWT is missing required claims."},"409":{"description":"The migration server is already added for this connection."}}},"patch":{"summary":"Update","description":"Updates the migration server parameters.","tags":["CDP/Migration Server"],"parameters":[{"name":"body","in":"body","description":"The migration server to be updated.\n","schema":{"example":{"host":"","port":"","naeuser":"","naepassword":""},"type":"object","title":"PostMigrationServer","properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}}}],"responses":{"202":{"description":"Successfully updated the migration server.","examples":{"application/json":{"data":{"type":"UpdateMigrationServer","status":"Processing","resources":""}}}},"400":{"description":"The user and password are required."},"401":{"description":"Bad Request | The provided JWT is missing required claims."}}},"get":{"summary":"Get","description":"Returns the lsit of the migration server.","tags":["CDP/Migration Server"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","title":"PostMigrationServer","required":["host","port","naeuser","naepassword"],"properties":{"host":{"type":"string","description":"Host IP of the migration server."},"port":{"type":"string","description":"Port of the migration server."},"naeuser":{"type":"string","description":"Nae user name to be used for encryption."},"naepassword":{"type":"string","description":"Nae user password"}}},{"type":"object","properties":{"resources":{"type":"array"}}}]},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","createdAt":"2016-08-22T15:19:46.61956217Z","name":"mydbname","host":"1.1.1.1","port":"7896","naeuser":"username","success":true}}},"401":{"description":"Bad Request | The provided JWT is missing required claims."},"404":{"description":"The migration server does not exist for this connection."}}},"delete":{"summary":"Delete","description":"Deletes the migration server.","tags":["CDP/Migration Server"],"responses":{"200":{"description":"Successfully deleted the migrationn server."},"401":{"description":"Bad Request | The provided JWT is missing required claims."},"404":{"description":"The migration server does not exist for this connection."}}}},"/v1/protectdb/databases/{id}/encrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Encrypt table","description":"Encrypts a table.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Initiates encryption on table.","required":true,"schema":{"type":"object","title":"Perform Encryption","required":["table","viewSqlOnly"],"properties":{"table":{"type":"string","description":"Name of the table to be encrypted"},"schema":{"type":"string","description":"Name of owner/schema of the table."},"newtable":{"type":"string","description":"Name of the new table which will hold encrypted data (default is tablename_new)"},"viewname":{"type":"string","description":"User specified view Name"},"insTrigger":{"type":"string","description":"Name of the insert trigger default will be tablename_ins_trig"},"updTrigger":{"type":"string","description":"Name of the update trigger default will be \"tablename_upd_trig\""},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."},"batchSize":{"type":"integer","description":"Specify the batch size in which encryption is to be deleted."}},"example":{"table":"myTable","newtable":"","viewname":"","insTrigger":"","updTrigger":"","viewSqlOnly":true,"batchsize":1000}}}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"EncryptOpeartion","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/table/{name}/restore-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Restore Job","description":"Restores a failed or cancelled job.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"name","in":"path","description":"Table name.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"RestoreOperation","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/table/{name}/resume-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Resume Job","description":"Resumes a failed or cancelled job.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"name","in":"path","description":"Table name.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"ResumeOperation","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/table/{name}/cancel-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Cancel Job","description":"Cancels a processing job.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"name","in":"path","description":"Table name.","type":"string","required":true},{"name":"schema","in":"query","description":"Specify the owner/schema of the table.","type":"string","required":false}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"CancelOperation","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/protectdb/databases/{id}/decrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Decrypt table","description":"Decrypts a table.","tags":["CDP/Migration Server"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"body","in":"body","description":"Decrypts a table.","required":true,"schema":{"type":"object","title":"Perform Decryption","required":["table","columnNames"],"properties":{"table":{"type":"string","description":"Name of the table to be unmigrated."},"schema":{"type":"string","description":"Name of owner/schema of the table."},"viewSqlOnly":{"type":"boolean","description":"Specify true if you just want to see the queries that will be performed."},"batchSize":{"type":"integer","description":"Specify the batch size in which decryption is to be performed."},"columnNames":{"type":"array","items":{"type":"string"}}},"example":{"table":"myTable","batchsize":1000,"columnNames":["col1","col2"],"viewSqlOnly":true}}}],"responses":{"202":{"description":"OK","examples":{"application/json":{"data":{"type":"DecryptOperation","status":"Processing"}}}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}}},"/v1/ddc/reports/{id}/summary":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get summary","description":"Get all summary information of a report (Total Data Objects Scanned,\nSensitive Data Objects Found, Sensitive Items Found, Infotypes Discovered).\n","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"scansDataObjectCount":{"type":"integer","format":"int64"},"scansSensitiveDataObjectCount":{"type":"integer","format":"int64"},"scansSensitiveItemsCount":{"type":"integer","format":"int64"},"scansTotalInfotypesCount":{"type":"object","properties":{"detected":{"type":"integer","format":"int64"},"total":{"type":"integer","format":"int64"}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/infotypes/summary":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get all infotypes summary","description":"Get all summary information of the infotypes of all the scans in the report.","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"infotypesByCategory":{"type":"array","items":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"infotypesDistribution":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the report info","description":"Get the report info with name of the scans","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"reportTemplateName":{"description":"Name of ReportTemplate.","type":"string"},"scans":{"description":"Array of scan names.","type":"array","items":{"type":"object","properties":{"executionDate":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanName":{"description":"Name of the scan.","type":"string"}}}},"report":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"reportTemplateId":{"description":"ID of ReportTemplate.","type":"string"},"reportTemplateVersion":{"description":"version of ReportTemplate.","type":"integer"},"path":{"description":"Path of Report.","type":"string"},"status":{"description":"Status of the Report.","type":"string"},"new":{"description":"Schedule Report Template.","type":"boolean"},"startTimestamp":{"description":"Start of the process report.","type":"string","format":"date-time"},"endTimestamp":{"description":"End of the Report to be ready.","type":"string","format":"date-time"},"error":{"description":"Error of the report.","type":"string"}}}]}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/data-objects/summary":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get all data objects summary","description":"Get all summary information of the data objects of all the scans in the report.","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"sensitiveDataObjectsByCategory":{"type":"array","items":{"type":"object","properties":{"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"sensitiveDataObjects":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/scans/details":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"List all the scans of the report. Results can be sorted by Scan Name.","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Scan Name.","type":"string"},"execution":{"description":"Timestamp of the execution of the scan","type":"string","format":"date-time","x-nullable":true},"duration":{"description":"Duration of the execution of the scan","type":"integer"},"datastores":{"description":"Names of the datastores included in the scan.","type":"array","items":{"type":"string"}},"classificationProfiles":{"description":"Object classification profiles included in the scan.","type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the classification profile.","type":"string"},"deletedAt":{"description":"timestamp when classification profile was deleted.","type":"string","format":"date-time"}}}},"infotypes":{"description":"Infotypes included in the scan.","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the infotype","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the infotype","type":"integer"},"name":{"description":"Name of the infotype","type":"string"},"riskWeight":{"description":"Weight for each match in the risk formula","type":"integer"},"family":{"description":"info type family","type":"object","properties":{"id":{"description":"family id","type":"string","format":"UUIDv4"},"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"id":{"description":"category id","type":"string","format":"UUIDv4"},"name":{"description":"name of the category","type":"string"}}}}}}}},"infotypesFound":{"description":"Number of found infotypes","type":"integer","format":"int64"},"totalDataObjects":{"description":"Total Data Objects included in the scan.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive Data Objects found in the scan.","type":"integer"},"filters":{"description":"Filters used in the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","description":"Type of filter to apply"},"expression":{"description":"Expression for the filter","type":"string"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date"},"days":{"description":"Days to include for the include_recent filter","type":"integer"},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer"}}}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/datastores/details":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"List all the datastores of the report. Results can be sorted by Risk, Name, Scan Name, Last Scan,\nBranch, Total Data Objects, Sensitive Objects.\n","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the datastore.","type":"string"},"risk":{"description":"Value od the risk detected in the datastore.","type":"integer","format":"int64"},"warning":{"description":"True if the risk in high.","type":"boolean"},"sensitivityLevel":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Sentivity Level.","type":"string"},"color":{"description":"Color associated to the Sentivity Level.","type":"string"},"level":{"description":"Level associated to the Sentivity Level.","type":"integer"},"internal":{"description":"Indicates if the Sensivity Level is used only internally by the backend.","type":"boolean"}}}]},"scanName":{"description":"Name of the scan wich includes the datastore.","type":"string"},"lastScan":{"description":"Date of the last scan using the datastore.","type":"integer","format":"date-time"},"branchLocation":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"},"country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"state":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]}}}]},"totalDataObject":{"description":"Total of dataobjects of the datastore.","type":"integer","format":"int64"},"sensitiveDataObject":{"description":"Number of sensitive data objects in the datastore.","type":"integer","format":"int64"},"infotypesTotal":{"description":"Names of the infotypes included in the datastore.","type":"array","items":{"type":"string"}},"infotypesTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"extensionsTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}},"classificationProfileTop5":{"description":"Array of the infotypes Top 5.","type":"array","items":{"type":"object","properties":{"name":{"type":"string"},"category":{"type":"string"},"value":{"type":"integer","format":"int64"}}}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/dynamic/data-objects":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Create new dynamic query for data objects","description":"Create a new dynamic query with the filters in the body. The request returns a dynamic query ID that can be used\nto retrieve the generated report\n","tags":["DDC/Report"],"parameters":[{"name":"body","in":"body","description":"Parameters used to filter the request","schema":{"allOf":[{"type":"object","properties":{"id":{"description":"UUID of the dynamic query to create (optional)","type":"string","format":"uuid"},"filter":{"description":"Generic text filter to search in the name and path columns","type":"string"},"datastores":{"description":"Datastores to include in the query","type":"array","items":{"type":"string","format":"uuid"}},"types":{"description":"Types of data objects to include (File, Table, Inaccessible, Email, Attachment)","type":"array","items":{"type":"string"}},"sort":{"description":"Column to use for sorting (name, -name, risk, -risk, type, -type, path, -path)","type":"string"}}}]}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"type":"object","properties":{"reportId":{"description":"ID of the report for the dynamic query","type":"string","format":"uuid"},"startTimestamp":{"description":"timestamp when the query execution started","type":"string","format":"date-time"},"endTimestamp":{"description":"timestamp when the query execution finished","type":"string","format":"date-time"},"status":{"description":"status of the dynamic query (RUNNING, COMPLETED, FAILED)","type":"string"},"error":{"description":"Error of the dynamic query if it failed","type":"string","format":"json"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/data-objects/details":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"List all the datastores of the report. Results can be sorted by Risk, Name, Scan Name, Last Scan,\nBranch, Total Data Objects, Sensitive Objects.\n","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"reportId","in":"query","type":"string","description":"Filters result to the rows based on reportID.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value od the risk detected in the datastore.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore which includes the data object.","type":"string"},"owner":{"description":"Name of the owner.","type":"string"},"type":{"description":"Type of the data object. File or Table","type":"string"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"modified":{"description":"Date of last modification.","type":"string","format":"date-time"},"infoTypesTotal":{"description":"Number of distinct infotypes found.","type":"integer","format":"int64"},"infotypesDistribution":{"description":"array of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"infotype name"},"category":{"type":"string","description":"infotype category"},"value":{"type":"integer","format":"int64","description":"number of matches"},"searchPrecision":{"type":"string","format":"string","description":"Search precission for the infotype","enum":["HIGH","LOW","N/A"]},"riskWeight":{"type":"integer","description":"weight of each match in the risk formula"}}}},"DatastoreDeletedAt":{"description":"Date of deletion","type":"string","format":"date-time"},"policyId":{"description":"Id of the policy","type":"string"},"policyName":{"description":"Name of the policy","type":"string"},"remediationTimestamp":{"description":"Date of remediation","type":"string","format":"date-time"},"remediationStatus":{"description":"Status of remediation","type":"string"},"classificationProfiles":{"description":"Classification profiles","type":"array","items":{"type":"string"}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/{id}/data-objects/export":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"Writes all the data objects of the report in streaming.\n","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value od the risk detected in the datastore.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore which includes the data object.","type":"string"},"owner":{"description":"Name of the owner.","type":"string"},"type":{"description":"Type of the data object. File or Table","type":"string"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"modified":{"description":"Date of last modification.","type":"string","format":"date-time"},"infoTypesTotal":{"description":"Number of distinct infotypes found.","type":"integer","format":"int64"},"infotypesDistribution":{"description":"array of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"infotype name"},"category":{"type":"string","description":"infotype category"},"value":{"type":"integer","format":"int64","description":"number of matches"},"searchPrecision":{"type":"string","format":"string","description":"Search precission for the infotype","enum":["HIGH","LOW","N/A"]},"riskWeight":{"type":"integer","description":"weight of each match in the risk formula"}}}},"DatastoreDeletedAt":{"description":"Date of deletion","type":"string","format":"date-time"},"policyId":{"description":"Id of the policy","type":"string"},"policyName":{"description":"Name of the policy","type":"string"},"remediationTimestamp":{"description":"Date of remediation","type":"string","format":"date-time"},"remediationStatus":{"description":"Status of remediation","type":"string"},"classificationProfiles":{"description":"Classification profiles","type":"array","items":{"type":"string"}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/reports/dynamic/data-objects/{id}/report":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"Lists all the dataobjects of the scan given the dynamic query id.\nThe applied filters where selected when creating the dynamic query.\n","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"scanId":{"description":"ID of the scan","type":"string"},"datastoreId":{"description":"ID of the datastore","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value od the risk detected in the datastore.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreName":{"description":"Name of the datastore which includes the data object.","type":"string"},"owner":{"description":"Name of the owner.","type":"string"},"type":{"description":"Type of the data object. File or Table","type":"string"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"modified":{"description":"Date of last modification.","type":"string","format":"date-time"},"infoTypesTotal":{"description":"Number of distinct infotypes found.","type":"integer","format":"int64"},"infotypesDistribution":{"description":"array of infotypes found in the data object.","type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"infotype name"},"category":{"type":"string","description":"infotype category"},"value":{"type":"integer","format":"int64","description":"number of matches"},"searchPrecision":{"type":"string","format":"string","description":"Search precission for the infotype","enum":["HIGH","LOW","N/A"]},"riskWeight":{"type":"integer","description":"weight of each match in the risk formula"}}}},"DatastoreDeletedAt":{"description":"Date of deletion","type":"string","format":"date-time"},"policyId":{"description":"Id of the policy","type":"string"},"policyName":{"description":"Name of the policy","type":"string"},"remediationTimestamp":{"description":"Date of remediation","type":"string","format":"date-time"},"remediationStatus":{"description":"Status of remediation","type":"string"},"classificationProfiles":{"description":"Classification profiles","type":"array","items":{"type":"string"}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"Error, see code in the error:\n- DDCDynamicQueryExecutionRunningError - The dynamic query is still running\n- DDCDynamicQueryExecutionFailedError - The dynamic query failed. The cause is included as the error context.\n- DDCError - Unexpected error\n","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the scan trend report info","description":"Get the scan trend report info with the name of the scan","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"type":"object","properties":{"reportTemplateId":{"description":"ID of the report template that generated the report","type":"string","format":"UUIDv4"},"reportTemplateVersion":{"description":"Version of the report template that generated the report","type":"integer"},"status":{"description":"Status of the report","type":"string","enum":["RUNNING","COMPLETED","FAILED"]},"new":{"description":"Marks if the report has been viewed or if it's new","type":"boolean"},"startTimestamp":{"description":"Timestamp when the report generation started","type":"string","format":"date-time"},"endTimestamp":{"description":"Timestamp when the report generation finished","type":"string","format":"date-time"},"error":{"description":"Error of the report generation if it failed","type":"string","format":"json"},"scans":{"description":"Scan executions contained in the report","type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"description":"id of the scan","type":"string","format":"UUIDv4"},"executionDate":{"description":"timestamp for the scan execution","type":"string","format":"date-time"},"scanVersion":{"description":"version of the scan when it was executed","type":"integer"},"scanExecutionId":{"description":"id for the scan execution","type":"string","format":"UUIDv4"},"scanName":{"description":"name of the scan","type":"string"}}}]}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}/data-objects-trend":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the data objects info trend","description":"Get the data objects info trend","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"dataObjectScanned":{"description":"Scanned data objects.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive data objects.","type":"integer"},"remediatedDataObjects":{"description":"Remediated data objects.","type":"integer"},"infoTypesFoundCount":{"description":"Count of the infotypes found.","type":"integer"}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}/average-risk-trend":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the data objects average risk","description":"Get the data objects average risk","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanExecutionID":{"description":"Scan Execution ID.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"averageRisk":{"description":"Average risk.","type":"integer"}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}/infotypes-trend":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the infotypes info trend","description":"Get the infotypes info trend","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"infoTypesCount":{"description":"Count of the infotypes found.","type":"integer"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"infoTypesFound":{"description":"Array of infotypes found.","type":"array","items":{"type":"object","properties":{"infoTypeFamily":{"description":"Family of the infotype.","type":"string"},"name":{"description":"Name of the infotype.","type":"string"},"count":{"description":"Count of occurencies of this infotype found.","type":"integer"}}}}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}/remediation-trend":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get the data objects of remediation","description":"Get the data objects of remediation","tags":["DDC/Report"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"date":{"description":"Date of scan launch.","type":"string","format":"date-time"},"scanID":{"description":"ID of the scan.","type":"string"},"scanVersion":{"description":"Version of the scan.","type":"integer"},"modified":{"description":"Whether or not the scan has been modified.","type":"boolean"},"dataObjectScanned":{"description":"Scanned data objects.","type":"integer"},"sensitiveDataObjects":{"description":"Sensitive data objects.","type":"integer"},"remediablesDataObjects":{"description":"Remediable data objects.","type":"integer"},"remediatedDataObjects":{"description":"Remediated data objects.","type":"integer"}}}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scan-trend-reports/{id}/data-objects/details/{scanExecutionId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List All.","description":"List all the dataobject details of the report. Results can be sorted by Risk, Name, Scan Name, Last Scan,\nBranch, Total Data Objects, Sensitive Objects.\n","tags":["DDC/Report"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"scanExecutionId","in":"path","required":true,"type":"string","description":"Filters result to the rows that contains all the values within this parameters split by Scan Execution ID.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"scanId":{"description":"ID of the scan","type":"string"},"scanVersion":{"description":"Scan version","type":"integer","format":"int64"},"scanExecutionId":{"description":"Id of the scan execution","type":"string"},"name":{"description":"Name of the dataobject.","type":"string"},"risk":{"description":"Value od the risk detected in the datastore.","type":"integer","format":"int64"},"path":{"description":"Localization of the data object.","type":"string"},"datastoreID":{"description":"ID of the datastore.","type":"string"},"datastoreName":{"description":"Name of the datastore","type":"string"},"profiles":{"description":"Profiles.","type":"integer","format":"int64"},"infoTypesTotal":{"description":"Infotypes.","type":"integer","format":"int64"},"matches":{"description":"Number of sensitive items found.","type":"integer","format":"int64"},"remediationTimestamp":{"description":"Date of remediation","type":"string","format":"date-time"},"remediationStatus":{"description":"status of remediation.","type":"boolean"}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/agents":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all agents. Results can be refined with query params.","tags":["DDC/Agent"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name\n\n...will sort the results first by `name`.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any row with all the values present in the name column\n"},{"name":"name","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any row with all the values present in the name column\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"}}}]}}}}]}}}}},"/v1/ddc/agents/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an agent with the given 'id'.","tags":["DDC/Agent"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"put":{"summary":"Update","description":"Updates the details of an Agent.","tags":["DDC/Agent"],"parameters":[{"name":"body","in":"body","description":"The Agent properties to change.\n","schema":{"required":["localStorageOnly"],"properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels to assign to the agent","type":"array","items":{"type":"object","properties":{"name":{"description":"Name of the label. If it doesn't exist it will be created.","type":"string"}}}}}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"localStorageOnly":{"description":"If set to true the agent won't be used in automatic agent selection except for local storage datastores","type":"boolean"},"agentLabels":{"description":"Labels assigned to the agent","type":"array","items":{"type":"object","properties":{"id":{"description":"Label ID","type":"string","format":"UUIDv4"},"name":{"description":"Label name","type":"string"}}}},"platformCompatibility":{"description":"Platform family of the agent","type":"string"},"status":{"description":"Status of the agent - the possible values are 'CONNECTED' or 'NOT_CONNECTED'","type":"string","enum":["CONNECTED","NOT_CONNECTED"]},"connectedIp":{"description":"IP of the interface the agent used to connect to DDC","type":"string"},"timeDifference":{"description":"Difference between the agent and the server clocks in seconds.","type":"integer"},"version":{"description":"Version of the installed agent","type":"string"},"datastores":{"description":"Number of datastores associated with the agent","type":"integer"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/local-storage":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new local storage Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"local storage datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/local-storage/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"update a new local storage Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"local storage datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/ibm-db2":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new IBM db2 Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/ibm-db2/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a IBM db2 Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/oracle-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Oracle db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/oracle-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Oracle db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"IBM db2 datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/microsoft-sql-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Microsoft SQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Microsoft SQL db datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/microsoft-sql-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Microsoft SQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Microsoft SQL db datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/postgresql-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new PostgresSQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Postgres SQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/postgresql-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a PostgresSQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Postgres SQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/sap-hana-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new SAP HANA db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"SAP Hana DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/sap-hana-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a SAP HANA db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"SAP Hana DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"database":{"type":"string","description":"name of the database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/mysql-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new MySQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"MySQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/mysql-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a MySQL db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"MySQL datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/teradata-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Teradata db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Teradata DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/teradata-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Teradata db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Teradata DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/mongo-db":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Mongo db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Mongo DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"authDatabase":{"type":"string","description":"Authorization database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/mongo-db/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Teradata db Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Mongo DB datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"database port"},"authDatabase":{"type":"string","description":"Authorization database"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/windows-share":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Windows Share Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Windows Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore."},"path":{"type":"string","description":"Shared folder name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/windows-share/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Windows Share Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Windows Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"username":{"type":"string","description":"user to access the datastore"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"},"path":{"type":"string","description":"Shared folder name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/unix-file-share":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Unix file Share Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Unix File Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"path":{"type":"string","description":"Shared folder path."},"proxyHostname":{"type":"string","description":"hostname of the agent when the shared folder is mounted"},"proxyPath":{"type":"string","description":"mount point in the agent"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/unix-file-share/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Unix file Share Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Unix File Share datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"path":{"type":"string","description":"Shared folder path."},"proxyHostname":{"type":"string","description":"hostname of the agent when the shared folder is mounted"},"proxyPath":{"type":"string","description":"mount point in the agent"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/hadoop-cluster":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Hadoop cluster Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Hadoop Cluster datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"hdfs port"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/hadoop-cluster/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Hadoop cluster Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Hadoop Cluster datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"hostname of the datastore"},"port":{"type":"integer","description":"hdfs port"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/amazon-s3":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Amazon s3 Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Amazon s3 datastore connection.","type":"object","properties":{"accessKeyId":{"type":"string","description":"access key ID"},"secretAccessKey":{"type":"string","description":"secret access key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/amazon-s3/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update a Amazon s3 Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Amazon s3 datastore connection.","type":"object","properties":{"accessKeyId":{"type":"string","description":"access key ID"},"secretAccessKey":{"type":"string","description":"secret access key"},"editSecretAccessKey":{"type":"boolean","description":"set to true to edit the secret access key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/azure-blob":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Azure Blob datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure blob datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/azure-blob/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Azure Blob Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure blob datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/azure-table":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Azure Table datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure table datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/azure-table/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Azure Table Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure table datastore connection.","type":"object","properties":{"accountName":{"type":"string","description":"azure account name"},"username":{"type":"string","description":"azure username"},"password":{"type":"string","description":"password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-sharepoint-online":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Office365 Sharepoint datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure Office365 Sharepoint Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"sharepoint domain"},"clientId":{"type":"string","description":"sharepoint client id"},"tenantId":{"type":"string","description":"sharepoint tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-sharepoint-online/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Office365 Sharepoint Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Azure Office365 Sharepoint Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"sharepoint domain"},"clientId":{"type":"string","description":"sharepoint client id"},"tenantId":{"type":"string","description":"sharepoint tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-exchange-online":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Office365 Exchange datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 Exchange Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"exchange domain"},"clientId":{"type":"string","description":"exchange client id"},"tenantId":{"type":"string","description":"exchange tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-exchange-online/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Office365 Exchage Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 Exchange Online datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"exchange domain"},"clientId":{"type":"string","description":"exchange client id"},"tenantId":{"type":"string","description":"exchange tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-onedrive-business":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Office365 OneDrive Business datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 OneDrive Business datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"OneDrive Business domain"},"clientId":{"type":"string","description":"OneDrive Business client id"},"tenantId":{"type":"string","description":"OneDrive Business tenant id"},"clientSecretKey":{"type":"string","description":"client secret key."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/office365-onedrive-business/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Office365 OneDrive Business Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Office365 OneDrive Business datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"OneDrive Business domain"},"clientId":{"type":"string","description":"OneDrive Business client id"},"tenantId":{"type":"string","description":"OneDrive Business tenant id"},"clientSecretKey":{"type":"string","description":"client secret key. Only fill with editClientSecretKey=true"},"editClientSecretKey":{"type":"boolean","description":"set to true to edit the client secret key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/exchange-server":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Exchange Server datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Exchange Server datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"Exchange Server domain"},"username":{"type":"string","description":"Exchange Server username"},"password":{"type":"string","description":"Exchange Server password."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/exchange-server/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Exchange Server Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Exchange Server datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"Exchange Server domain"},"username":{"type":"string","description":"Exchange Server username"},"password":{"type":"string","description":"password for exchange server. Only fill with editPassword=true"},"editPassword":{"type":"boolean","description":"set to true to edit the password"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/google-mail":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Google Mail datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Mail datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id."},"privateKey":{"type":"string","description":"private key."},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/google-mail/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Google Mail Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Mail datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id. Only set with editServiceAccountID=true"},"editServiceAccountID":{"type":"boolean","description":"set to true to edit the service account id"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/google-drive":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Google Drive datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id."},"privateKey":{"type":"string","description":"private key."},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/google-drive/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Google Drive Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"domain":{"type":"string","description":"google domain"},"username":{"type":"string","description":"google username"},"serviceAccountID":{"type":"string","description":"service account id. Only set with editServiceAccountID=true"},"editServiceAccountID":{"type":"boolean","description":"set to true to edit the service account id"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"private key file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/sharepoint-server":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Sharepoint Server datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"share point server hostname"},"username":{"type":"string","description":"username"},"password":{"type":"string","description":"password"},"apiPassword":{"type":"string","description":"api password."},"apiPasswordsFilename":{"type":"string","description":"api password file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/sharepoint-server/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Sharepoint Server Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Google Drive datastore connection.","type":"object","properties":{"hostname":{"type":"string","description":"share point server hostname"},"username":{"type":"string","description":"username"},"password":{"type":"string","description":"password. Only set with editPassword=true"},"editPassword":{"type":"boolean","description":"set to true to edit the password"},"apiPassword":{"type":"string","description":"api password. Only set with editAPIPasswords=true"},"editApiPassword":{"type":"boolean","description":"set to true to edit the api password"},"apiPasswordsFilename":{"type":"string","description":"api password file name."}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/salesforce":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Salesforce datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Salesforce datastore connection.","type":"object","properties":{"salesforceAccount":{"type":"string","description":"salesforce account"},"consumerKey":{"type":"string","description":"consumer key"},"privateKey":{"type":"string","description":"private key"},"privateKeyFilename":{"type":"string","description":"filename private key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/salesforce/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Update an Sharepoint Server Datastore\n","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","required":["connection"],"properties":{"connection":{"description":"Salesforce datastore connection.","type":"object","properties":{"salesforceAccount":{"type":"string","description":"salesforce account"},"consumerKey":{"type":"string","description":"consumer key. Only set with editConsumerKey=true"},"editConsumerKey":{"type":"string","description":"set to true to edit the consumer key"},"privateKey":{"type":"string","description":"private key. Only set with editPrivateKey=true"},"editPrivateKey":{"type":"boolean","description":"set to true to edit the private key"},"privateKeyFilename":{"type":"string","description":"filename private key"}}}}}]}}],"responses":{"200":{"description":"Successful datastore update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all datastores. Results can be refined with query params.","tags":["DDC/DataStore"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in any of these columns:\nname, description, type, branch location name, sensitivity level name.\n"},{"name":"id","in":"query","type":"string","description":"Filter by ID\n"},{"name":"type","in":"query","type":"string","description":"Returns the rows that contains any of the types of the filter split by commas.\nValid values: LOCAL_STORAGE, HADOOP_CLUSTER, IBM_DB2, ORACLE_DB, MICROSOFT_SQL_DB, UNIX_FILE_SHARE, WINDOWS_SHARE\n"},{"name":"agentStatus","in":"query","type":"string","description":"Returns the rows that contains any of the agent status of the filter split by commas.\nValid values: VALIDATING, FAILED, READY\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}}}}]}}}},"post":{"summary":"Create","description":"Creates a new Datastore (this endpoint is deprecated, please use the specific datastore connection for the create, like /datastore/local-storage).\n","tags":["DDC/DataStore","deprecated"],"parameters":[{"name":"body","in":"body","description":"Datastore configuration","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object","properties":{"allowAllGroups":{"description":"If set to true users of any group can access the datastore reports","type":"boolean"},"ownerId":{"description":"Identifier of the user creating the datastore","type":"string","example":"local|372c524a-3b03-4e62-821e-595db88a7d19"},"permissions":{"type":"object","properties":{"ReadDatastoreReportPermissionDDC":{"type":"array","description":"List of groups with permissions to access the datastore reports","items":{"type":"string","description":"Name of the group"}}}}}},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","properties":{"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"}}}]}}],"responses":{"200":{"description":"Successful datastore creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a Datastore with the given `id`.","tags":["DDC/DataStore"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}}}},"put":{"summary":"Update","description":"Updates the details of a Datastore. (this endpoint is deprecated, please use the specific datastore connection for the update, like /datastore/local-storage/{id}).","tags":["DDC/DataStore","deprecated"],"parameters":[{"name":"body","in":"body","description":"The Datastore properties to change. The properties will be merged\nwith the Datastore resource.\n","schema":{"allOf":[{"allOf":[{"type":"object","required":["name","type","meta","status","sensitivityLevelId","branchLocationId"],"properties":{"name":{"description":"Name of the Datastore.","type":"string"},"description":{"description":"Description of Datastore.","type":"string"},"meta":{"description":"Meta data of Datastore.","type":"object"},"status":{"description":"If the datastore status is set to false it will be ignored when running a scan that includes it.","type":"boolean"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Datastore.","type":"string","format":"UUIDv4"},"branchLocationId":{"description":"Physical location ID of the Datastore.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}}}}]},{"allOf":[{"type":"object","properties":{"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]},{"allOf":[{"type":"object","properties":{"agentLabels":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"The name of the label"}}}}}}]},{"type":"object","properties":{"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n - editSecretAccessKey:\n - type: boolean\n - description: set to true to edit the secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: password to access the datastore. Fill with editPassword=true only. password = '' + editPassword=true -> set password to empty string\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key. Only fill with editClientSecretKey=true\n - editClientSecretKey:\n - type: boolean\n - description: set to true to edit the client secret key\n-EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password. Only fill with editPassword=true\n - editPassword:\n - type: boolean\n - description: set to true to edit the password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id. Only set with editServiceAccountID=true\n - editServiceAccountID:\n - type: boolean\n - description: set to true to edit the service account id\n - privateKey:\n - type: string\n - description: private key. Only set with editPrivateKey=true\n - editPrivateKey:\n - type: boolean\n - description: set to true to edit the private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password. Only set with editPassword=true \n - editPassword:\n - type: string\n - description: set to true to edit the passowrd\n - apiPassword:\n - type: string\n - description: api password. Only set with editAPIPasswords=true\n - editAPIPasswords:\n - type: string\n - description: set to true to edit the api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"}}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Sets the datastore with the given `id` to the deleted status.","tags":["DDC/DataStore"],"responses":{"204":{"description":"The datastore was successfully set to the deleted status."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The supplied ID has an incorrect format","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"The current datastore status doesn't allow the delete operation.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/by-type":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists datastore types and the number of datastores.","tags":["DDC/DataStore"],"responses":{"200":{"description":"Successful retrieval of resource list.","schema":{"type":"array","items":{"type":"object","properties":{"type":{"description":"Datastore type.","type":"string"},"count":{"description":"Number of datastores by type.","type":"integer"}}}}}}}},"/v1/ddc/datastores/group-by-type":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists of datastores grouped by type, each type is encapsulated in an object that contains the type and the array of datastores.","tags":["DDC/DataStore"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in the name column.\n"},{"name":"name","in":"query","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},{"name":"duration","in":"query","type":"string","description":"Filters results to those with matching ranges in hours. The ranges are separated by commas. Each range is a pair of numbers separated by the '-' character. n- range will search for durations from n hours. -n range will search for durations up to n hours. NA range will search for rows with the column set to null. Example - 0-2,4-8,12-,NA"},{"name":"lastScanAfter","in":"query","type":"string","format":"date","description":"Filters scans executed after the specified Date/time\n"},{"name":"status","in":"query","type":"string","format":"string","description":"Valid types: RUNNING, COMPLETED, DISABLED, FAILED, PAUSED, N/A\n"},{"name":"lastScanBefore","in":"query","type":"string","format":"date","description":"Filters scans executed before the specified Date/time\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"type":{"description":"Datastores group type.","type":"string"},"dataStores":{"description":"datastores of previous type.","type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}}}}}}}]}}}}},"/v1/ddc/datastores/scanned":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Get the percentage of datastores scanned.","tags":["DDC/DataStore"],"parameters":[{"name":"date","in":"query","type":"string","format":"date","description":"Filters results with datastores scanned after the date received as parameter.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"totalDatastores":{"description":"Total number of datastores.","type":"integer"},"scannedDatastores":{"description":"Total number of scanned datastores.","type":"integer"},"sensitiveDatastores":{"description":"number of datastores with sensitive data.","type":"integer"}}}}}}},"/v1/ddc/datastores/sensitive-percentage":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Get the percentege of datastores with sensitive data. (Deprecated. Use /datastores/scanned instead)","tags":["DDC/DataStore","deprecated"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"totalDatastores":{"description":"Total number of datastores.","type":"integer"},"scannedDatastores":{"description":"Total number of scanned datastores.","type":"integer"},"sensitiveDatastores":{"description":"number of datastores with sensitive data.","type":"integer"}}}}}}},"/v1/ddc/datastores/{id}/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"put":{"summary":"Update","description":"Updates the status of the Datastore.","tags":["DDC/DataStore"],"parameters":[{"name":"body","in":"body","description":"The Datastore status you want to update\n","schema":{"type":"object","properties":{"status":{"description":"Status of Datastore.","type":"boolean"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Datastore.","type":"string"},"type":{"description":"Type of Datastore.","type":"string","enum":["LOCAL_STORAGE","HADOOP_CLUSTER","IBM_DB2","ORACLE_DB","MICROSOFT_SQL_DB","UNIX_FILE_SHARE","WINDOWS_SHARE","POSTGRESQL_DB","AMAZON_S3","AZURE_BLOB","AZURE_TABLE","OFFICE365_SHAREPOINT_ONLINE","OFFICE365_EXCHANGE_ONLINE","SAP_HANA_DB","TERADATA_DB","MYSQL_DB","MONGO_DB GOOGLE_MAIL GOOGLE_DRIVE SHAREPOINT_SERVER EXCHANGE_SERVER"]},"meta":{"description":"Meta data of Datastore.","type":"object"},"connection":{"description":"Connection parameters of Datastore. Required attributes depends on the Type parameter:\n- LOCAL_STORAGE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n- IBM_DB2:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- ORACLE_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MICROSOFT_SQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- POSTGRESQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- SAP_HANA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - database:\n - type: string\n - description: name of the database\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MYSQL_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- TERADATA_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- MONGO_DB:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: database port\n - authDatabase:\n - type: string\n - description: Authorization database \n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n- WINDOWS_SHARE:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - username:\n - type: string\n - description: user to access the datastore\n - password:\n - type: string\n - description: password to access the datastore\n - path:\n - type: string\n - description: Shared folder name\n- UnixShareConnection:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - path:\n - type: string\n - description: Shared folder path\n - proxyHostname:\n - type: string\n - description: hostname of the agent when the shared folder is mounted\n - proxyPath:\n - type: string\n - description: mount point in the agent\n- HADOOP_CLUSTER:\n - hostname:\n - type: string\n - description: hostname of the datastore\n - format: URL or IP\n - port:\n - type: integer\n - description: hdfs port\n- AMAZON_S3:\n - accessKeyId:\n - type: string\n - description: access key ID\n - secretAccessKey:\n - type: string\n - description: secret access key\n- AZURE_BLOB:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- AZURE_TABLE:\n - accountName:\n - type: string\n - description: azure account name\n - username:\n - type: string\n - description: azure username\n - password:\n - type: string\n - description: azure password\n- OFFICE365_SHAREPOINT_ONLINE:\n - domain:\n - type: string\n - description: sharepoint domain\n - username:\n - type: string\n - description: sharepoint username\n - password:\n - type: string\n - description: sharepoint password\n- OFFICE365_EXCHANGE_ONLINE:\n - domain:\n - type: string\n - description: exchange domain\n - clientId:\n - type: string\n - description: exchange client id\n - tenantId:\n - type: string\n - description: exchange tenant id\n - clientSecretKey:\n - type: string\n - description: client secret key\n- EXCHANGE_SERVER:\n - domain:\n - type: string\n - description: exchange server domain\n - username:\n - type: string\n - description: exchange server username\n - password:\n - type: string\n - description: exchange server password\n- GOOGLE_MAIL:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- GOOGLE_DRIVE:\n - domain: \n - type: string\n - description: google domain\n - username:\n - type: string\n - description: google username\n - serviceAccountID:\n - type: string\n - description: service account id\n - privateKey:\n - type: string\n - description: private key\n - privateKeyFilename:\n - type: string\n - description: private key file name\n- SHAREPOINT_SERVER:\n - hostname:\n - type: string\n - description: share point server hostname\n - username:\n - type: string\n - description: username\n - password:\n - type: string\n - description: password\n - apiPassword:\n - type: string\n - description: api password\n - apiPasswordsFilename:\n - type: string\n - description: api password file name\n","type":"object","format":"JSON"},"status":{"description":"Status of Datastore. If set to false it will be ignored when executing a scan.","type":"boolean"},"sensitiveObjects":{"description":"Number of sensitive objects detected in the Datastore.","type":"integer"},"totalObjects":{"description":"Total number of object into the Datastore.","type":"integer"},"sensitivityLevel":{"description":"Sensitivity level of the datastore","type":"object","properties":{"id":{"description":"ID of the sensitivity level","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the sensitivity level","type":"integer","format":"uint64"},"name":{"description":"Name of the sensitivity level","type":"string"},"level":{"description":"Level of the sensitivity level","type":"integer"},"color":{"description":"Color of the sensitivity level","type":"string"}}},"branchLocation":{"description":"Branch location of the dataster","type":"object","properties":{"id":{"description":"ID of the branch location","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the branch location","type":"integer","format":"uint64"},"name":{"description":"Name of the branch location","type":"string"}}},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Id of the tag","type":"string","format":"UUIDv4"},"chainedVersion":{"description":"Version of the tag","type":"integer","format":"uint64"},"name":{"description":"Name of the tag","type":"string"}}}},"agentLabels":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"ID of the label"},"name":{"type":"string","description":"Name of the label"}}}},"minAgents":{"description":"Minimun number of agents.","type":"integer","default":1},"maxAgents":{"description":"Maximum number of agents.","type":"integer","default":1}}}]}},"404":{"description":"TBD","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/datastores/{id}/agent-search":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Launches the search for a target.","tags":["DDC/DataStore"],"responses":{"200":{"description":"OK"}}}},"/v1/ddc/datastores/{id}/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Launches connectivity test of datastore with agent.","tags":["DDC/DataStore"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Connection status.","type":"string","enum":["RUNNING","COMPLETED"]},"processID":{"description":"Process ID","type":"string","format":"uuid"}}}}}}},"/v1/ddc/datastores/connection-test/{processID}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"get":{"summary":"Get","description":"Returns RUNNING/COMPLETED status based on connectivity test state of agents with Datastore.","tags":["DDC/DataStore"],"parameters":[{"name":"processID","in":"path","description":"An identifier of get datastore connection status with agent.","type":"string","format":"UUID","required":true}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Connection status.","type":"string","enum":["RUNNING","COMPLETED"]},"processID":{"description":"Process ID","type":"string","format":"uuid"}}}},"404":{"description":"Resource Not Found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/report-template":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Report Aggregated Template (this endpoint is deprecated please use /report-template/scan/aggregated).\n","tags":["DDC/ReportTemplate","deprecated"],"parameters":[{"name":"body","in":"body","description":"Report Template configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["source","analysis","scans"],"properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"source":{"description":"Source of ReportTemplate.","type":"string"},"analysis":{"description":"Analysis of ReportTemplate.","type":"string"},"scans":{"description":"Array Scans of the reportTemplate","type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the scan selected for the report.","type":"string"},"scanExecutionId":{"description":"ScanExecutionID is the execution ID of the scan (Set to empty to use latest).","type":"string"},"scanName":{"description":"ScanName of the scan selected for the report.","type":"string"},"latest":{"description":"True for last execution.","type":"boolean"},"executionDate":{"description":"ExecutionDate of the scan selected for the report.","format":"date-time"}}}]}}}}]}}],"responses":{"201":{"description":"Successful Report Template creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"get":{"summary":"List all","description":"Lists all Report Templates . Results can be refined with query params.","tags":["DDC/ReportTemplate"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name\n\n...will sort the results first by `name`.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in any of these columns:\nname.\n"},{"name":"type","in":"query","type":"string","description":"This filter allows you to retrieve only the report templates with the selected type: scans, datastores.\n"},{"name":"analysis","in":"query","type":"string","description":"This filter allows you to retrieve only the report templates with the selected analysis: aggregated, trend, etc.\n"},{"name":"schedule","in":"query","type":"string","description":"This filter allows you to retrieve only the report templates with the selected schedule date or manual schedule.\n"},{"name":"status","in":"query","type":"string","description":"This filter allows you to retrieve only the report templates with the selected status: completed, in progess, etc.\n"},{"name":"includeDeleted","in":"query","type":"boolean","description":"Adds the scans with the deleted status in the response\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}}}}]}}}}]}}}}},"/v1/ddc/report-template/scan/aggregated":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Report Aggregated Template.\n","tags":["DDC/ReportTemplate"],"parameters":[{"name":"body","in":"body","description":"Report Template configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["source","analysis","scans"],"properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"source":{"description":"Source of ReportTemplate.","type":"string"},"analysis":{"description":"Analysis of ReportTemplate.","type":"string"},"scans":{"description":"Array Scans of the reportTemplate","type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the scan selected for the report.","type":"string"},"scanExecutionId":{"description":"ScanExecutionID is the execution ID of the scan (Set to empty to use latest).","type":"string"},"scanName":{"description":"ScanName of the scan selected for the report.","type":"string"},"latest":{"description":"True for last execution.","type":"boolean"},"executionDate":{"description":"ExecutionDate of the scan selected for the report.","format":"date-time"}}}]}}}}]}}],"responses":{"201":{"description":"Successful Report Template creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/report-template/scan/trend":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new Report Trend Template.\n","tags":["DDC/ReportTemplate"],"parameters":[{"name":"body","in":"body","description":"Report Template configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"scanId":{"description":"Scan Id of the desired scan","type":"string"},"scanExecutionId":{"description":"Scan Execution Id of the desired scan","type":"string"},"scanExecutions":{"description":"Number of scan executions desired for the report","type":"integer"}}}]}}],"responses":{"201":{"description":"Successful Report Template creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/report-template/{id}":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns information about a Report Template.\n","tags":["DDC/ReportTemplate"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}}}}]}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Sets the report template with the given `id` to the deleted status.","tags":["DDC/ReportTemplate"],"responses":{"204":{"description":"The report template was successfully set to the deleted status."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The supplied ID has an incorrect format","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"The current scan status doesn't allow the delete operation.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/report-template/{id}/run":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Run Report Template","description":"Changes the last run attribute in report template model.\n","parameters":[{"name":"body","in":"body","description":"Optional, the id to create the report template","schema":{"type":"object","required":["reportId"],"properties":{"reportId":{"type":"string"}}}}],"tags":["DDC/ReportTemplate"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of ReportTemplate.","type":"string"},"meta":{"description":"Meta data of ReportTemplate.","type":"object"},"source":{"description":"Source of the Report Template.","type":"string"},"analysis":{"description":"Source of the Report Template.","type":"string"},"schedule":{"description":"Schedule Report Template.","type":"string"},"lastRun":{"description":"Last Run Report Template.","type":"string","format":"date-time"},"status":{"description":"Status od the Report Template.","type":"string"},"scans":{"type":"array","items":{"allOf":[{"type":"object","properties":{"scanId":{"description":"ScanID of the execution selected for the report.","type":"string"},"scanName":{"description":"scanName of the execution selected for the report.","type":"string"},"scanExecutionId":{"description":"scanExecutionId of the execution selected for the report.","type":"string"},"latest":{"description":"True for LastExecution.","type":"boolean"},"executionDate":{"description":"ExecutionDate selected by user.","type":"string","format":"date-time"}}}]}}}}]}},"404":{"description":"TBD","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"TBD","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/classification-profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all Classification Profiles. Results can be refined with query params.","tags":["DDC/ClassificationProfile"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in any of these columns:\nname.\n"},{"name":"template","in":"query","type":"string","description":"This filter allows you to retrieve only the classification profiles that are created by default.\n"},{"name":"sensitivityLevel","in":"query","type":"string","format":"string","description":"Returns the rows that contains any of the values of the filter split by commas.\n"},{"name":"infotype","in":"query","type":"string","format":"string","description":"Returns the rows that contains any of the values of the filter split by commas. Infotype ID filter.\n"},{"name":"id","in":"query","type":"string","description":"Filter by id\n"},{"name":"skipInfotypes","in":"query","type":"string","format":"string","description":"Returns the rows with the classification profiles without the infotype information.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"classificationUUID":{"type":"string","description":"UUID for remediation and tagging. Classification profiles with same UUID are considered as the same for remediation.","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"post":{"summary":"Create","description":"Creates a new Classification Profile\n","tags":["DDC/ClassificationProfile"],"parameters":[{"name":"body","in":"body","description":"Classification Profile configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["sensitivityLevelId","infoTypes"],"properties":{"id":{"description":"ID of the new classification profile. If not supplied a random UUID will be used","type":"string","format":"UUIDv4"},"classificationUUID":{"description":"UUID for remediation and tagging. Classification profiles with same UUID are considered as the same for remediation.\nIf not supplied a random UUID will be used\n","type":"string","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Classification Profile.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}},"infoTypes":{"type":"array","items":{"type":"object","properties":{"infoTypeId":{"description":"ID of the info type","type":"string","format":"UUIDv4"},"infoTypeMin":{"description":"Min matches of the infotype","type":"integer"}}}}}}]}}],"responses":{"201":{"description":"Successful classification profile creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"classificationUUID":{"type":"string","description":"UUID for remediation and tagging. Classification profiles with same UUID are considered as the same for remediation.","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/classification-profiles/{id}":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","parameters":[{"name":"includeDeleted","in":"query","type":"boolean","description":"Adds the scans with the deleted status in the response\n"}],"description":"Returns information about a Classification Profile.\n","tags":["DDC/ClassificationProfile"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"classificationUUID":{"type":"string","description":"UUID for remediation and tagging. Classification profiles with same UUID are considered as the same for remediation.","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"put":{"summary":"Update","description":"Updates the details of a Classification Profile.","tags":["DDC/ClassificationProfile"],"parameters":[{"name":"body","in":"body","description":"The Classification properties to change. The properties will be merged\nwith the ClassificationProfile resource.\n","schema":{"allOf":[{"type":"object","required":["name","sensitivityLevelId","infoTypes"],"properties":{"name":{"description":"name of Classification Profile.","type":"string"},"description":{"description":"Description of Classification Profile.","type":"string"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Classification Profile.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}},"infoTypes":{"type":"array","items":{"type":"object","properties":{"infoTypeId":{"description":"ID of the info type","type":"string","format":"UUIDv4"},"infoTypeMin":{"description":"Min matches of the infotype","type":"integer"}}}}}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"classificationUUID":{"type":"string","description":"UUID for remediation and tagging. Classification profiles with same UUID are considered as the same for remediation.","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Sets the Classification profile with the given `id` to the deleted status.","tags":["DDC/ClassificationProfile"],"responses":{"204":{"description":"The ClassificationProfile was successfully set to the deleted status."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The supplied ID has an incorrect format","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"The current Classificatjion profile doesn't allow the delete operation. Is a Template or already in use.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/classification-profiles/{id}/clone":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"body","in":"body","description":"The Classification properties to change. The properties will be merged\nwith the ClassificationProfile resource.\n","schema":{"allOf":[{"type":"object","required":["name","sensitivityLevelId","infoTypes"],"properties":{"name":{"description":"name of Classification Profile.","type":"string"},"description":{"description":"Description of Classification Profile.","type":"string"},"sensitivityLevelId":{"description":"Sensitivity Level ID of Classification Profile.","type":"string","format":"UUIDv4"},"tags":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the tag to use. To create a new tag leave it empty and use name instead","type":"string","format":"UUIDv4"},"name":{"description":"Name of the tag to create.","type":"string"}}}},"infoTypes":{"type":"array","items":{"type":"object","properties":{"infoTypeId":{"description":"ID of the info type","type":"string","format":"UUIDv4"},"infoTypeMin":{"description":"Min matches of the infotype","type":"integer"}}}}}}]}}],"post":{"summary":"Clone","description":"Clones a new Classification Profile and update the Clone data if exist request body\n","tags":["DDC/ClassificationProfile"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"classificationUUID":{"type":"string","description":"UUID for remediation and tagging. Classification profiles with same UUID are considered as the same for remediation.","format":"UUIDv4"},"description":{"description":"Description of Classification Profile.","type":"string"},"template":{"description":"Indicates if the Classification Profile is a pre-loaded template.","type":"boolean"},"sensitivityLevel":{"description":"Sensitivity level of the Classification Profile.","type":"object","properties":{"id":{"type":"string","description":"Sensitivity level id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Sensitivity level version","format":"uint64"},"name":{"type":"string","description":"Sensitivity level name"},"color":{"type":"string","description":"Preferred color shown in the UI"},"level":{"type":"integer","description":"Level of sensitivity."}}},"tags":{"description":"Classification profile tags","type":"array","items":{"type":"object","properties":{"id":{"type":"string","description":"Tag id","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Tag version","format":"uint64"},"name":{"type":"string","description":"Tag name"}}}},"infoTypes":{"description":"Classification profile info types","type":"array","items":{"type":"object","properties":{"min":{"type":"integer","description":"min attribute, default 1"},"infoTypeId":{"type":"string","description":"id of the info type","format":"UUIDv4"},"infoType":{"type":"object","description":"Info type details","properties":{"id":{"type":"string","description":"Info type ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type version","format":"uint64"},"name":{"type":"string","description":"Info type name"},"type":{"description":"System info type or user created","type":"string","enum":["BUILTIN","CUSTOM"]},"region":{"type":"string","description":"Info type region"},"family":{"type":"object","description":"Info type family","properties":{"id":{"type":"string","description":"Info type family ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type family version","format":"uint64"},"name":{"type":"string","description":"Info type family name"},"category":{"type":"object","description":"Info type category","properties":{"id":{"type":"string","description":"Info type category ID","format":"UUIDv4"},"chainedVersion":{"type":"integer","description":"Info type category version","format":"uint64"},"name":{"type":"string","description":"Info type category name"}}}}}}}}}}}}]}},"404":{"description":"TBD","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"TBD","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/system-settings/infotypes":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all infotypes. Results can be refined with query params.","tags":["DDC"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"name","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in any of these columns:\nname.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains the values within this parameter.\n"},{"name":"category","in":"query","type":"string","description":"Returns the rows that contains any of the categories of the filter split by commas.\n"},{"name":"region","in":"query","type":"string","description":"Returns the rows that contains any of the regions of the filter split by commas.\n"},{"name":"type","in":"query","type":"string","description":"Returns the rows that contains any of the type of the filter split by commas.\n"},{"name":"canRefer","in":"query","type":"string","description":"Set the value to true if you want to obtain the list of infotypes that you can use to build custom expressions.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"type":{"description":"Info Type type, either BUILTIN or CUSTOM","type":"string"},"key":{"description":"Info Type Key.","type":"string"},"region":{"description":"Info type Region.","type":"string"},"family":{"description":"info type family","type":"object","properties":{"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"name":{"description":"name of the category","type":"string"}}}}},"riskWeight":{"description":"risk weight for the infotype matches","type":"integer"}}}]}}}}]}}}},"post":{"summary":"Create","description":"Creates a new custom Infotype\n","tags":["DDC"],"parameters":[{"name":"body","in":"body","description":"Custom Infotype configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"required":["expression"],"properties":{"expression":{"description":"Custom info type expression. The expression is a combination of the following commands.\n- WORD '{FREE TEXT}'\n- RANGE {TYPE} TIMES {FROM}-{TO}\n- REFER '{PREFIX}_{KEYNAME}'\nThe different options for the {TYPE} are SPACE, HSPACE, VSPACE, BYTE, ALNUM, LETTER, DIGIT, PRINTABLE,\nPRINTABLEASCII, PRINTABLENONALPHA, PRINTABLENONALNUM, GRAPHIC, SAMELINE, NONALNUM, NONALPHA and NONDIGIT\nThe {PREFIX}_{KEYNAME} is the Key field of the Infotype. The chosen infotype needs to be a built-in info type.\nFor each {PREFIX} used in the REFER section we need to add a INCLUDE 'DEFINE_{PREFIX}' at the start of the expression.\nThe commands are combined using the THEN clause.\nExample:\n INCLUDE 'DEFINE_BANK'\n INCLUDE 'DEFINE_CHD'\n REFER 'CHD_AMERICANEXPRESS'\n THEN WORD 'Hello world'\n THEN RANGE ALNUM TIMES 0-1\n THEN REFER 'BANK_AUSTRALIA_ABN_STRICT'\n THEN REFER 'CHD_MASTERCARD'\n","type":"string"}}},{"type":"object","required":["region","family"],"properties":{"region":{"description":"Region of the info type. Possible values - Global, Africa, Americas, Asia, Europe, Oceania","type":"string"},"family":{"description":"Info type family. Possible values - Passport Number, License Number, Date Of Birth, Gender,\nTelephone Number, Phone Number, Card Number, Patient Health Data, Email addresses, Login credentials,\nIP Address, Ethnicity, Roll Number, Credit/Debit Cards, Bank Account Info, Personal Identification,\nMailing Address, Name, Religion, MAC Address\n","type":"string"},"riskWeight":{"description":"Defines the value each match of the info type adds to the risk score.\nThis particular section of the risk score works like this: \n(It1Matches * It1Weight + It2Matches * It2Weight + ...) * 0.1\n","type":"integer","default":1}}}]}}],"responses":{"200":{"description":"Successful custom infotype creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"type":{"description":"Info Type type, either BUILTIN or CUSTOM","type":"string"},"key":{"description":"Info Type Key.","type":"string"},"region":{"description":"Info type Region.","type":"string"},"family":{"description":"info type family","type":"object","properties":{"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"name":{"description":"name of the category","type":"string"}}}}},"riskWeight":{"description":"risk weight for the infotype matches","type":"integer"}}}]}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"Error, see code in the error:\n- DDCBadRegionError - The specified region doesn't exist\n- DDCBadFamilyError - The specified family doesn't exist\n- DDCBadCustomInfoTypeExpressionError - The specified expression is not correct\n- DDCError - Unexpected error\n","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/system-settings/infotypes/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns an Info type.","tags":["DDC"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"type":{"description":"Info Type type, either BUILTIN or CUSTOM","type":"string"},"key":{"description":"Info Type Key.","type":"string"},"region":{"description":"Info type Region.","type":"string"},"family":{"description":"info type family","type":"object","properties":{"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"name":{"description":"name of the category","type":"string"}}}}},"riskWeight":{"description":"risk weight for the infotype matches","type":"integer"}}}]}}}},"put":{"summary":"Update","description":"Updates a custom Infotype\n","tags":["DDC"],"parameters":[{"name":"body","in":"body","description":"Custom Infotype configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"required":["expression"],"properties":{"expression":{"description":"Custom info type expression. The expression is a combination of the following commands.\n- WORD '{FREE TEXT}'\n- RANGE {TYPE} TIMES {FROM}-{TO}\n- REFER '{PREFIX}_{KEYNAME}'\nThe different options for the {TYPE} are SPACE, HSPACE, VSPACE, BYTE, ALNUM, LETTER, DIGIT, PRINTABLE,\nPRINTABLEASCII, PRINTABLENONALPHA, PRINTABLENONALNUM, GRAPHIC, SAMELINE, NONALNUM, NONALPHA and NONDIGIT\nThe {PREFIX}_{KEYNAME} is the Key field of the Infotype. The chosen infotype needs to be a built-in info type.\nFor each {PREFIX} used in the REFER section we need to add a INCLUDE 'DEFINE_{PREFIX}' at the start of the expression.\nThe commands are combined using the THEN clause.\nExample:\n INCLUDE 'DEFINE_BANK'\n INCLUDE 'DEFINE_CHD'\n REFER 'CHD_AMERICANEXPRESS'\n THEN WORD 'Hello world'\n THEN RANGE ALNUM TIMES 0-1\n THEN REFER 'BANK_AUSTRALIA_ABN_STRICT'\n THEN REFER 'CHD_MASTERCARD'\n","type":"string"}}},{"type":"object","required":["region","family"],"properties":{"region":{"description":"Region of the info type. Possible values - Global, Africa, Americas, Asia, Europe, Oceania","type":"string"},"family":{"description":"Info type family. Possible values - Passport Number, License Number, Date Of Birth, Gender,\nTelephone Number, Phone Number, Card Number, Patient Health Data, Email addresses, Login credentials,\nIP Address, Ethnicity, Roll Number, Credit/Debit Cards, Bank Account Info, Personal Identification,\nMailing Address, Name, Religion, MAC Address\n","type":"string"},"riskWeight":{"description":"Defines the value each match of the info type adds to the risk score.\nThis particular section of the risk score works like this: \n(It1Matches * It1Weight + It2Matches * It2Weight + ...) * 0.1\n","type":"integer","default":1}}}]}}],"responses":{"200":{"description":"Successful custom infotype creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"type":{"description":"Info Type type, either BUILTIN or CUSTOM","type":"string"},"key":{"description":"Info Type Key.","type":"string"},"region":{"description":"Info type Region.","type":"string"},"family":{"description":"info type family","type":"object","properties":{"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"name":{"description":"name of the category","type":"string"}}}}},"riskWeight":{"description":"risk weight for the infotype matches","type":"integer"}}}]}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"Error, see code in the error:\n- DDCBadRegionError - The specified region doesn't exist\n- DDCBadFamilyError - The specified family doesn't exist\n- DDCBadCustomInfoTypeExpressionError - The specified expression is not correct\n- DDCCannotUpdateBuiltinMessage - The specified ID belongs to a built-in info type, which cannot be updated\n- DDCError - Unexpected error\n","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/system-settings/infotypes/change-precision":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Update","description":"Updates a builtin Infotype with search precision\n","tags":["DDC"],"parameters":[{"name":"body","in":"body","description":"BuiltIn Infotype configuration","schema":{"allOf":[{"type":"object","required":["operations"],"properties":{"operations":{"type":"array","items":{"type":"object","required":["id","searchPrecision"],"properties":{"id":{"description":"BuiltIn Infotype Id","type":"string"},"searchPrecision":{"description":"Search Precision for Infotype. Possible values - LOW, HIGH\n","type":"string"}}}}}}]}}],"responses":{"200":{"description":"Successful BuiltIn infotype creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"type":{"description":"Info Type type, either BUILTIN or CUSTOM","type":"string"},"key":{"description":"Info Type Key.","type":"string"},"region":{"description":"Info type Region.","type":"string"},"family":{"description":"info type family","type":"object","properties":{"name":{"description":"name of the family","type":"string"},"category":{"description":"info type category","type":"object","properties":{"name":{"description":"name of the category","type":"string"}}}}},"riskWeight":{"description":"risk weight for the infotype matches","type":"integer"}}}]}},"409":{"description":"Resource conflict.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"Error, see code in the error:\n- DDCCannotUpdateBuiltinMessage - The specified ID belongs to a built-in info type, which cannot be updated\n- DDCError - Unexpected error\n","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/license/allowance":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Returns data allowance total and consumed","description":"Returns the data allowance awareness in MB. One value is data allowance consumed and\nthe other is total data allowance.\n","tags":["DDC"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"dataUsage":{"description":"Data allowance consumed","type":"integer","format":"int"},"totalDataAllowance":{"description":"Total data allowance available","type":"integer","format":"int"}}}}}}},"/v1/ddc/scans":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List All","description":"List all the scans. Results can be defined with query params.","tags":["DDC/Scan"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in the name column.\n"},{"name":"executed","in":"query","type":"boolean","description":"If this filter is set to true, returns only the scans that have ever been executed. If it is set to false\nthen this endpoint returns the scans that never were executed.\n"},{"name":"reportable","in":"query","type":"boolean","description":"If this filter is set to true, returns only the scans that user has access.\n"},{"name":"name","in":"query","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},{"name":"duration","in":"query","type":"string","description":"Filters results to those with matching ranges in hours. The ranges are separated by commas. Each range is a pair of numbers separated by the '-' character. n- range will search for durations from n hours. -n range will search for durations up to n hours. NA range will search for rows with the column set to null. Example - 0-2,4-8,12-,NA"},{"name":"lastScanAfter","in":"query","type":"string","format":"date","description":"Filters scans executed after the specified Date/time\n"},{"name":"status","in":"query","type":"string","format":"string","description":"Returns the rows that contains any of the status of the filter split by commas.\nValid types: RUNNING, COMPLETED, DISABLED, FAILED, PAUSED, N/A\n"},{"name":"lastScanBefore","in":"query","type":"string","format":"date","description":"Filters scans executed before the specified Date/time\n"},{"name":"classificationProfile","in":"query","type":"string","format":"string","description":"Filters scans with the given classification profile id\n"},{"name":"datastore","in":"query","type":"string","format":"string","description":"Filters scans with the given data store id\n"},{"name":"includeDeleted","in":"query","type":"boolean","description":"Adds the scans with the deleted status in the response\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"deletedAt":{"description":"The date when the scan was deleted","type":"string","format":"date-time"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *"},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"scheduleEnabled":{"description":"Indicates if the scan schedule is enabled","type":"boolean"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean"},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":1024},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (no_info, minimum, balanced, maximum)","type":"string","enum":["no_info","minimum","balanced","maximum"],"default":"no_info"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"voice":{"description":"Enables voice recognition when scanning WAV and MP3 files","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}},"classificationProfiles":{"description":"Classification profiles included in the scan","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"},"name":{"description":"Name of the classification profile","type":"string"},"chainedVersion":{"description":"Version of the classification profile","type":"integer"},"classificationUUID":{"description":"UUID of the classification profile for classification","type":"string","format":"UUIDv4"}}}},"dataStores":{"description":"Datastores included in the scan","type":"array","items":{"type":"object","properties":{"datastore":{"description":"Details of the datastore","type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"name":{"description":"Name of the datastore","type":"string"},"type":{"description":"Type of the datastore","type":"string"},"chainedVersion":{"description":"Version of the datastore","type":"integer"}}},"remediateRootPath":{"description":"Indicates if the remediation is enabled for the root path","type":"boolean","default":false},"targets":{"description":"Targets in the datastore to scan","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the target to scan","type":"string"},"remediate":{"description":"Indicates if the remediation is enabled for the target","type":"boolean"}}}}}}},"lastExecutionId":{"description":"ID of the last execution of the scan","type":"string","format":"UUIDv4"},"lastExecution":{"description":"Status of the last scan execution","type":"object","properties":{"id":{"description":"ID of the execution","type":"string","format":"UUIDv4"},"scanId":{"description":"ID of the scan","type":"string","format":"UUIDv4"},"scanVersion":{"description":"Version of the scan","type":"integer"},"startTimestamp":{"description":"Timestamp when the scan started","type":"string","format":"date"},"endTimestamp":{"description":"Timestamp when the scan ended","type":"string","format":"date"},"duration":{"description":"Duration of the scan in seconds","type":"integer"},"status":{"description":"Current status of the scan execution","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]},"error":{"description":"error of the scan, if it failed","type":"object","format":"JSON"},"totalObjects":{"description":"total data objects found in the execution","type":"integer"},"sensitiveObjects":{"description":"number of sensitive data objects found in the execution","type":"integer"},"ddcVersion":{"description":"ddc version when the scan was executed","type":"string"}}},"actions":{"description":"Actions available for the scan, given the configuration and the current status.","type":"array","items":{"type":"string","enum":["RUN_NOW","DISABLE","PAUSE","STOP","RESUME","ENABLE","RECLASSIFY","EDIT","DELETE","DUPLICATE"]}},"status":{"description":"Current status of the scan","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","UNSCANNED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]}}}]}}}}]}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"post":{"summary":"Create","description":"Creates a new Scan","tags":["DDC/Scan"],"parameters":[{"name":"body","in":"body","description":"Scan configuration","schema":{"allOf":[{"type":"object","required":["name","classificationProfiles","dataStores"],"properties":{"id":{"description":"id to use when creating the scan","type":"string","format":"UUIDv4","default":"random UUID"},"name":{"description":"name of the scan","type":"string"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *","default":null},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean","default":false},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":1024},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (no_info, minimum, balanced, maximum)","type":"string","enum":["no_info","minimum","balanced","maximum"],"default":"no_info"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"voice":{"description":"Enables voice recognition when scanning WAV and MP3 files","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"classificationProfiles":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"}}}},"dataStores":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"remediateRootPath":{"description":"Enable or disable remediation for root path. This cannot be true if there are targets.","type":"boolean","default":false},"targets":{"description":"targets to scan inside the datastore","type":"array","items":{"type":"object","properties":{"path":{"description":"Target path to scan in the datastore","type":"string"},"remediate":{"description":"Enable or disable remediation for the target path","type":"boolean","default":false}}}}}}},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}}}}]}}],"responses":{"200":{"description":"Successful scan creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"deletedAt":{"description":"The date when the scan was deleted","type":"string","format":"date-time"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *"},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"scheduleEnabled":{"description":"Indicates if the scan schedule is enabled","type":"boolean"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean"},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":1024},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (no_info, minimum, balanced, maximum)","type":"string","enum":["no_info","minimum","balanced","maximum"],"default":"no_info"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"voice":{"description":"Enables voice recognition when scanning WAV and MP3 files","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}},"classificationProfiles":{"description":"Classification profiles included in the scan","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"},"name":{"description":"Name of the classification profile","type":"string"},"chainedVersion":{"description":"Version of the classification profile","type":"integer"},"classificationUUID":{"description":"UUID of the classification profile for classification","type":"string","format":"UUIDv4"}}}},"dataStores":{"description":"Datastores included in the scan","type":"array","items":{"type":"object","properties":{"datastore":{"description":"Details of the datastore","type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"name":{"description":"Name of the datastore","type":"string"},"type":{"description":"Type of the datastore","type":"string"},"chainedVersion":{"description":"Version of the datastore","type":"integer"}}},"remediateRootPath":{"description":"Indicates if the remediation is enabled for the root path","type":"boolean","default":false},"targets":{"description":"Targets in the datastore to scan","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the target to scan","type":"string"},"remediate":{"description":"Indicates if the remediation is enabled for the target","type":"boolean"}}}}}}},"lastExecutionId":{"description":"ID of the last execution of the scan","type":"string","format":"UUIDv4"},"lastExecution":{"description":"Status of the last scan execution","type":"object","properties":{"id":{"description":"ID of the execution","type":"string","format":"UUIDv4"},"scanId":{"description":"ID of the scan","type":"string","format":"UUIDv4"},"scanVersion":{"description":"Version of the scan","type":"integer"},"startTimestamp":{"description":"Timestamp when the scan started","type":"string","format":"date"},"endTimestamp":{"description":"Timestamp when the scan ended","type":"string","format":"date"},"duration":{"description":"Duration of the scan in seconds","type":"integer"},"status":{"description":"Current status of the scan execution","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]},"error":{"description":"error of the scan, if it failed","type":"object","format":"JSON"},"totalObjects":{"description":"total data objects found in the execution","type":"integer"},"sensitiveObjects":{"description":"number of sensitive data objects found in the execution","type":"integer"},"ddcVersion":{"description":"ddc version when the scan was executed","type":"string"}}},"actions":{"description":"Actions available for the scan, given the configuration and the current status.","type":"array","items":{"type":"string","enum":["RUN_NOW","DISABLE","PAUSE","STOP","RESUME","ENABLE","RECLASSIFY","EDIT","DELETE","DUPLICATE"]}},"status":{"description":"Current status of the scan","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","UNSCANNED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]}}}]}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"includeNumInfotypes","in":"query","type":"boolean","description":"If this filter is set to true the classification profiles inside the scan also include the number of info types contained in\nthe classification profile.\n"}],"get":{"summary":"Get","description":"Returns the details of a Scan with the given `id`.","tags":["DDC/Scan"],"parameters":[{"name":"progressDetailsLimit","in":"query","type":"integer","default":0,"description":"Max number of of targets to include for each datastore in the scan progress details.\nA value of 0 will include all the targets.\n"},{"name":"skipFinishedTargets","in":"query","type":"boolean","default":false,"description":"Skips the targets in the scan progress details with completed status.\nThe skipped targets are still taken in account to calculate the average progress for the datastores, but the matches are removed.\n"}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"deletedAt":{"description":"The date when the scan was deleted","type":"string","format":"date-time"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *"},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"scheduleEnabled":{"description":"Indicates if the scan schedule is enabled","type":"boolean"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean"},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":1024},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (no_info, minimum, balanced, maximum)","type":"string","enum":["no_info","minimum","balanced","maximum"],"default":"no_info"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"voice":{"description":"Enables voice recognition when scanning WAV and MP3 files","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}},"classificationProfiles":{"description":"Classification profiles included in the scan","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"},"name":{"description":"Name of the classification profile","type":"string"},"chainedVersion":{"description":"Version of the classification profile","type":"integer"},"classificationUUID":{"description":"UUID of the classification profile for classification","type":"string","format":"UUIDv4"}}}},"dataStores":{"description":"Datastores included in the scan","type":"array","items":{"type":"object","properties":{"datastore":{"description":"Details of the datastore","type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"name":{"description":"Name of the datastore","type":"string"},"type":{"description":"Type of the datastore","type":"string"},"chainedVersion":{"description":"Version of the datastore","type":"integer"}}},"remediateRootPath":{"description":"Indicates if the remediation is enabled for the root path","type":"boolean","default":false},"targets":{"description":"Targets in the datastore to scan","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the target to scan","type":"string"},"remediate":{"description":"Indicates if the remediation is enabled for the target","type":"boolean"}}}}}}},"lastExecutionId":{"description":"ID of the last execution of the scan","type":"string","format":"UUIDv4"},"lastExecution":{"description":"Status of the last scan execution","type":"object","properties":{"id":{"description":"ID of the execution","type":"string","format":"UUIDv4"},"scanId":{"description":"ID of the scan","type":"string","format":"UUIDv4"},"scanVersion":{"description":"Version of the scan","type":"integer"},"startTimestamp":{"description":"Timestamp when the scan started","type":"string","format":"date"},"endTimestamp":{"description":"Timestamp when the scan ended","type":"string","format":"date"},"duration":{"description":"Duration of the scan in seconds","type":"integer"},"status":{"description":"Current status of the scan execution","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]},"error":{"description":"error of the scan, if it failed","type":"object","format":"JSON"},"totalObjects":{"description":"total data objects found in the execution","type":"integer"},"sensitiveObjects":{"description":"number of sensitive data objects found in the execution","type":"integer"},"ddcVersion":{"description":"ddc version when the scan was executed","type":"string"}}},"actions":{"description":"Actions available for the scan, given the configuration and the current status.","type":"array","items":{"type":"string","enum":["RUN_NOW","DISABLE","PAUSE","STOP","RESUME","ENABLE","RECLASSIFY","EDIT","DELETE","DUPLICATE"]}},"status":{"description":"Current status of the scan","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","UNSCANNED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]}}}]},{"type":"object","properties":{"scanProgressDetails":{"description":"Details of the current scan execution progress of regexp scanner","type":"array","items":{"type":"object","properties":{"datastoreID":{"description":"Identifier of the datastore","type":"string","format":"UUIDv4"},"datastoreName":{"description":"Name of the datastore","type":"string"},"progress":{"description":"Progress of the datastore","type":"number","format":"double"},"matches":{"description":"Matches found in the datastore","type":"integer"},"paths":{"description":"Details for each dataobject currently being scanned","type":"array","items":{"type":"object","properties":{"path":{"description":"Path of the data object","type":"string"},"progress":{"description":"Progress of the target","type":"number","format":"double"},"matches":{"description":"Number of matches of the target","type":"integer"}}}}}}},"mlScanProgressDetails":{"description":"Details of the current scan execution progress of ML","type":"array","items":{"type":"object","properties":{"datastoreID":{"description":"Identifier of the datastore","type":"string","format":"UUIDv4"},"datastoreName":{"description":"Name of the datastore","type":"string"},"progress":{"description":"Progress of the datastore","type":"number","format":"double"},"matches":{"description":"Matches found in the datastore","type":"integer"},"paths":{"description":"Details for each dataobject currently being scanned","type":"array","items":{"type":"object","properties":{"path":{"description":"Path of the data object","type":"string"},"progress":{"description":"Progress of the target","type":"number","format":"double"},"matches":{"description":"Number of matches of the target","type":"integer"}}}}}}},"regexpScanProgress":{"description":"Details of the current scan progress of regexp scanner","type":"number","format":"double"},"mlScanProgress":{"description":"Details of the current scan progress of ML","type":"number","format":"double"}}}]}}}},"delete":{"summary":"Delete","description":"Sets the scan with the given `id` to the deleted status. If the scan had an active schedule it is disabled.","tags":["DDC/Scan"],"responses":{"204":{"description":"The scan was successfully set to the deleted status."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The supplied ID has an incorrect format","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"460":{"description":"The current scan status doesn't allow the delete operation.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"put":{"summary":"Update","description":"Updates an existing Scan","tags":["DDC/Scan"],"parameters":[{"name":"body","in":"body","description":"Scan configuration","schema":{"allOf":[{"type":"object","required":["name","classificationProfiles","dataStores"],"properties":{"id":{"description":"id of the scan to update","type":"string","format":"UUIDv4"},"name":{"description":"name of the scan","type":"string"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *","default":null},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean","default":false},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":1024},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (no_info, minimum, balanced, maximum)","type":"string","enum":["no_info","minimum","balanced","maximum"],"default":"no_info"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"voice":{"description":"Enables voice recognition when scanning WAV and MP3 files","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"classificationProfiles":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"}}}},"dataStores":{"type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"remediateRootPath":{"description":"Enable or disable remediation for root path. This cannot be true if there are targets.","type":"boolean","default":false},"targets":{"description":"targets to scan inside the datastore","type":"array","items":{"type":"object","properties":{"path":{"description":"Target path to scan in the datastore","type":"string"},"remediate":{"description":"Enable or disable remediation for the target path","type":"boolean","default":false}}}}}}},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}}}}]}}],"responses":{"200":{"description":"Successful scan updated.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"deletedAt":{"description":"The date when the scan was deleted","type":"string","format":"date-time"},"description":{"description":"Description for the scan","type":"string"},"cron":{"description":"Cron expression for the scan schedule","type":"string","example":"0 0 * * *"},"increment":{"description":"The type of increment for the scan schedule (DAILY, WEEKLY or MONTHLY)","type":"string","enum":["DAILY","WEEKLY","MONTHLY"]},"every":{"description":"Every how many increments (days, weeks, months) the scan schedule gets executed","type":"integer"},"startingDate":{"description":"The date when the scan schedule starts","type":"string","format":"date-time"},"endingDate":{"description":"The date when the scan schedule ends","type":"string","format":"date-time"},"scheduleEnabled":{"description":"Indicates if the scan schedule is enabled","type":"boolean"},"autoPauseEnabled":{"description":"Indicates if the auto pause feature is enabled","type":"boolean"},"autoPauseTimezone":{"description":"Time zone for the autopause. If the auto pause is enabled this field is required.","type":"string","example":"Etc/GMT"},"autoPauseDays":{"description":"Days the auto pause is active. If the auto pause is enabled this field is required.","type":"array","items":{"type":"string","enum":["Saturday","Friday","Thursday","Wednesday","Tuesday","Monday","Sunday"]}},"autoPauseFrom":{"description":"Time when the auto pause feature starts. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"autoPauseTo":{"description":"Time when the auto pause feature ends. If the auto pause is enabled this field is required","type":"string","format":"XhYm | Xh","example":"1h30m"},"scanPriority":{"description":"CPU priority set for the agent process used in the scan. The possible values are 'low' and 'normal'","type":"string","enum":["low","normal"],"default":"low"},"memoryUsageLimit":{"description":"Setting for the maximum memory usage that the scanner service can use on the datastore host, in MB","type":"integer","default":1024},"throughput":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"integer","default":0},"matchDetail":{"description":"Set the amount of match details to be captured for the scan schedule (no_info, minimum, balanced, maximum)","type":"string","enum":["no_info","minimum","balanced","maximum"],"default":"no_info"},"trace":{"description":"Captures detailed scan trace messages when scanning a Target","type":"boolean","default":false},"ocr":{"description":"Scans images for sensitive data using Optical Character Recognition (OCR)","type":"boolean","default":false},"voice":{"description":"Enables voice recognition when scanning WAV and MP3 files","type":"boolean","default":false},"ebcdic":{"description":"Scan file systems that use IBM's EBCDIC encoding","type":"boolean","default":false},"filters":{"description":"Filters to apply to the scan","type":"array","items":{"type":"object","properties":{"filter":{"type":"string","format":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"],"description":"Type of filter to apply\nexclude_prefix - requires expression field\nexclude_suffix - requires expression field\nexclude_expression - requires expression field\ninclude_date_range - requires fromDate and toDate fields\ninclude_recent - requires days field\nexclude_max_size - requires size field\n"},"expression":{"description":"Expression for the filter","type":"string","example":"/dataset/ddcdatasetv1/*/Doc"},"toDate":{"description":"Starting date for the include_date_range filter","type":"string","format":"date","example":"2020-05-05T00:00:00.000Z"},"fromDate":{"description":"Ending date for the include_date_range filter","type":"string","format":"date","example":"2020-10-05T00:00:00.000Z"},"days":{"description":"Days to include for the include_recent filter","type":"integer","example":10},"size":{"description":"Max data object size for the exclude_max_size in MB","type":"integer","example":100}}}},"classificationProfiles":{"description":"Classification profiles included in the scan","type":"array","items":{"type":"object","properties":{"id":{"description":"ID of the classification profile","type":"string","format":"UUIDv4"},"name":{"description":"Name of the classification profile","type":"string"},"chainedVersion":{"description":"Version of the classification profile","type":"integer"},"classificationUUID":{"description":"UUID of the classification profile for classification","type":"string","format":"UUIDv4"}}}},"dataStores":{"description":"Datastores included in the scan","type":"array","items":{"type":"object","properties":{"datastore":{"description":"Details of the datastore","type":"object","properties":{"id":{"description":"ID of the datastore","type":"string","format":"UUIDv4"},"name":{"description":"Name of the datastore","type":"string"},"type":{"description":"Type of the datastore","type":"string"},"chainedVersion":{"description":"Version of the datastore","type":"integer"}}},"remediateRootPath":{"description":"Indicates if the remediation is enabled for the root path","type":"boolean","default":false},"targets":{"description":"Targets in the datastore to scan","type":"array","items":{"type":"object","properties":{"path":{"description":"Path for the target to scan","type":"string"},"remediate":{"description":"Indicates if the remediation is enabled for the target","type":"boolean"}}}}}}},"lastExecutionId":{"description":"ID of the last execution of the scan","type":"string","format":"UUIDv4"},"lastExecution":{"description":"Status of the last scan execution","type":"object","properties":{"id":{"description":"ID of the execution","type":"string","format":"UUIDv4"},"scanId":{"description":"ID of the scan","type":"string","format":"UUIDv4"},"scanVersion":{"description":"Version of the scan","type":"integer"},"startTimestamp":{"description":"Timestamp when the scan started","type":"string","format":"date"},"endTimestamp":{"description":"Timestamp when the scan ended","type":"string","format":"date"},"duration":{"description":"Duration of the scan in seconds","type":"integer"},"status":{"description":"Current status of the scan execution","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]},"error":{"description":"error of the scan, if it failed","type":"object","format":"JSON"},"totalObjects":{"description":"total data objects found in the execution","type":"integer"},"sensitiveObjects":{"description":"number of sensitive data objects found in the execution","type":"integer"},"ddcVersion":{"description":"ddc version when the scan was executed","type":"string"}}},"actions":{"description":"Actions available for the scan, given the configuration and the current status.","type":"array","items":{"type":"string","enum":["RUN_NOW","DISABLE","PAUSE","STOP","RESUME","ENABLE","RECLASSIFY","EDIT","DELETE","DUPLICATE"]}},"status":{"description":"Current status of the scan","type":"string","enum":["COMPLETED","RUNNING","PAUSED","AUTOPAUSED","FAILED","REMEDIATIONVALIDATIONFAILED","STOPPED","UNSCANNED","PENDING","PROCESSING","CLASSIFYING","VALIDATING","INTERRUPTED"]}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/validate-filter":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Validate the scan filter","description":"Validate the scan filter","tags":["DDC/Scan"],"parameters":[{"name":"body","in":"body","description":"Scan Filter configuration","schema":{"type":"object","required":["filter"],"properties":{"filter":{"description":"type of the filter","type":"string","enum":["exclude_prefix","exclude_suffix","exclude_expression","include_date_range","include_recent","exclude_max_size"]},"expression":{"description":"expression for exlcude_prefix, exclude_suffix or exclude_expresion filters.","type":"string"},"toDate":{"description":"include locations modified in a given range of the date","type":"string"},"fromDate":{"description":"include locations modified in a given range of the date","type":"string"},"days":{"description":"include locations modified recently within a given number of days from the current day","type":"integer"},"size":{"description":"exclude locations greater than file size (MB)","type":"integer"}}}}],"responses":{"200":{"description":"Successful scan creation."},"460":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/sensitive-scans":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns model Scan Report with partial an total values","tags":["DDC/Scan"],"responses":{"200":{"description":"OK","schema":{"type":"object","items":{"type":"object","properties":{"partial":{"description":"Partial Data","type":"integer"},"total":{"description":"Total Data","type":"integer"}}}}}}}},"/v1/ddc/scans/sensitive-objects":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns model Scan Report with partial an total values","tags":["DDC/Scan"],"responses":{"200":{"description":"OK","schema":{"type":"object","items":{"type":"object","properties":{"partial":{"description":"Partial Data","type":"integer"},"total":{"description":"Total Data","type":"integer"}}}}}}}},"/v1/ddc/scans/executed-scans":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns model Scan Report with partial an total values","tags":["DDC/Scan"],"responses":{"200":{"description":"OK","schema":{"type":"object","items":{"type":"object","properties":{"partial":{"description":"Partial Data","type":"integer"},"total":{"description":"Total Data","type":"integer"}}}}}}}},"/v1/ddc/scans/{id}/run_now":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Executes the RunNow action on the scan given the `id`","tags":["DDC/Scan"],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"409":{"description":"Conflict - All the datastores are disabled, or cannot connect to an enabled datastore","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The scan is in a status not compatible with the action","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/{id}/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Executes the Disable action on the scan given the `id`","tags":["DDC/Scan"],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The scan is in a status not compatible with the action","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/{id}/pause":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Executes the Pause action on the scan given the `id`","tags":["DDC/Scan"],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The scan is in a status not compatible with the action","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/{id}/stop":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Executes the Stop action on the scan given the `id`","tags":["DDC/Scan"],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The scan is in a status not compatible with the action","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/{id}/resume":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Executes the Resume action on the scan given the `id`","tags":["DDC/Scan"],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The scan is in a status not compatible with the action","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/{id}/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Executes the Enable action on the scan given the `id`","tags":["DDC/Scan"],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The scan is in a status not compatible with the action","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/{id}/reclassify":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Executes the Reclassify action on the scan given the `id`","tags":["DDC/Scan"],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Unprocessable entity - The scan is in a status not compatible with the action","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/scans/{id}/executions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"from","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those executed at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"to","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those executed at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"get":{"summary":"Get","description":"Returns scan executions given the `id` of the scan","tags":["DDC/Scan"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"timestamp":{"description":"Execution timestamp","type":"string","format":"date-time"},"scanExecutionId":{"description":"Execution ID","type":"string"},"scanId":{"description":"Scan ID","type":"string"},"version":{"description":"Scan Version","type":"integer"}}}}}}}},"/v1/ddc/system-settings/branch-locations":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"get":{"summary":"List","description":"Returns the list of BranchLocation given a part of its name.\nIf the 'filter' parameter is empty it will return all the branchLocations.\n","tags":["DDC"],"parameters":[{"name":"filter","in":"query","required":false,"type":"string","description":"Filter by the BranchLocations's name."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"},"country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"state":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]}}}]}}}}]}}}},"post":{"summary":"Create","description":"Creates a new Branch Location\n","tags":["DDC"],"parameters":[{"name":"body","in":"body","description":"Branch Location configuration","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"}}}]}}],"responses":{"200":{"description":"Successful branch location creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"city":{"description":"City of Branch Location.","type":"string"},"countryId":{"description":"Country ID of Branch Location.","type":"string"},"stateId":{"description":"State ID of Branch Location.","type":"string"},"country":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]},"state":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/ddc/system-settings/hadoop/hdfs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns HDFS model","tags":["DDC"],"responses":{"200":{"description":"OK","schema":{"type":"object","items":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"livyUri":{"description":"URI to connect to LIVY.","type":"string"}}}]}}}}},"put":{"summary":"Update","description":"Updates HDFS settings.","tags":["DDC"],"parameters":[{"name":"body","in":"body","description":"The HDFS properties to change. The properties will be merged\nwith the HDFS resource.\n","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["hdfsUri","folder"],"properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"hdfsUri":{"description":"Path to connect to HDFS.","type":"string"},"folder":{"description":"Folder to connect to HDFS","type":"string"}}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"hdfsUri":{"description":"Path to connect to HDFS.","type":"string"},"folder":{"description":"Folder to connect to HDFS","type":"string"}}}]}}}}},"/v1/ddc/system-settings/hadoop/livy":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns livy model","tags":["DDC"],"responses":{"200":{"description":"OK","schema":{"type":"object","items":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"hdfsUri":{"description":"Path to connect to HDFS.","type":"string"},"folder":{"description":"Folder to connect to HDFS","type":"string"}}}]}}}}},"put":{"summary":"Update","description":"Updates LIVY settings.","tags":["DDC"],"parameters":[{"name":"body","in":"body","description":"The LIVY properties to change. The properties will be merged\nwith the LIVY resource.\n","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["livyUri"],"properties":{"hadoopConnectionId":{"description":"ID of the conection in citrus.","type":"string"},"livyUri":{"description":"URI to connect to LIVY.","type":"string"}}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"livyUri":{"description":"URI to connect to LIVY.","type":"string"}}}]}}}}},"/v1/ddc/system-settings/hadoop/dataengine":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns DataEngine model","tags":["DDC","Tech Preview"],"responses":{"200":{"description":"OK","schema":{"type":"object","items":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"dataEngineUri":{"description":"URI to connect to Data-Engine.","type":"string"}}}]}}}}},"put":{"summary":"Update","description":"Updates DataEngine settings.","tags":["DDC","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"The DataEngine properties to change. The properties will be merged\nwith the DataEngine resource.\n","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","required":["dataEngineUri"],"properties":{"hadoopConnectionId":{"description":"ID of the conection in citrus.","type":"string"},"dataEngineUri":{"description":"URI to connect to Data-Engine.","type":"string"}}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"hadoopConnectionId":{"description":"ID to retrieve the connection info.","type":"string"},"dataEngineUri":{"description":"URI to connect to Data-Engine.","type":"string"}}}]}}}}},"/v1/ddc/system-settings/scans":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Shows scan cpu priority, ram limit and throughtput limit settings","tags":["DDC","deprecated"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","required":["agentMemoryMB","cpuPriority","networkThroughputMBPS"],"properties":{"agentMemoryMB":{"description":"Setting for the maximum memory usage that the scanner service can use on the Datastore host, in MB","type":"number","default":1024},"cpuPriority":{"description":"CPU priority set for the agent used in the scan. The possible values are 'low' and 'normal'","enum":["low","high"]},"networkThroughputMBPS":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps","type":"number","default":0}}}]}}}},"put":{"summary":"Update","description":"Update scan cpu priority, ram limit and throughput limit settings","tags":["DDC","deprecated"],"parameters":[{"name":"body","in":"body","description":"The scan settings properties to change.","schema":{"allOf":[{"type":"object","properties":{"agentMemoryMB":{"description":"Setting for the maximum memory usage that the scanner service can use on the Datastore host, in MB","type":"number","example":1024},"cpuPriority":{"description":"CPU priority set for the agent used in the scan. The possible values are 'low' and 'normal'","enum":["low","high"]},"networkThroughputMBPS":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps. Set to 0 for unlimited.","type":"number","example":0}}}]}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","required":["agentMemoryMB","cpuPriority","networkThroughputMBPS"],"properties":{"agentMemoryMB":{"description":"Setting for the maximum memory usage that the scanner service can use on the Datastore host, in MB","type":"number","default":1024},"cpuPriority":{"description":"CPU priority set for the agent used in the scan. The possible values are 'low' and 'normal'","enum":["low","high"]},"networkThroughputMBPS":{"description":"Max I/O rate the scanner service will use to read data from the datastore, in MBps","type":"number","default":0}}}]}}}}},"/v1/ddc/system-settings/sensitivity-levels":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all Sensitivity Levels. Results can be refined with query params.","tags":["DDC"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"description":{"description":"Description of Sentivity Level.","type":"string"},"color":{"description":"Color associated to the Sentivity Level.","type":"string"},"level":{"description":"Level associated to the Sentivity Level.","type":"integer"},"internal":{"description":"Indicates if the Sensivity Level is used only internally by the backend.","type":"boolean"}}}]}}}}}},"/v1/ddc/system-settings/tags":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"get":{"summary":"List","description":"Returns the list of tags given a part of its name.\nIf the 'name' parameter is empty it will return all the tags.\n","tags":["DDC"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter by the Tag's name."}],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"namespace":{"description":"Namespace of Tag.","type":"string"},"editable":{"description":"Indicates if the Tag can be edited or not.","type":"boolean"}}}]}}}}}},"/v1/ddc/system-settings/agent-labels":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"get":{"summary":"List","description":"Returns the list of agent labels given a part of its name.\nIf the 'name' parameter is empty it will return all the labels.\n","tags":["DDC"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filter by the label's name"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in the name column\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}}]}}}}]}}}}},"/v1/ddc/provisioned/countries":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all countries. Results can be refined with query params.","tags":["DDC"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in any of these columns:\nname, description, type, branch location name, sensitivity level name.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"code":{"description":"Country Code.","type":"string"},"latitude":{"description":"Latitude.","type":"number"},"longitude":{"description":"Longitude.","type":"number"}}}]}}}}]}}}}},"/v1/ddc/provisioned/states":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List all","description":"Lists all states. Results can be refined with query params.","tags":["DDC"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"filter","in":"query","type":"string","description":"Filters result to the rows that contains all the values within this parameters split by\nspaces. The endpoint will return any column with all the values present in any of these columns:\nname, description, type, branch location name, sensitivity level name.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the resource was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"resourceVersion":{"type":"integer","description":"Version of the resource. The number increments by one when the resource is modified by a CRUD operation.","format":"uint64"},"chainedVersion":{"type":"integer","description":"Internal version of the resource. The number is set to the current timestamp (or current chainedVersion+1 if it's bigger)\nwhen the resource is updated, or when the chainedVersion of any assigned resource changes (the chainedVersion of a scan changes if\nany of its datastores changes)\n"}}},{"type":"object","properties":{"countryCode":{"description":"Country Code associated to the State.","type":"string"}}}]}}}}]}}}}},"/v1/ddc/raw-data/decrypt":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Decrypt raw data file","consumes":["application/octet-stream"],"produces":["application/octet-stream"],"description":"This endpoint can be used to decrypt the tar files with the encrypted raw data in hdfs generated by ddc","tags":["DDC"],"parameters":[{"name":"body","in":"body","description":"Raw data file to decrypt","schema":{"type":"string","format":"binary"}}],"responses":{"200":{"description":"OK","schema":{"type":"string","format":"binary"}}}}},"/v1/ddc/active-node/info":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Retrieve information about the DDC active node","description":"This endpoint returns the public address of the DDC active node","tags":["DDC"],"responses":{"200":{"description":"OK","schema":{"type":"array","items":{"type":"object","properties":{"publicAddress":{"description":"Public Address of the node","type":"string"},"host":{"description":"Private Address of the node","type":"string"}}}}}}}},"/v1/ddc/system/ram-available":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Gets the current ram in the system (MB)","description":"Gets the current RAM available in the System. (MB)\n","tags":["DDC"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"totalRam":{"description":"Available RAM in the system","type":"integer","format":"int64"}}}}}}},"/v1/ddc/system/ram-recommended":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Gets the recommended RAM to deploy DDC. (MB)","description":"Gets the Recommended RAM to deploy DDC environment. It's an environment variable. Default: 16 GB\n","tags":["DDC"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"recommendedRam":{"description":"Recommended RAM to deploy DDC","type":"integer","format":"int64"}}}}}}},"/v1/ddc/active-node/register":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Registers a node as ddc active node","description":"Registers a node of the cluster as the ddc active node. If a node ID is specified that node is used\nas the active node. If the node ID is not specified, the node answering the request will register as the active node\n","tags":["DDC"],"parameters":[{"name":"body","in":"body","description":"Contains the nodeID of the node to register as active (optional)","schema":{"allOf":[{"type":"object","properties":{"id":{"description":"ID of the node to register as active","type":"string"}}}]}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"publicAddress":{"description":"Public Address of the node","type":"string"},"host":{"description":"Private Address of the node","type":"string"}}}},"460":{"description":"Error, see code in the error:\n- DDCNodeIDDoesNotExistError - the specified nodeID doesn't exist\n- DDCNotInClusterError - any request to this endpoint fails if the system is not in a cluster\n- DDCActiveNodeAlreadyRegisteredError - Cannot register an active node if there is a registered active node already\n- DDCError - Unexpected error\n","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/transparent-encryption/clients/{id}/browseclient/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Send Browse Request to CTE Client","description":"Create and send Browse request to CTE Client.","tags":["CTE/Longpoll","Private"],"parameters":[{"name":"body","in":"body","description":"CTE Client Browse Path parameters.","schema":{"type":"object","title":"CTE Client Browse Path parameters","properties":{"browse_target":{"description":"Target to browse - `DIRECTORY` or `USER`.","type":"string"},"browse_request":{"description":"Parameters of browse request. The `directory` and `user` values are required for browsing path and users respectively.","type":"object","title":"Structure containing parameters specific to browse target type.","properties":{"directory":{"type":"object","description":"Parameters of Browse Path request.","properties":{"type":{"description":"The type string is either \"DIRECTORY\", \"DIRECTORY_MINUS_FILES\" or \"RAWDEVICE\"..","type":"string"},"path":{"description":"The path string provides that starting point for the browse operation.","type":"string"},"active_dir_user":{"type":"object","description":"The optional activeDirUser structure may be required on Windows systems for browsing non-local file systems.","properties":{"domain":{"description":"domain","type":"string"},"login_name":{"description":"login_name","type":"string"},"password":{"description":"password","type":"string"}}}}},"user":{"type":"object","description":"Structure defining Browse User Request","properties":{"type":{"description":"Type of user entity to browse. Valid values are `user`, `group`, `domain` and `groupmember`. `group` entry must be present with `groupmember` type","type":"string"},"pattern":{"description":"The pattern string can be used to filter the results (e.g. \"bin*\").","type":"string"},"active_dir_user":{"type":"object","description":"The optional activeDirUser structure may be required on Windows systems for browsing non-local file systems.","properties":{"domain":{"description":"domain","type":"string"},"login_name":{"description":"login_name","type":"string"},"password":{"description":"password","type":"string"}}},"group":{"description":"group name to be browsed.","type":"string"},"start":{"description":"The \"start\" value can be used to determine the number of responses.","type":"integer"},"count":{"description":"The \"count\" value can be used to determine the number of responses.","type":"integer"}}}}}},"example":{"browse_target":"DIRECTORY","browse_request":{"directory":{"type":"DIRECTORY","path":"C:\\CTE_GuardPoint","active_dir_user":{"domain":"testdomain","login_name":"Administrator","password":"some_pwd"}}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Status of Request (OK or FAIL).","type":"string"},"reference_id":{"description":"Reference ID for the request.","type":"string"}}},"examples":{"status":"OK","reference_id":"kCLyiYReaBVPfyIN"}}}}},"/v1/transparent-encryption/signaturesets/{signature_set_id}/signapp/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Send Signature Signing Request to CTE Client","description":"Create and send Signature Signing request to CTE Client.","tags":["CTE/SignApp","Private"],"parameters":[{"name":"signature_set_id","in":"path","description":"An identifier for the Signature Set.","type":"string","required":true},{"name":"body","in":"body","description":"CTE Sign App parameters.","schema":{"type":"object","title":"CTE Sign App parameters","properties":{"client_id":{"description":"Identifier for the CTE Client where Signature Signing Request is to be sent.","type":"string"}},"example":{"client_id":"Client_1"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Status of Request (OK or FAIL).","type":"string"},"reference_id":{"description":"Reference ID for the request.","type":"string"}}},"examples":{"status":"OK","reference_id":"kCLyiYReaBVPfyIN"}}}}},"/v1/transparent-encryption/signaturesets/{signature_set_id}/querysignapp/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Query the status of Signature Signing Request from CTE Client","description":"Query the status of Signature Signing Request from CTE Client","tags":["CTE/SignApp","Private"],"parameters":[{"name":"signature_set_id","in":"path","description":"An identifier for the Signature Set.","type":"string","required":true},{"name":"body","in":"body","description":"CTE Query Sign App parameters.","schema":{"type":"object","title":"CTE Query Sign App parameters","properties":{"client_id":{"description":"Identifier for the CTE Client where Signature Signing Request is to be queried.","type":"string"}},"example":{"client_id":"Client_1"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Status of Request (OK or FAIL).","type":"string"},"reference_id":{"description":"Reference ID for the request.","type":"string"}}},"examples":{"status":"OK","reference_id":"kCLyiYReaBVPfyIN"}}}}},"/v1/transparent-encryption/signaturesets/{signature_set_id}/cancelsignapp/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Cancel the Signature Signing Request on CTE Client","description":"Cancel the Signature Signing Request on CTE Client","tags":["CTE/SignApp","Private"],"parameters":[{"name":"signature_set_id","in":"path","description":"An identifier for the Signature Set.","type":"string","required":true},{"name":"body","in":"body","description":"CTE Cancel Sign App parameters.","schema":{"type":"object","title":"CTE Cancel Sign App parameters","properties":{"client_id":{"description":"Identifier for the CTE Client where Signature Signing Request is to be canceled.","type":"string"}},"example":{"client_id":"Client_1"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"status":{"description":"Status of Request (OK or FAIL).","type":"string"},"reference_id":{"description":"Reference ID for the request.","type":"string"}}},"examples":{"status":"OK","reference_id":"kCLyiYReaBVPfyIN"}}}}},"/v1/transparent-encryption/reference/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get response received for longpoll request","description":"Returns the response received from Agent.\n","tags":["CTE/Longpoll","Private"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"message":{"description":"Message","type":"string"},"result":{"description":"Result Code","type":"string"},"data":{"description":"Actual Data","type":"object","properties":{"directory":{"description":"Directory Listing","type":"array","items":{"type":"string"}},"signing_status":{"description":"Signing Status","type":"string"}}}}},"examples":{"application/json":{"message":"Success","result":"OK","data":{"directory":["C:\\CTE_GuardPoint\\Data1","C:\\CTE_GuardPoint\\Data2","C:\\CTE_GuardPoint\\Data3"]}}}}}}},"/v1/transparent-encryption/clients/k8s-nodes-count":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get k8s nodes count","description":"Returns the k8s nodes count.\n","tags":["Private"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"k8s_nodes_count":{"description":"K8s nodes count","type":"integer"}}},"examples":{"application/json":{"k8s_nodes_count":1}}}}}},"/v1/transparent-encryption/remediation/nas-gp-validation/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get list of network GuardPoint","description":"Returns the list of GuardPoints for network path.\n","tags":["CTE/RemediationConfig","Private"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"guard_enabled","in":"query","required":false,"type":"boolean","description":"Filter the results by guard enabled values of GuardPoint. Valid values are Yes/No and True/False."},{"name":"guard_point_state","in":"query","required":false,"type":"string","description":"Filter the results by state of GuardPoint. Valid values are UNKNOWN, ENABLED, DISABLED, and ERROR."},{"name":"gp_network_path","in":"query","required":false,"type":"string","description":"Filter the results by network path for NFS and CIFS."},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by createdAt, guard_enabled, type, guard_point_state, policy_id and policy_name. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n -createdAt\n\n...will sort the results by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"client_id":{"description":"UUID of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_id":{"description":"UUID of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"client_name":{"description":"Name of CTE client if GuardPoint is applied on CTE client.","type":"string"},"client_group_name":{"description":"Name of CTE clientgroup if GuardPoint is applied on CTE clientgroup.","type":"string"},"guard_point_type":{"description":"Type of the guard point i.e. directory_auto, directory_manual, rawdevice_manual, rawdevice_auto, or ransomware.","type":"string"},"guard_enabled":{"description":"Whether the GuardPoint is enabled.","type":"boolean"},"automount_enabled":{"description":"Flag to signify if automount is enabled with the guard point","type":"boolean"},"guard_path":{"description":"Absolute path of the target on the agent on which operation has to be performed.","type":"string"},"policy_id":{"description":"UUID of the policy which is applied on this guard point. This parameter is not valid for Ransomware GuardPoints.","type":"string"},"disk_name":{"description":"Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"diskgroup_name":{"description":"Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.","type":"string"},"preserve_sparse_regions":{"description":"Flag to signify that sparse file regions will be transformed or not. Only available on LDT enabled clients.","type":"boolean"},"data_classification_enabled":{"description":"Flag to signify that data classification(tagging) is enabled or not. This gets enabled by default if the aligned policy contains ClassificationTags.","type":"boolean"},"data_lineage_enabled":{"description":"Flag to signify that data lineage(tracking) is enabled or not. This gets enabled only if data_classification is enabled.","type":"boolean"},"guard_point_state":{"description":"Current state of GuardPoint. Can be UNKNOWN, ENABLED, DISABLED or ERROR.","type":"string"},"is_idt_capable_device":{"description":"Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.","type":"boolean"},"is_esg_capable_device":{"description":"Whether the device where GuardPoint is applied is ESG capable or not. Supported for IDT and Standard policies.","type":"boolean"},"mfa_enabled":{"description":"Whether MFA is enabled.","type":"boolean"},"rw_process_set_id":{"description":"ID of the process set aligned with the Ransomware GuardPoints.","type":"string"},"rw_operation":{"description":"Applicable to the Ransomware GuardPoints. The valid values are permit(for Audit) and deny(for Block). The default value is `permit`.","type":"string"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"","client_group_id":"89a8ed59-e52e-4fad-a830-e52267e661db","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/mnt/testuser/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true,"gp_network_path":"10.164.12.132:/share/testuser/"},{"id":"975b3299-b39d-4695-b47f-8dab01c78205","uri":"kylo:kylo:henry:guardpoint:975b3299-b39d-4695-b47f-8dab01c78205","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-30T06:24:18.808215365Z","updatedAt":"2019-07-30T06:24:18.808215365Z","client_id":"","client_group_id":"89a8ed59-e52e-4fad-a830-e57789e661db","guard_point_type":"DIR","guard_enabled":true,"automount_enabled":false,"guard_path":"/mnt/testuser2/","policy_id":"cdbf3035-735a-46f6-a175-711eb99d045e","pending_operation":"","disk_name":"","diskgroup_name":"","preserve_sparse_regions":true,"early_access":true,"gp_network_path":"10.164.12.132:/share/testuser2/"}]}}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/remediation/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get list of network GuardPoint","description":"Returns the list of GuardPoints for network path.\n","tags":["Private"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Get Data Store Remediation Status","properties":{"process_id":{"description":"Name of the Process Id.","type":"string"},"data_store_status_request":{"type":"array","items":{"type":"object","title":"data_store_status_request","properties":{"host_name":{"type":"string","description":"name of the host."},"data_store_type":{"type":"string","description":"Data store type."},"share_path":{"type":"string","description":"Network share path."},"data_store_path":{"type":"array","items":{"type":"object","title":"data_store_path","properties":{"path":{"type":"string","description":"Path name."},"remediation_progress":{"type":"integer","description":"Data store type."},"remediation_status":{"type":"string","description":"Network share path."}}}}}}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"process_id":{"description":"Process Id.","type":"string"},"data_store_status_request":{"type":"array","items":{"type":"object","properties":{"host_name":{"type":"string","description":"Hostname."},"data_store_type":{"type":"string","description":"Data store type."},"share_path":{"type":"string","description":"Network share path."},"data_store_path":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","description":"Path name."},"remediation_progress":{"type":"integer","description":"Data store type."},"remediation_status":{"type":"string","description":"Network share path."}}}}}}}}}}}}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/remediation/status-reset":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"patch":{"summary":"Reset the remediation status","description":"Resets the list of data store remediation status\n","tags":["Private"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Rest the Data Store Remediation Status","properties":{"process_id":{"description":"Name of the Process Id.","type":"string"},"data_store_status_reset_request":{"type":"array","items":{"type":"object","title":"data_store_status_reset_request","properties":{"host_name":{"type":"string","description":"name of the host."},"data_store_type":{"type":"string","description":"Data store type."},"share_path":{"type":"string","description":"Network share path."},"data_store_elem_path":{"type":"array","items":{"type":"object","title":"data_store_elem_path","properties":{"path":{"type":"string","description":"Path name."}}}}}}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","properties":{"resources":{"type":"array","items":{"type":"object","properties":{"process_id":{"description":"Name of the Process Id.","type":"string"},"data_store_status_reset_request":{"type":"array","items":{"type":"object","properties":{"host_name":{"type":"string","description":"name of the host."},"data_store_type":{"type":"string","description":"Data store type."},"share_path":{"type":"string","description":"Network share path."},"data_store_elem_path":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","description":"Path name"}}}}}}}}}}}}]}},"400":{"description":"BadRequest","schema":{"properties":{"code":{"type":"integer","description":"The NCERR_xxx error codes of a URI"},"codeDesc":{"type":"string","description":"The Description associated with code"},"message":{"type":"string","description":"The user error message - this needs to be passed back to user"}}}},"401":{"description":"Unauthorized","schema":{"properties":{"status":{"type":"integer","description":"The status shows error code of a URI"}}}}}}},"/v1/transparent-encryption/nodes":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all the cluster nodes.","tags":["Private"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"A cluster node object. Represents a single node instance in the cluster.","type":"object","properties":{"nodeID":{"type":"string","description":"Unique identifier of the node.","readOnly":true},"status":{"type":"object","title":"Node status","description":"The status of the node in the cluster","properties":{"code":{"type":"string","description":"Status code of the node in the cluster","readOnly":true},"description":{"type":"string","description":"Descriptive status name of the node in the cluster","readOnly":true}}},"host":{"type":"string","description":"The hostname or IP of the node","readOnly":true},"port":{"type":"integer","description":"The port of the node, typically 5432.","readOnly":true},"isThisNode":{"type":"boolean","description":"When true, this objects represents the current node resource that was called.","readOnly":true},"publicAddress":{"type":"string","description":"The fully qualified domain name (FQDN) or the public IP address of the node.\nThis attribute is used by CipherTrust Manager connectors to learn how to access this particular node of the cluster remotely.\n"},"nodeName":{"type":"string","description":"Friendly name of a cluster node."}},"example":{"nodeID":"f7f8706c-cd9c-4e7d-abe9-6c3a734d1e60","status":{"code":"r","description":"ready"},"host":"keysecure_node1","port":5432,"isThisNode":true,"publicAddress":"node1.example.com","nodeName":"NARegionServer"}}}}}]}}}}},"/v1/domains":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of domains for specified account.\n","tags":["Domains"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","type":"string","description":"Filters results to those with matching names. The '?' and '*' wildcard characters may be used."},{"name":"sort","in":"query","default":"name","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nCurrently, sorting on a name field is only supported. \nFor example:\n -name\n\n...will sort the results first by `name`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"deletedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain was deleted"},"meta":{"type":"object","description":"Optional end-user or service data stored with the domain"},"parent_domain_id":{"type":"string","readOnly":true,"description":"ID of the parent domain"},"allow_user_management":{"type":"boolean","description":"To allow user creation and management in the domain"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection. Required for HSM-anchored domains."},"hsm_domain_kek_label":{"type":"string","description":"Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label."}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"841d3024-882a-4b64-8a9b-aae78034611e","uri":"kylo:kylo:solo:domains:841d3024-882a-4b64-8a9b-aae78034611e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-29T21:54:56.571035Z","name":"SuitResearch","updatedAt":"2019-07-29T21:54:56.571035Z","meta":{"Department":"Super Hero Suits"},"parent_domain_id":"79b43766-a399-4860-ac21-161d40e4e395","allow_user_management":false,"hsm_connection_id":"38d2468f-e769-44dd-9080-8bded299d4be","hsm_kek_label":"superhero-key","hsm_kek_id":"a40d7e1c-09ab-4de5-a985-ef6da020dbfa"},{"id":"43d05289-bfb8-4dc6-bc0a-ffd34048a680","uri":"kylo:kylo:solo:domains:43d05289-bfb8-4dc6-bc0a-ffd34048a680","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-29T22:12:59.925002Z","name":"KryptoniteResearch","updatedAt":"2019-07-29T22:12:59.925002Z","meta":{"Department":"Kryptonite Detectorists"},"parent_domain_id":"79b43766-a399-4860-ac21-161d40e4e395","allow_user_management":true,"hsm_connection_id":"38d2468f-e769-44dd-9080-8bded299d4be","hsm_kek_label":"kryptonite-key","hsm_kek_id":"9420cbb5-978b-4457-aae2-0b067415e561"}]}}},"404":{"description":"Resource not found."}}},"post":{"summary":"Create","description":"Creates a new domain","tags":["Domains","Enterprise"],"parameters":[{"name":"body","in":"body","description":"The name of the resource","schema":{"type":"object","title":"Details of the domain","required":["name","admins"],"properties":{"name":{"type":"string","description":"The name of the domain\n"},"admins":{"type":"array","description":"List of administrators for the domain\n","items":{"type":"string","title":"List of administrators for a domain","description":"Administrator list for the domain"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the domain.\nShould be JSON-serializable.\n"},"parent_ca_id":{"type":"string","description":"This optional parameter is the ID or URI of the parent domain's CA.\nThis CA is used for signing the default CA of a newly created sub-domain.\nThe oldest CA in the parent domain is used if this value is not supplied.\n"},"allow_user_management":{"type":"boolean","description":"To allow user creation and management in the domain, set it to true. The default value is false.\n"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection. Required for HSM-anchored domains.\n"},"hsm_kek_label":{"type":"string","description":"Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label.\n"}},"example":{"name":"my-domain","admins":["local|4d1c26ab-8730-4d44-af5c-9a8641d0266d","local|c7cf4efc-df81-4446-a30e-2dd5badf44b4"],"parent_ca_id":"a5e0fa8a-a7f7-434c-ade8-f84de040269a","meta":{"color":"black","team":"ravens"}}}}],"responses":{"201":{"description":"Successful domain creation.","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"deletedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain was deleted"},"meta":{"type":"object","description":"Optional end-user or service data stored with the domain"},"parent_domain_id":{"type":"string","readOnly":true,"description":"ID of the parent domain"},"allow_user_management":{"type":"boolean","description":"To allow user creation and management in the domain"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection. Required for HSM-anchored domains."},"hsm_domain_kek_label":{"type":"string","description":"Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label."}}}]},"examples":{"application/json":{"id":"841d3024-882a-4b64-8a9b-aae78034611d","uri":"kylo:kylo:solo:domains:841d3024-882a-4b64-8a9b-aae78034611e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-29T21:54:56.57103496Z","name":"d1","updatedAt":"2019-07-29T21:54:56.57103496Z","meta":null,"parent_domain_id":"00000000-0000-0000-0000-000000000000","allow_user_management":true,"hsm_connection_id":"38d2468f-e769-44dd-9080-8bded299d4be","hsm_kek_label":"d1-key","hsm_kek_id":"9420cbb5-978b-4457-aae2-0b067415e561"}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/domains/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"description":"the domain id of the domain","type":"string"}],"get":{"summary":"Get","description":"Returns information about the requested domain.\n","tags":["Domains"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"deletedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain was deleted"},"meta":{"type":"object","description":"Optional end-user or service data stored with the domain"},"parent_domain_id":{"type":"string","readOnly":true,"description":"ID of the parent domain"},"allow_user_management":{"type":"boolean","description":"To allow user creation and management in the domain"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection. Required for HSM-anchored domains."},"hsm_domain_kek_label":{"type":"string","description":"Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label."}}}]},"examples":{"application/json":{"id":"982cd83e-2ad6-4b20-9354-5759f4621fd9","uri":"kylo:kylo:solo:domains:982cd83e-2ad6-4b20-9354-5759f4621fd9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-29T22:25:58.017782Z","name":"domain3","updatedAt":"2019-07-29T22:25:58.017782Z","meta":{"Department":"Quantum Drive Research"},"parent_domain_id":"79b43766-a399-4860-ac21-161d40e4e395","allow_user_management":true,"hsm_connection_id":"38d2468f-e769-44dd-9080-8bded299d4be","hsm_kek_label":"domain3-key","hsm_kek_id":"9420cbb5-978b-4457-aae2-0b067415e561"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update a domain.\nOnly fields applicable to HSM-anchored domains are supported.\n","tags":["Domains"],"parameters":[{"name":"body","in":"body","description":"The name of the resource","schema":{"type":"object","title":"Details of the domain","required":["hsm_kek_label"],"properties":{"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection.\nThe existing connection ID is used if this parameter is not specified.\n"},"hsm_kek_label":{"type":"string","description":"Label of the target domain KEK. This is a required parameter.\nA key with this label must exist on the HSM.\n"}}}}],"responses":{"200":{"description":"Successful update of domain"},"404":{"description":"Resource not found"}}},"delete":{"summary":"Delete","description":"Deletes a domain.","tags":["Domains"],"responses":{"204":{"description":"No Content | Successful deletion of domain."},"404":{"description":"Resource not found."}}}},"/v1/domains/{id}/keks":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"description":"the domain id of the domain","type":"string"}],"get":{"summary":"List domain KEKs","description":"Returns the list of domain KEKs for specified account along with the status of ongoing and previous KEK rotations.\nApplicable to hsm anchored domains.\n","tags":["Domains","Enterprise"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"Successful retrieval of domain KEKs.","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of domain KEK"},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain KEK was created"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection."},"hsm_kek_label":{"type":"string","description":"Label of the domain KEK on the HSM."},"is_current":{"type":"boolean","readOnly":true,"description":"Flag to indicate if this is the current domain KEK"},"rotation_jobs":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of rotation job"},"startedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was started"},"finishedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was completed"},"status":{"type":"string","readOnly":true,"description":"Status of KEK rotation"},"meta":{"type":"object","description":"Additional status information associated with the KEK rotation"}}},"description":"Rotation jobs of the domain KEK"}}}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"92f003eb-4745-462d-8819-82d482c5a0d5","created_at":"2023-01-09T18:30:33.499606Z","hsm_connection_id":"638b9739-7270-4f4f-9718-cdaed523113e","hsm_kek_label":"db64632b-f232-4f81-b754-4309b44a6b6c","is_current":true,"rotation_jobs":[{"id":"841d3024-882a-4b64-8a9b-aae78034611d","status":"success","started_at":"2023-01-09T18:30:30.735607Z","finished_at":"2023-01-09T18:31:47.467881Z","meta":{"connection_id":"638b9739-7270-4f4f-9718-cdaed523113e","hsm_kek_id":"ed8b7167-49e3-47b6-a4a9-7e2acca8d0ac","hsm_kek_label":"db64632b-f232-4f81-b754-4309b44a6b6c","initial_key_count":1000,"num_rotated":1000}}]},{"id":"9cff0885-7ff6-49b5-8b31-3cd9378e0ee0","created_at":"2023-01-09T18:06:05.172995Z","hsm_connection_id":"638b9739-7270-4f4f-9718-cdaed523113e","hsm_kek_label":"my_first_kek","is_current":false}]}}},"404":{"description":"Resource not found."}}}},"/v1/domains/{id}/keks/{kekID}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"description":"the domain id of the domain","type":"string"},{"name":"kekID","in":"path","required":true,"description":"the ID of the domain KEK","type":"string"}],"get":{"summary":"Get domain KEK","description":"Returns the domain KEK of specified account along with the status of ongoing and previous KEK rotations.\nApplicable to hsm anchored domains.\n","tags":["Domains","Enterprise"],"responses":{"200":{"description":"Successful retrieval of domain KEK.","schema":{"type":"object","properties":{"ID":{"type":"string","description":"ID of domain KEK"},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain KEK was created"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection."},"hsm_kek_label":{"type":"string","description":"Label of the domain KEK on the HSM."},"is_current":{"type":"boolean","readOnly":true,"description":"Flag to indicate if this is the current domain KEK"},"rotation_jobs":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of rotation job"},"startedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was started"},"finishedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was completed"},"status":{"type":"string","readOnly":true,"description":"Status of KEK rotation"},"meta":{"type":"object","description":"Additional status information associated with the KEK rotation"}}},"description":"Rotation jobs of the domain KEK"}}},"examples":{"application/json":{"id":"92f003eb-4745-462d-8819-82d482c5a0d5","created_at":"2023-01-09T18:30:33.499606Z","hsm_connection_id":"638b9739-7270-4f4f-9718-cdaed523113e","hsm_kek_label":"db64632b-f232-4f81-b754-4309b44a6b6c","is_current":true,"rotation_jobs":[{"id":"841d3024-882a-4b64-8a9b-aae78034611d","status":"success","started_at":"2023-01-09T18:30:30.735607Z","finished_at":"2023-01-09T18:31:47.467881Z","meta":{"connection_id":"638b9739-7270-4f4f-9718-cdaed523113e","hsm_kek_id":"ed8b7167-49e3-47b6-a4a9-7e2acca8d0ac","hsm_kek_label":"db64632b-f232-4f81-b754-4309b44a6b6c","initial_key_count":1000,"num_rotated":1000}}]}}},"404":{"description":"Resource not found."}}}},"/v1/domains/{id}/rotate-kek":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"description":"the domain id of the domain","type":"string"}],"post":{"summary":"Rotate KEK","description":"Rotates the KEK that protects domain resources such as keys.\nApplicable only to hsm anchored domains.\nThis creates a new HSM-based KEK, or reuses an existing HSM-based KEK.\nAll domain keys that are re-wrapped by this KEK.\n","tags":["Domains","Enterprise"],"parameters":[{"name":"body","in":"body","description":"The name of the resource","schema":{"type":"object","title":"Details associated with KEK rotation.","properties":{"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection.\nThe existing connection ID is used if this parameter is not specified.\n"},"hsm_kek_label":{"type":"string","description":"Label of the domain KEK on the HSM.\nA newly created UUID is used as the label when this parameter is not specified. \nIf a key with this label exists on the HSM, it is reused, and a new HSM key is created otherwise.\n"}},"example":{"hsm_connection_id":"480a56b0-75e9-425b-bd5f-e985c65a8434","hsm_kek_label":"label-of-kek-on-hsm"}}}],"responses":{"201":{"description":"Successful domain KEK rotation.","schema":{"type":"object","properties":{"ID":{"type":"string","description":"ID of domain KEK"},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain KEK was created"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection."},"hsm_kek_label":{"type":"string","description":"Label of the domain KEK on the HSM."},"is_current":{"type":"boolean","readOnly":true,"description":"Flag to indicate if this is the current domain KEK"},"rotation_jobs":{"type":"array","items":{"type":"object","properties":{"ID":{"type":"string","description":"ID of rotation job"},"startedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was started"},"finishedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the KEK rotation was completed"},"status":{"type":"string","readOnly":true,"description":"Status of KEK rotation"},"meta":{"type":"object","description":"Additional status information associated with the KEK rotation"}}},"description":"Rotation jobs of the domain KEK"}}},"examples":{"application/json":{"id":"92f003eb-4745-462d-8819-82d482c5a0d5","created_at":"2023-01-09T18:30:33.499606Z","hsm_connection_id":"638b9739-7270-4f4f-9718-cdaed523113e","hsm_kek_label":"db64632b-f232-4f81-b754-4309b44a6b6c","is_current":true,"rotation_jobs":[{"id":"841d3024-882a-4b64-8a9b-aae78034611d","status":"started","started_at":"2023-01-09T18:30:30.735607Z","meta":{"connection_id":"638b9739-7270-4f4f-9718-cdaed523113e","hsm_kek_id":"ed8b7167-49e3-47b6-a4a9-7e2acca8d0ac","hsm_kek_label":"db64632b-f232-4f81-b754-4309b44a6b6c","initial_key_count":1000,"num_rotated":412}}]}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/domain":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"get","description":"Returns the domain information where user is logged in.\n","tags":["Domains"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"deletedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the domain was deleted"},"meta":{"type":"object","description":"Optional end-user or service data stored with the domain"},"parent_domain_id":{"type":"string","readOnly":true,"description":"ID of the parent domain"},"allow_user_management":{"type":"boolean","description":"To allow user creation and management in the domain"},"hsm_connection_id":{"type":"string","description":"The ID of the HSM connection. Required for HSM-anchored domains."},"hsm_domain_kek_label":{"type":"string","description":"Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label."}}}]},"examples":{"application/json":{"id":"982cd83e-2ad6-4b20-9354-5759f4621fd9","uri":"kylo:kylo:solo:domains:982cd83e-2ad6-4b20-9354-5759f4621fd9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-29T22:25:58.017782Z","name":"domain3","updatedAt":"2019-07-29T22:25:58.017782Z","parent_domain_id":"79b43766-a399-4860-ac21-161d40e4e395","allow_user_management":true}}},"404":{"description":"Resource not found."}}}},"/v1/domain-syslog-redirection/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Enable Syslog Messages Redirection","description":"Enable redirection of syslog messages to the parent domain. Not applicable for the root domain.","tags":["Domains"],"responses":{"200":{"description":"Successfully enabled redirection of syslog messages to the parent of current domain.","schema":{"type":"object","properties":{"enable_syslog_redirection":{"type":"boolean"}}}},"422":{"description":"Enabling or disabling redirection of syslog messages from the root domain is not allowed."}}}},"/v1/domain-syslog-redirection/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Disable Syslog Messages Redirection","description":"Disable redirection of syslog messages to the parent of current domain. Not applicable for the root domain.","tags":["Domains"],"responses":{"200":{"description":"Successfully disabled redirection of syslog messages to the parent domain.","schema":{"type":"object","properties":{"enable_syslog_redirection":{"type":"boolean"}}}},"422":{"description":"Enabling or disabling redirection of syslog messages from the root domain is not allowed."}}}},"/v1/domain-syslog-redirection/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Syslog Messages Redirection Status","description":"Status of syslog messages redirection to the parent of current domain. By default it is true for all the non-root domains.","tags":["Domains"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"enable_syslog_redirection":{"type":"boolean"}}}}}}},"/v1/cckm/aws/custom-key-stores":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an AWS custom key store. \nThe customer key store can be of type `EXTERNAL_KEY_STORE` or `AWS_CLOUDHSM`.\n\nExternal custom key store can be backed by Luna HSM or by Ciphertrust Manager as key source.\n\nIf creating a custom key store that is locally hosted and external to AWS, specify the following details:\n- Name of key store\n- AWS Region in which the key store is created\n- AWS account\n- Luna HSM Partition ID (applicable only for custom key store backed by Luna HSM as key source)\n- Linked status (false by default)\n- Blocked state (false by default)\n- Source key tier (Luna HSM by default)\n\nIf creating a custom key store supported by an AWS CloudHSM, specify the following details:\n- Name of key store\n- AWS Region in which the key store is created\n- AWS account\n- CloudHSM cluster ID\n- CloudHSM kmsuser Crypto User (CU) password\n- Trust anchor certificate\n","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"Creates an AWS custom key store.","schema":{"type":"object","title":"Creates an AWS custom key store.","required":["name","region","kms","aws_param"],"properties":{"name":{"type":"string","description":"Unique name for the custom key store."},"kms":{"type":"string","description":"Name or ID of the AWS Account container in which to create the key store."},"region":{"type":"string","description":"Name of the available AWS regions."},"linked_state":{"type":"boolean","description":"Indicates whether the custom key store is linked with AWS. \nApplicable to a custom key store of type `EXTERNAL_KEY_STORE`.\nDefault value is false.\nWhen false, creating a custom key store in the CCKM does not trigger the AWS KMS to create a new key store. \nAlso, the new custom key store will not synchronize with any key stores within the AWS KMS until the new key store is linked.\n"},"local_hosted_params":{"type":"object","description":"Parameters for a custom key store that is locally hosted.","properties":{"source_key_tier":{"type":"string","description":"This field indicates whether to use Luna HSM (luna-hsm) or Ciphertrust Manager (local) as \nsource for cryptographic keys in this key store. \nDefault value is `luna-hsm`.\n","enum":["local","luna-hsm"]},"partition_id":{"type":"string","description":"ID of Luna HSM partition. \nRequired field, if custom key store is of type `EXTERNAL_KEY_STORE` and source key tier is 'hsm-luna'.\n"},"blocked":{"type":"boolean","description":"This field indicates whether the custom key store is in a blocked or unblocked state. Default value is false, which indicates the key store is in an unblocked state.\nApplicable to a custom key store of type `EXTERNAL_KEY_STORE`.\n"},"health_check_key_id":{"type":"string","description":"Required field for custom key store of type `EXTERNAL_KEY_STORE`. \n\nID of an existing LUNA key (if source key tier is 'hsm-luna') or CipherTrust key (if source key tier is 'local') to use for health check of the custom key store.\nCrypto operation would be performed using this key before creating a custom key store.\n\nKey needs to be Symmetric AES-256 key. \nKey can be created by calling either of below API: \n- POST `/v1/cckm/hsm/luna/keys` API for LUNA key if source key tier is 'hsm-luna' OR \n- POST `/v1/vault/keys2/` API for CipherTrust key if source key tier is 'local'.\n"},"max_credentials":{"type":"string","description":"Max number of credentials that can be associated with custom key store (min value 2. max value 20).\nRequired field for a custom key store of type `EXTERNAL_KEY_STORE`.\n"}}},"aws_param":{"type":"object","description":"Parameters related to AWS interaction with a custom key store.","properties":{"cloud_hsm_cluster_id":{"type":"string","description":"ID of a CloudHSM cluster for a custom key store. \nEnter cluster ID of an active CloudHSM cluster that is not already associated with a custom key store.\nRequired field for a custom key store of type `AWS_CLOUDHSM`.\n"},"key_store_password":{"type":"string","description":"The password of the kmsuser crypto user (CU) account configured in the specified CloudHSM cluster.\nThis parameter does not change the password in the CloudHSM cluster.\nUser needs to configure the credentials on the CloudHSM cluster separately.\nRequired field for custom key store of type `AWS_CLOUDHSM`.\n"},"trust_anchor_certificate":{"type":"string","description":"The contents of a CA certificate or a self-signed certificate file created during the initialization of a CloudHSM cluster.\nRequired field for a custom key store of type `AWS_CLOUDHSM`.\n"},"xks_proxy_uri_endpoint":{"type":"string","description":"Specifies the protocol (always HTTPS) and DNS hostname to which KMS will send XKS API requests.\nThe DNS hostname is for either for a load balancer directing to the CipherTrust Manager or the CipherTrust Manager itself.\nThis field is required for a custom key store of type `EXTERNAL_KEY_STORE`.\n"},"xks_proxy_vpc_endpoint_service_name":{"type":"string","description":"Indicates the VPC endpoint service name the custom key store uses. \nThis field is required when the `xks_proxy_connectivity` is `VPC_ENDPOINT_SERVICE`.\n"},"xks_proxy_connectivity":{"type":"string","description":"Indicates how AWS KMS communicates with the Ciphertrust Manager.\nThis field is required for a custom key store of type `EXTERNAL_KEY_STORE`.\nDefault value is `PUBLIC_ENDPOINT`.\n","enum":["VPC_ENDPOINT_SERVICE","PUBLIC_ENDPOINT"]},"custom_key_store_type":{"type":"string","description":"Specifies the type of custom key store. The default value is `EXTERNAL_KEY_STORE`.\nFor a custom key store backed by an AWS CloudHSM cluster, the key store type is `AWS_CLOUDHSM`.\nFor a custom key store backed by an HSM or key manager outside of AWS, the key store type is \n`EXTERNAL_KEY_STORE`.\n"}}}},"example":{"name":"cks_name","kms":"aws_account_name","region":"ap-south-1","linked_state":true,"local_hosted_params":{"partition_id":"8f6882be-eced-403a-a578-fe8393539b2d","blocked":false,"health_check_key_id":"511e1344-ad9f-4ee6-9eb5-df94e3c4a17c","max_credentials":10},"aws_param":{"xks_proxy_connectivity":"PUBLIC_ENDPOINT","xks_proxy_uri_endpoint":"https://xks.example.com"}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a9e80f5a-9680-413d-8ec0-c901d3cb04b9","uri":"kylo:kylo:cckm:aws_cks:a9e80f5a-9680-413d-8ec0-c901d3cb04b9","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-01-10T03:09:21.716283215Z","updatedAt":"2022-01-10T03:09:21.714446273Z","name":"cks_name","kms":"aws","region":"ap-south-1","type":"LOCAL","credential_version":1,"kms_id":"7f13c680-d050-4eb8-9ab9-ed6e76b730e9","cloud_name":"aws","version_count":0,"aws_param":{"custom_key_store_name":"cks_name","xks_proxy_uri_endpoint":"https://xks.example.com","xks_proxy_connectivity":"PUBLIC_ENDPOINT","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/8130b47d-a774-4739-8c71-94e733d6177c/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE","custom_key_store_id":"cks-6479457edc5fd993d","connection_state":"DISCONNECTED"},"local_hosted_params":{"blocked":false,"policy":{"reserved":true},"linked_state":true,"partition_label":"cckm-1608012946","partition_id":"8f6882be-eced-403a-a578-fe8393539b2d","source_container_id":"8f6882be-eced-403a-a578-fe8393539b2d","source_container_type":"hsm-luna","health_check_key_id":"339e786b-c236-495c-925e-87bd8bde82ca","health_check_ciphertext":"cf8iW1y5Ks/drIGZMxsgxJ5t27zOn4HAIEB/deQfFETe83RgMGOVCruEqGmXQEOXo338gZD/lRGtG8mYJzQuq+M=","max_credentials":10,"source_key_tier":"local"},"access_key_id":"K045XFG9DFXVOCAK5LH904","secret_access_key":"08ddafe16d4f80c5b64eeacedde02258fd1cc210bd0cfd6df72d8516da1b4a4f","gone":false}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List","description":"Returns a list of AWS custom key stores. The results can be filtered using the query parameters.\n","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by the internal ID of an AWS custom key store."},{"name":"name","in":"query","type":"string","description":"Filter the results by the ID of an AWS custom key store."},{"name":"kms","in":"query","type":"string","description":"Filter the results by the KMS name.","collectionFormat":"multi"},{"name":"kms_id","in":"query","type":"string","description":"Filter the results by the KMS ID.","collectionFormat":"multi"},{"name":"region","in":"query","type":"string","description":"Filter the results by the region.","collectionFormat":"multi"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by the cloud name.","collectionFormat":"multi"},{"name":"type","in":"query","type":"string","description":"Filter the results by type (LOCAL, REMOTE, CloudHSM). This is the key store's CCKM value."},{"name":"blocked","in":"query","type":"boolean","description":"Filter the results by the state of blocked."},{"name":"linked_state","in":"query","type":"boolean","description":"Filter the results by the status of link between CCKM and AWS."},{"name":"xks_proxy_connectivity","in":"query","type":"string","description":"Filter the results by the xks proxy connectivity type (VPC_ENDPOINT_SERVICE or PUBLIC_ENDPOINT)."},{"name":"connection_state","in":"query","type":"string","description":"Filter the results by the connection state of the key store.","collectionFormat":"multi"},{"name":"source_key_tier","in":"query","type":"string","description":"Filter the results by the source key tier ('local' or 'hsm-luna')."},{"name":"custom_key_store_type","in":"query","type":"string","description":"Filter the results by the type of custom key store (EXTERNAL_KEY_STORE or AWS_CLOUDHSM)."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":3,"resources":[{"id":"033716fc-898d-48a4-b12f-a6f2dd0d718b","uri":"kylo:kylo:cckm:aws_cks:033716fc-898d-48a4-b12f-a6f2dd0d718b","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-01-10T03:05:18.788744Z","updatedAt":"2022-01-10T03:05:18.786765Z","name":"cks_name_1","kms":"aws","region":"ap-south-1","type":"LOCAL","credential_version":1,"kms_id":"7f13c680-d050-4eb8-9ab9-ed6e76b730e9","cloud_name":"aws","version_count":0,"aws_param":{"custom_key_store_name":"cks_name_1","xks_proxy_connectivity":"PUBLIC_ENDPOINT","xks_proxy_uri_endpoint":"https://xks.example.com","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/033716fc-898d-48a4-b12f-a6f2dd0d718b/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE","custom_key_store_id":"cks-6479457edc5fd993d","connection_state":"CONNECTED"},"local_hosted_params":{"blocked":false,"policy":{"reserved":false},"source_container_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","source_container_type":"hsm-luna","source_key_tier":"hsm-luna","linked_state":true,"partition_label":"cckm-1608012946","partition_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","health_check_key_id":"339e786b-c236-495c-925e-87bd8bde82ca","health_check_ciphertext":"cf8iW1y5Ks/drIGZMxsgxJ5t27zOn4HAIEB/deQfFETe83RgMGOVCruEqGmXQEOXo338gZD/lRGtG8mYJzQuq+M=","max_credentials":10},"gone":false},{"id":"f8ac82be-7f2f-4dc1-9f7f-2523c90f47c9","uri":"kylo:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb:cckm:aws_cks:f8ac82be-7f2f-4dc1-9f7f-2523c90f47c9","account":"kylo:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb:admin:accounts:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb","createdAt":"2022-07-27T19:25:48.56278Z","updatedAt":"2022-07-27T19:26:25.85136Z","name":"test-cloudhsm-1","kms":"aws_acc_atf","region":"us-west-1","type":"CLOUDHSM","credential_version":0,"kms_id":"5f8e1127-9fff-43e3-bf46-dda95f05b316","cloud_name":"aws","version_count":0,"aws_param":{"custom_key_store_name":"test-cloudhsm-1","cloud_hsm_cluster_id":"cluster-txljbyeoqoi","trust_anchor_certificate":"-----BEGIN CERTIFICATE-----\nMIIDhzCCAm+gAwIBAgIUHdJu4algAFs22h87meBhd9Qe4rMwDQYJKoZIhvcNAQEL\nBQAwUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRAwDgYDVQQHDAdTYW5Kb3Nl\nMQ8wDQYDVQQKDAZUaGFsZXMxFDASBgNVBAsMC0VuZ2luZWVyaW5nMB4XDTIyMDYy\nMzA2NTgwOFoXDTMyMDYyMjA2NTgwOFowUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgM\nAkNBMRAwDgYDVQQHDAdTYW5Kb3NlMQ8wDQYDVQQKDAZUaGFsZXMxFDASBgNVBAsM\nC0VuZ2luZWVyaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvi0o\nwtYFziFlbhtH0X0+0fhvcGLJ4SYTOU50ZGb7GlfsKC4i5vGxXFEJ1QwJ+WmkyXwo\nRCWaXQbFkFIxlDDIgOe64Z8FRiqdRGXPAYWvJC5pM015kOGtuMrT759Ifbux81Ng\nULlUbz7uLGxut+IbLXIG+/lkDI8OtYNLtU4hbTG/QrTieFg7ZQ/IKKbmCKB3m3cv\nl0MzSMZQXMgNmsbb9SATTgSgaBdAF99sp3B78jHFDqikZHvrxjPBRqi/OsSBefmV\nLymMhPBVdF9FWJgL+YpxDjKP4ieo8rqWK9zEDnu6VmVx0guQ40uM4ycaDljBueW6\nJ9FqXFp62FGrGKu2vwIDAQABo1MwUTAdBgNVHQ4EFgQUi/RAIOrEPaUm9T6P+Ju3\nqTKpf90wHwYDVR0jBBgwFoAUi/RAIOrEPaUm9T6P+Ju3qTKpf90wDwYDVR0TAQH/\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAfhC8EghStmPq770Edt6lfoEC6pIO\nUCMoiwnX9KL7WdKPx7auyJmxj3+MbYqMSzilXPA57J1WE6BhT3JOT4nPsO/IpFv2\nfbpUVW9ypwrRQE1S1v6BjvQd5J49c3ZDfH634jCwGwxcBY2gSbZorLb03aH7R2uF\n31jlyotNaUd3eWjo11jwVt9ZhpcxbaiK98Q6UcUro0Ok2BaQdZZthnuMMnwK8iO2\nw3XiEJU3ubUbs1jC6x2Q/RQ28cdAl1tse9/isLeH9yqIEuzFWAHEX5OmpcrW7qcv\nSWLFSofuUkHE1GuN8f4ipAzQ0Fn9Y2C463Q3DCzolhRmJrfXVgM6XLRnHg==\n-----END CERTIFICATE-----\n","number_of_hsms_in_cloudhsm_cluster":2,"custom_key_store_type":"AWS_CLOUDHSM","custom_key_store_id":"cks-7776b462831e1fe29","connection_state":"DISCONNECTED"},"local_hosted_params":{"policy":{"reserved":false},"linked_state":true},"gone":false},{"id":"da2a7b6a-c9f9-44fe-9747-964e7e1b398e","uri":"kylo:kylo:cckm:aws_cks:3759b421-45b8-4096-a81d-12988fc883b4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-04-21T08:39:05.308885Z","updatedAt":"2022-04-21T08:39:05.307262Z","name":"cks_name_3","kms":"aws","region":"us-west-1","type":"LOCAL","credential_version":1,"kms_id":"2c7c43c4-3838-4897-802e-4ab5b22330fc","cloud_name":"aws","version_count":0,"aws_param":{"custom_key_store_name":"cks_name_3","xks_proxy_uri_endpoint":"https://xks.example.com","xks_proxy_connectivity":"VPC_ENDPOINT_SERVICE","xks_proxy_vpc_endpoint_service_name":"com.amazonaws.vpce.us-east-1.vpce-svc-03d5ed","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/da2a7b6a-c9f9-44fe-9747-964e7e1b398e/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE","custom_key_store_id":"cks-6479457edc5fd993d","connection_state":"DISCONNECTED"},"local_hosted_params":{"blocked":false,"policy":{"reserved":false},"source_container_id":"8f6882be-eced-403a-a578-fe8393539b2d","source_container_type":"hsm-luna","source_key_tier":"hsm-luna","linked_state":false,"partition_label":"cckm-1608012946","partition_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","health_check_key_id":"511e1344-ad9f-4ee6-9eb5-df94e3c4a17c","health_check_ciphertext":"cf8iW1y5Ks/drIGZMxsgxJ5t27zOn4HAIEB/deQfFETe83RgMGOVCruEqGmXQEOXo338gZD/lRGtG8mYJzQuq+M=","max_credentials":10},"gone":false}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an AWS custom key store with the given `id`.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a9e80f5a-9680-413d-8ec0-c901d3cb04b9","uri":"kylo:kylo:cckm:aws_cks:a9e80f5a-9680-413d-8ec0-c901d3cb04b9","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-01-10T03:09:21.716283Z","updatedAt":"2022-01-10T03:09:21.714446Z","name":"cks_name","kms":"aws","region":"ap-south-1","type":"LOCAL","credential_version":1,"kms_id":"7f13c680-d050-4eb8-9ab9-ed6e76b730e9","cloud_name":"aws","version_count":0,"aws_param":{"xks_proxy_connectivity":"PUBLIC_ENDPOINT","connection_state":"","xks_proxy_uri_endpoint":"https://xks.example.com","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/a9e80f5a-9680-413d-8ec0-c901d3cb04b9/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE"},"local_hosted_params":{"partition_label":"cckm-1608012946","partition_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","health_check_key_id":"511e1344-ad9f-4ee6-9eb5-df94e3c4a17c","health_check_ciphertext":"cf8iW1y5Ks/drIGZMxsgxJ5t27zOn4HAIEB/deQfFETe83RgMGOVCruEqGmXQEOXo338gZD/lRGtG8mYJzQuq+M=","blocked":false,"policy":{"reserved":false},"source_container_id":"8f6882be-eced-403a-a578-fe8393539b2d","source_container_type":"hsm-luna","source_key_tier":"hsm-luna","linked_state":false,"max_credentials":10},"gone":false}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Removes an AWS custom key store from CCKM.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"204":{"description":"No Content | AWS custom key store was removed from CCKM successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Edit","description":"Edit an AWS custom key store.","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"Update parameters for custom key store.","schema":{"type":"object","title":"Update parameters for custom key store","properties":{"name":{"type":"string","description":"New name for custom key store."},"aws_param":{"type":"object","properties":{"cloud_hsm_cluster_id":{"type":"string","description":"New CloudHSM cluster ID.\nThis field is applicable only for a custom key store of type `AWS_CLOUDHSM`.\n"},"key_store_password":{"type":"string","description":"New password of kmsuser CU (crypto user) account in the specified CloudHSM cluster.\nThis parameter does not change the password in CloudHSM cluster.\nConfigure the credentials on CloudHSM cluster separately.\nApplicable only for a custom key store of type `AWS_CLOUDHSM`.\n"},"xks_proxy_connectivity":{"type":"string","description":"Change how AWS KMS communicates with the Ciphertrust Manager. This field is applicable only for a custom key store of type `EXTERNAL_KEY_STORE`.","enum":["VPC_ENDPOINT_SERVICE","PUBLIC_ENDPOINT"]},"xks_proxy_vpc_endpoint_service_name":{"type":"string","description":"Indicates the VPC endpoint service name used by the custom key store. \nRequired when the xks_proxy_connectivity is `VPC_ENDPOINT_SERVICE`\n"},"xks_proxy_uri_endpoint":{"type":"string","description":"New XKS proxy URI endpoint.\nThis field is applicable only for custom key store of type `EXTERNAL_KEY_STORE`.\n"}}},"local_hosted_params":{"type":"object","properties":{"health_check_key_id":{"type":"string","description":"ID of an existing LUNA key (if source key tier is 'hsm-luna') or CipherTrust key (if source key tier is 'local') to use for health check of the custom key store.\nCrypto operation would be performed using this key.\n\nKey needs to be Symmetric AES-256 key. \nKey can be created by calling either of below API:\n - POST `/v1/cckm/hsm/luna/keys` API for LUNA key if source key tier is 'hsm-luna' OR\n - POST `/v1/vault/keys2/` API for CipherTrust key if source key tier is 'local'.\n"}}}},"example":{"name":"new_name_1234","aws_param":{"xks_proxy_uri_endpoint":"https://xksproxy.mycompany.com"},"local_hosted_params":{"health_check_key_id":"a9e80f5a-9680-413d-8ec0-c901d3cb04c0"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a9e80f5a-9680-413d-8ec0-c901d3cb04b9","uri":"kylo:kylo:cckm:aws_cks:a9e80f5a-9680-413d-8ec0-c901d3cb04b9","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-01-10T03:09:21.716283Z","updatedAt":"2022-01-10T03:09:21.714446Z","name":"new_name_1234","kms":"aws","region":"ap-south-1","type":"LOCAL","credential_version":1,"kms_id":"7f13c680-d050-4eb8-9ab9-ed6e76b730e9","cloud_name":"aws","version_count":0,"aws_param":{"xks_proxy_connectivity":"PUBLIC_ENDPOINT","connection_state":"DISCONNECTED","custom_key_store_type":"EXTERNAL_KEY_STORE","custom_key_store_id":"cks-6479457edc5fd993d","xks_proxy_uri_endpoint":"https://xksproxy.mycompany.com","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/736d4b20-fe22-4139-b39f-622404dc725e/kms/xks/v1"},"local_hosted_params":{"partition_label":"cckm-1608012946","partition_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","blocked":false,"health_check_key_id":"a9e80f5a-9680-413d-8ec0-c901d3cb04c0","policy":{"reserved":false},"source_container_id":"","source_container_type":"","source_key_tier":"hsm-luna","linked_state":false,"max_credentials":10},"gone":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{id}/create-aws-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Creates a KMS key in a custom key store that is backed by a CloudHSM.","description":"Creates a KMS key in a CloudHSM-backed custom key store. Only symmetric keys are supported.","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"Creates an AWS CloudHSM key.","schema":{"type":"object","title":"Create AWS CloudHSM Key.","required":["aws_param"],"properties":{"policytemplate":{"type":"string","description":"ID of the policy template to apply. Policy template is mutually exclusive to all other policy parameters. If no policy parameters are specified, the default policy is used."},"key_users":{"type":"array","description":"IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used.","items":{"type":"string"}},"key_users_roles":{"type":"array","description":"IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used.","items":{"type":"string"}},"key_admins":{"type":"array","description":"IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used.","items":{"type":"string"}},"key_admins_roles":{"type":"array","description":"IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used.","items":{"type":"string"}},"external_accounts":{"type":"array","description":"AWS accounts that can use this key. External accounts are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used.","items":{"type":"string"}},"aws_param":{"type":"object","description":"AWS key parameters.","required":["Alias"],"properties":{"Tags":{"type":"array","items":{"type":"object","title":"Tags","properties":{"TagKey":{"description":"Key of the tag. A tag is a key-value pair.","type":"string"},"TagValue":{"description":"Value corresponding to the key of the tag.","type":"string"}}}},"Alias":{"type":"string","description":"Alias for the key. It is a required field."},"Description":{"type":"string","description":"Description of the key."},"Policy":{"type":"object","description":"Key policy to attach to the KMS key. Policy is mutually exclusive to all other policy parameters. If no policy parameters are specified, the default policy is used."}}}},"example":{"aws_param":{"Description":"Test CloudHSM key","Alias":"cloudhsmkey13","Tags":[{"TagKey":"tag3","TagValue":"value3"}]},"key_admins":["john.doe"],"key_admins_roles":["aws-service-role/elasticfilesystem.amazonaws.com/AWSServiceRoleForAmazonElasticFileSystem"],"key_users":["richard-roe"],"key_users_roles":["aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport"]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"0016ea0c-8f37-44ac-ac8f-3b5396130a19","uri":"kylo:kylo-81539629-e4b5-4d77-933f-30174a27dc20:cckm:aws-key:0016ea0c-8f37-44ac-ac8f-3b5396130a19","account":"kylo:kylo-81539629-e4b5-4d77-933f-30174a27dc20:admin:accounts:kylo-81539629-e4b5-4d77-933f-30174a27dc20","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-08-09T23:05:48.03608398Z","updatedAt":"2022-08-09T23:05:48.033508896Z","kms_id":"7262dee3-e0dc-4a0c-91c5-40395dd8f92e","kms":"aws_acc_atf","synced_at":"2022-08-09T23:05:48.027918202Z","rotation_status":"","cloud_name":"aws","key_users":["arn:aws:iam::556782317223:user/richard-roe"],"key_users_roles":["arn:aws:iam::556782317223:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport"],"key_admins":["arn:aws:iam::556782317223:user/john.doe"],"key_admins_roles":["arn:aws:iam::556782317223:role/aws-service-role/elasticfilesystem.amazonaws.com/AWSServiceRoleForAmazonElasticFileSystem"],"key_type":"symmetric","basic_view_enabled":true,"region":"eu-west-1","gone":false,"blocked":false,"linked_state":true,"key_material_origin":"CloudHSM","key_source":"CloudHSM","custom_key_store_id":"1421d123-5cfc-4291-bc3f-4232362a8ee4","custom_key_store_name":"test-eu-cloudhsm-2","aws_param":{"AWSAccountId":"556782317223","Arn":"arn:aws:kms:eu-west-1:556782359223:key/0c0389d3-d327-4689-b8f9-0f966f83424c","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Test CloudHSM key ","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"0c0389d3-d327-4689-b8f9-0f966f83424c","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_CLOUDHSM","CreationDate":"2022-08-09T23:05:47.448Z","Policy":{"Version":"2012-10-17","Id":"key-consolepolicy-3","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::556782359223:root"},"Action":"kms:*","Resource":"*"},{"Sid":"Allow access for Key Administrators","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::556782359223:role/aws-service-role/elasticfilesystem.amazonaws.com/AWSServiceRoleForAmazonElasticFileSystem","arn:aws:iam::556782359223:user/john.doe"]},"Action":["kms:Create*","kms:Describe*","kms:Enable*","kms:List*","kms:Put*","kms:Update*","kms:Revoke*","kms:Disable*","kms:Get*","kms:Delete*","kms:TagResource","kms:UntagResource","kms:ScheduleKeyDeletion","kms:CancelKeyDeletion"],"Resource":"*"},{"Sid":"Allow use of the key","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::556782359223:user/richard-roe","arn:aws:iam::556782359223:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport"]},"Action":["kms:Encrypt","kms:Decrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:DescribeKey"],"Resource":"*"},{"Sid":"Allow attachment of persistent resources","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::556782359223:user/richard-roe","arn:aws:iam::556782359223:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport"]},"Action":["kms:CreateGrant","kms:ListGrants","kms:RevokeGrant"],"Resource":"*","Condition":{"Bool":{"kms:GrantIsForAWSResource":"true"}}}]},"Alias":["alias/cloudhsmkey13"],"Tags":[{"TagKey":"tag3","TagValue":"value3"}],"KeyRotationEnabled":false,"CustomKeyStoreId":"cks-ea58c749fdb248c96"}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{id}/block":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Block access to an AWS custom key store.","description":"Block access to encrypt, decrypt, and health requests to an AWS custom key store. Applicable only to external key stores.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a9e80f5a-9680-413d-8ec0-c901d3cb04b9","uri":"kylo:kylo:cckm:aws_cks:a9e80f5a-9680-413d-8ec0-c901d3cb04b9","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-01-10T03:09:21.716283Z","updatedAt":"2022-01-10T03:09:21.714446Z","name":"cks_name","kms":"aws","region":"ap-south-1","type":"LOCAL","credential_version":1,"kms_id":"7f13c680-d050-4eb8-9ab9-ed6e76b730e9","cloud_name":"aws","version_count":0,"aws_param":{"xks_proxy_connectivity":"PUBLIC_ENDPOINT","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/62c7fcd4-abc3-4f55-a8fb-0e521423ba27/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE","connection_state":""},"local_hosted_params":{"partition_label":"cckm-1608012946","partition_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","health_check_key_id":"511e1344-ad9f-4ee6-9eb5-df94e3c4a17c","health_check_ciphertext":"cf8iW1y5Ks/drIGZMxsgxJ5t27zOn4HAIEB/deQfFETe83RgMGOVCruEqGmXQEOXo338gZD/lRGtG8mYJzQuq+M=","blocked":true,"policy":{"reserved":false},"source_container_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","source_container_type":"hsm-luna","linked_state":false,"max_credentials":10},"gone":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{id}/unblock":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Unblock access to an AWS custom key store","description":"Unblock access to encrypt, decrypt, and health requests to an AWS custom key store. Applicable only to external key stores.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a9e80f5a-9680-413d-8ec0-c901d3cb04b9","uri":"kylo:kylo:cckm:aws_cks:a9e80f5a-9680-413d-8ec0-c901d3cb04b9","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-01-10T03:09:21.716283Z","updatedAt":"2022-01-10T03:09:21.714446Z","name":"cks_name","kms":"aws","region":"ap-south-1","type":"LOCAL","credential_version":1,"kms_id":"7f13c680-d050-4eb8-9ab9-ed6e76b730e9","cloud_name":"aws","version_count":0,"aws_param":{"xks_proxy_connectivity":"PUBLIC_ENDPOINT","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/62c7fcd4-abc3-4f55-a8fb-0e521423ba27/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE","connection_state":""},"local_hosted_params":{"partition_label":"cckm-1608012946","partition_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","health_check_key_id":"511e1344-ad9f-4ee6-9eb5-df94e3c4a17c","health_check_ciphertext":"cf8iW1y5Ks/drIGZMxsgxJ5t27zOn4HAIEB/deQfFETe83RgMGOVCruEqGmXQEOXo338gZD/lRGtG8mYJzQuq+M=","blocked":false,"policy":{"reserved":false},"source_container_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","source_container_type":"hsm-luna","linked_state":false,"max_credentials":10},"gone":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{id}/connect":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Connect","description":"Connects to an AWS custom key store using the AWS KMS API.","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"Parameters to connect a custom key store.","schema":{"type":"object","title":"Parameters to connect a custom key store.","properties":{"key_store_password":{"type":"string","description":"The password of the kmsuser crypto user (CU) account configured in the specified CloudHSM cluster.\nThis parameter does not change the password in CloudHSM cluster.\nUser needs to configure the credentials on CloudHSM cluster separately.\nRequired field for custom key store of type `AWS_CLOUDHSM`. Omit for External Key Stores.\n"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"7527884a-6f73-4d4b-8078-64e35640629c","uri":"kylo:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb:cckm:aws_cks:7527884a-6f73-4d4b-8078-64e35640629c","account":"kylo:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb:admin:accounts:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb","createdAt":"2022-07-27T21:12:48.903987Z","updatedAt":"2022-07-27T21:12:49.75161Z","name":"cks_1","kms":"aws","region":"us-east-1","type":"LOCAL","credential_version":1,"kms_id":"8aa11278-2547-4a63-b0dd-1e1464e6433c","cloud_name":"aws","version_count":0,"aws_param":{"custom_key_store_name":"cks_1","xks_proxy_uri_endpoint":"https://demo-xksproxy.test.com","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/7527884a-6f73-4d4b-8078-64e35640629c/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE","custom_key_store_id":"cks-8a87408fb819ddb94","xks_proxy_connectivity":"PUBLIC_ENDPOINT","connection_state":"CONNECTED"},"local_hosted_params":{"blocked":false,"policy":{"reserved":false},"source_container_id":"f152b503-5f01-4735-b1ac-49c3a9734fa7","source_container_type":"hsm-luna","linked_state":true,"partition_label":"aws_cm_vpc_par1","partition_id":"f152b503-5f01-4735-b1ac-49c3a9734fa7","health_check_key_id":"615c1278-cfa4-4f85-8b0a-848dae3cafa2","health_check_ciphertext":"UYKUHavXloi8gKcRVFEc5SCLkUS8taf8EjqliRb3xSGUIMz4X2kRv9Qd7yog84IaYDF/SJ6EvMFjxGTCmQcCBFU=","max_credentials":5},"gone":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{id}/disconnect":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disconnect","description":"Disconnects the AWS custom key store using the AWS KMS API","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"7527884a-6f73-4d4b-8078-64e35640629c","uri":"kylo:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb:cckm:aws_cks:7527884a-6f73-4d4b-8078-64e35640629c","account":"kylo:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb:admin:accounts:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb","createdAt":"2022-07-27T21:12:48.903987Z","updatedAt":"2022-07-27T21:12:49.75161Z","name":"cks_1","kms":"aws","region":"us-east-1","type":"LOCAL","credential_version":1,"kms_id":"8aa11278-2547-4a63-b0dd-1e1464e6433c","cloud_name":"aws","version_count":0,"aws_param":{"custom_key_store_name":"cks_1","xks_proxy_uri_endpoint":"https://demo-xksproxy.test.com","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/7527884a-6f73-4d4b-8078-64e35640629c/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE","custom_key_store_id":"cks-8a87408fb819ddb94","xks_proxy_connectivity":"PUBLIC_ENDPOINT","connection_state":"DISCONNECTED"},"local_hosted_params":{"blocked":false,"policy":{"reserved":false},"source_container_id":"f152b503-5f01-4735-b1ac-49c3a9734fa7","source_container_type":"hsm-luna","linked_state":true,"partition_label":"aws_cm_vpc_par1","partition_id":"f152b503-5f01-4735-b1ac-49c3a9734fa7","health_check_key_id":"615c1278-cfa4-4f85-8b0a-848dae3cafa2","health_check_ciphertext":"UYKUHavXloi8gKcRVFEc5SCLkUS8taf8EjqliRb3xSGUIMz4X2kRv9Qd7yog84IaYDF/SJ6EvMFjxGTCmQcCBFU=","max_credentials":5},"gone":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{id}/link":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Link local CKS with AWS","description":"Link a local custom key store with an AWS custom key store. Applicable only to External Key Stores.","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"Link a local custom key store with an AWS custom key store.","schema":{"type":"object","title":"Link local custom key store with AWS custom key store.","required":["aws_param"],"properties":{"aws_param":{"type":"object","description":"Parameters related to AWS interaction with a custom key store.","required":["xks_proxy_uri_endpoint"],"properties":{"xks_proxy_uri_endpoint":{"type":"string","description":"Indicates the URL endpoint the custom key store uses."},"xks_proxy_vpc_endpoint_service_name":{"type":"string","description":"Indicates the VPC endpoint service name the custom key store uses. \nThis field is required when the xks_proxy_connectivity of the custom key store is VPC_ENDPOINT_SERVICE.\n"}}}},"example":{"aws_param":{"xks_proxy_uri_endpoint":"https://dev3-xksproxy.thalescpl.io","xks_proxy_vpc_endpoint_service_name":"com.amazonaws.vpce.us-east-1.vpce-svc-03d5ed"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a9e80f5a-9680-413d-8ec0-c901d3cb04b9","uri":"kylo:kylo:cckm:aws_cks:a9e80f5a-9680-413d-8ec0-c901d3cb04b9","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-01-10T03:09:21.716283Z","updatedAt":"2022-01-10T03:09:21.714446Z","name":"cks_name_1","kms":"aws","region":"ap-south-1","type":"LOCAL","credential_version":1,"kms_id":"7f13c680-d050-4eb8-9ab9-ed6e76b730e9","cloud_name":"aws","version_count":0,"aws_param":{"custom_key_store_name":"cks_name_1","xks_proxy_uri_endpoint":"https://dev3-xksproxy.thalescpl.io","xks_proxy_vpc_endpoint_service_name":"com.amazonaws.vpce.us-east-1.vpce-svc-03d5ed","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/35164f70-2308-4a02-b2ee-436c478beaa1/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE","custom_key_store_id":"cks-007ee1e9c09e6690e","xks_proxy_connectivity":"VPC_ENDPOINT_SERVICE","connection_state":"CONNECTED"},"local_hosted_params":{"partition_label":"cckm-1608012946","partition_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","health_check_key_id":"511e1344-ad9f-4ee6-9eb5-df94e3c4a17c","health_check_ciphertext":"Dp5Dn3azWYBt5AZaIEqEiEdD53GH0XRMzXoYgRlPEX1Ooq+HjcTp8jTA3H67uNYY4WWPSIMGQfH5CaNqMufSZ5Q=","blocked":true,"policy":{"reserved":false},"source_container_id":"80d88390-78bd-40e2-bbac-b1782ed6e456","source_container_type":"hsm-luna","linked_state":true,"max_credentials":10},"gone":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronizes AWS custom key stores.\n","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"Synchronizes AWS custom key stores.","schema":{"type":"object","title":"Name or ID of KMS resource from which the AWS custom key stores will be synchronized.","properties":{"kms":{"type":"array","items":{"type":"string"},"description":"Name or ID of KMS resource from which the AWS custom key stores will be synchronized. synchronize_all and kms, regions are mutually exclusive. Specify either synchronize_all or kms and regions."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all custom key stores from all kms and regions. synchronize_all and kms, regions are mutually exclusive. Specify either synchronize_all or kms and regions."},"regions":{"type":"array","items":{"type":"string"},"description":"Regions from which the AWS custom key stores will be synchronized. If not specified, custom key stores from all regions are synchronized. synchronize_all and kms, regions are mutually exclusive. Specify either synchronize_all or kms and regions."}}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"84980655-f1df-40e1-a2ec-736ac77a7889","uri":"kylo:kylo:cckm:synchronize:84980655-f1df-40e1-a2ec-736ac77a7889","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:40:04.915495495Z","updatedAt":"2020-08-06T09:40:04.918785299Z","overall_status":"in progress","cloud":"aws","kms":["de0b5a77-918a-453e-8675-604133a8984e"],"abort":false}}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns the list of updated synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by synchronization overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"kms","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results of synchronization by kms."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"84980655-f1df-40e1-a2ec-736ac77a7889","uri":"kylo:kylo:cckm:synchronize:84980655-f1df-40e1-a2ec-736ac77a7889","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:40:04.915495Z","updatedAt":"2020-08-06T09:40:33.308945Z","overall_status":"in progress","detailed_status":{"123456789012/ap-south-1":"region synchronized successfully","123456789012/eu-north-1":"region synchronized successfully","123456789012/eu-west-2":"region synchronized successfully","123456789012/eu-west-3":"region synchronized successfully"},"cloud":"aws","kms":["de0b5a77-918a-453e-8675-604133a8984e"],"abort":false}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a synchronize process with the given ID.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"84980655-f1df-40e1-a2ec-736ac77a7889","uri":"kylo:kylo:cckm:synchronize:84980655-f1df-40e1-a2ec-736ac77a7889","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:40:04.915495Z","updatedAt":"2020-08-06T09:43:31.731954Z","overall_status":"in progress","detailed_status":{"123456789012/ap-northeast-1":"region synchronized successfully","123456789012/ap-northeast-2":"region synchronized successfully","123456789012/ap-south-1":"region synchronized successfully","123456789012/ap-southeast-1":"region synchronized successfully","123456789012/ap-southeast-2":"region synchronized successfully","123456789012/ca-central-1":"region synchronized successfully","123456789012/eu-west-2":"region synchronized successfully","123456789012/eu-west-3":"region synchronized successfully","123456789012/sa-east-1":"region synchronized successfully","123456789012/us-east-1":"in progress"},"cloud":"aws","kms":["de0b5a77-918a-453e-8675-604133a8984e"],"abort":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels a synchronization job.\n","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"e8f2e77d-95e8-46f6-891f-37469da3bf57","uri":"kylo:kylo:cckm:synchronize:e8f2e77d-95e8-46f6-891f-37469da3bf57","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:46:06.534541Z","updatedAt":"2020-08-06T09:46:25.768957301Z","overall_status":"in progress","detailed_status":{"123456789012/eu-north-1":"in progress"},"cloud":"aws","kms":["de0b5a77-918a-453e-8675-604133a8984e"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{id}/rotate-credential":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Rotate","description":"This API is applicable for custom key store of type `EXTERNAL_KEY_STORE`.\nRotates credential for a given external custom key store. \nFor linked key store, rotated (new) credential will be updated in AWS KMS. \nAll credentials (new & old) associated with key store will continue to work, until deleted by the user.\n","tags":["CCKM/AWS Custom Key Stores"],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"7527884a-6f73-4d4b-8078-64e35640629c","uri":"kylo:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb:cckm:aws_cks:7527884a-6f73-4d4b-8078-64e35640629c","account":"kylo:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb:admin:accounts:kylo-6d18dd9a-9302-4605-b19e-2d67eb0956eb","createdAt":"2022-07-27T21:12:48.903987Z","updatedAt":"2022-07-27T21:12:49.75161Z","name":"cks_1","kms":"aws_acc","region":"us-east-1","type":"LOCAL","credential_version":1,"kms_id":"8aa11278-2547-4a63-b0dd-1e1464e6433c","cloud_name":"aws","version_count":0,"aws_param":{"custom_key_store_name":"cks_1","xks_proxy_uri_endpoint":"https://demo-xksproxy.test.com","xks_proxy_uri_path":"/api/v1/cckm/aws/xks-proxy-endpoints/7527884a-6f73-4d4b-8078-64e35640629c/kms/xks/v1","custom_key_store_type":"EXTERNAL_KEY_STORE","custom_key_store_id":"cks-8a87408fb819ddb94","xks_proxy_connectivity":"PUBLIC_ENDPOINT","connection_state":"DISCONNECTED"},"local_hosted_params":{"blocked":false,"policy":{"reserved":false},"source_container_id":"f152b503-5f01-4735-b1ac-49c3a9734fa7","source_container_type":"hsm-luna","linked_state":true,"partition_label":"aws_cm_vpc_par1","partition_id":"f152b503-5f01-4735-b1ac-49c3a9734fa7","health_check_key_id":"615c1278-cfa4-4f85-8b0a-848dae3cafa2","health_check_ciphertext":"UYKUHavXloi8gKcRVFEc5SCLkUS8taf8EjqliRb3xSGUIMz4X2kRv9Qd7yog84IaYDF/SJ6EvMFjxGTCmQcCBFU=","max_credentials":5},"access_key_id":"52EKEOV2JFCCNVSYRIV2","secret_access_key":"dc00ea89acd936f72409483623bb9f463662ec699d4cb34b01f20ef8ee1218fa","credential_count":2,"oldest_credentials_id":"8ceeb249-47cb-4f9a-bdaf-bd5de59c3174","gone":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{id}/credentials":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the list of credentials for a given AWS custom key store.\n","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"access_key_id","in":"query","type":"string","description":"Filter the results by access key id."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"4b7dcd7e-47a9-4234-8905-e1b7eb850fd5","uri":"kylo:kylo:cckm:aws_cks_credentials:4b7dcd7e-47a9-4234-8905-e1b7eb850fd5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-12-23T16:25:49.463283Z","updatedAt":"2021-12-23T16:25:49.460296Z","custom_key_store_id":"40d4d382-97ca-4974-86e3-631ccd9ff364","access_key_id":"generated_access_id","cloud_name":"aws"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/{customKeyStoreID}/credentials/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"customKeyStoreID","in":"path","description":"An identifier of AWS Custom Key Store.","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of the credential for an AWS custom key store with the given `id`.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"4b7dcd7e-47a9-4234-8905-e1b7eb850fd5","uri":"kylo:kylo:cckm:aws_cks_credentials:4b7dcd7e-47a9-4234-8905-e1b7eb850fd5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-12-23T16:25:49.463283Z","updatedAt":"2021-12-23T16:25:49.460296Z","custom_key_store_id":"40d4d382-97ca-4974-86e3-631ccd9ff364","version":1,"access_key_id":"generated_access_id","cloud_name":"aws"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes the credential of an AWS custom key store from the CCKM.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"204":{"description":"No Content | The credential of an AWS custom key store was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/custom-key-stores/get-unused-cloudhsm-clusters":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"List unused AWS CloudHSM clusters","description":"List CloudHSM clusters in the specified region that are not already associated with a CloudHSM key store.\n","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"List unused AWS CloudHSM clusters associated with the KMS and the region.","schema":{"type":"object","title":"List unused AWS CloudHSM clusters associated with the KMS and the region.","required":["kms","region"],"properties":{"kms":{"type":"string","description":"Name or ID of KMS resource from which the AWS CloudHSM clusters will be retrieved."},"region":{"type":"string","description":"AWS region from which the AWS CloudHSM clusters will be retrieved."}},"example":{"kms":"eab80374-04c2-468a-b732-ce90596f6db0","region":"us-west-1"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"total":2,"detailed_status":"Unused CloudHSM cluster(s) found","resources":[{"BackupPolicy":"DEFAULT","BackupRetentionPolicy":{"Type":"DAYS","Value":"45"},"Certificates":{"AwsHardwareCertificate":null,"ClusterCertificate":"-----BEGIN CERTIFICATE-----\nMIIEczCCAlsCCQCkL360L0D8ODANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJD\nQTELMAkGA1UECAwCUUMxETAPBgNVBAcMCE1vbnRyZWFsMRAwDgYDVQQKDAdHZW1h\nbHRvMQ0wCwYDVQQLDARJRFNTMRwwGgYDVQQDDBNUZXN0Q2xvdWRIU01DbHVzdGVy\nMB4XDTE4MDMwODIyMjMzNloXDTI4MDMwNzIyMjMzNlowgYoxRDAJBgNVBAYTAlVT\nMAkGA1UECAwCQ0EwDQYDVQQKDAZDYXZpdW0wDQYDVQQLDAZOM0ZJUFMwDgYDVQQH\nDAdTYW5Kb3NlMUIwQAYDVQQDDDlIU006ODYxNkE0MkY4Q0M5NEZEQkJGNTY5Q0ZE\nNkM1NUVCOlBBUlROOjgsIGZvciBGSVBTIG1vZGUwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQC6BOMjF7WK0M2hD6WbkW1qPkizTbF1+iAcZAjBTKn6DaFb\nY5fFl3vl52yRno66vWSMxnjcKxyDGBZ5mm+/cmk4sHgpCYnUKQ5hNy/aQP1ZM8IW\n5lYVqBRuqdhTFkEfYctuxjueiyyRU0rpUNWqEbFQO2h9MOtqI2qkogU9yzWASB6l\nekr/zAwl9qx6EEFW/B/VkN/v3a3CHqdYKu0ANDlNSI8481MQF29WtAmyCy6mUdIa\nRO/S/BcBxnIns+nTpvsd7EGtZ+TUPou+qbxgLQW0JOxg6kkUzS0SE370dtiqt0G3\nhjzpMF6fGo5Lz4Xhu4N6EgA/Q6zd0f9ZKjOIdI/xAgMBAAEwDQYJKoZIhvcNAQEL\nBQADggIBALbJkWPp4w+NjAc9b54I76gEE9Lb8y/oO6mk5yQo2nrvCYFqYcCjjD9G\ncQW7KmK300UuUVTTnfjEh4Txjdp4iy46GFBL5+Kn6p6Q6TMWU6CzCtDdWoNcbK+w\nofjotWtCe83NDfCJb0EBSZ8uvq12c7EczoCcyJVvaamRzmVG3f+h2qLgazudkY9s\nwYFNMzhXaw4z8FJpzEtC4QmmRV4zjZJYmA6Wzz9N0Rr8GhaVGAhM6rV8EvFP0Y8N\nz6W7/hQ8gmek8Ts+u7YMY0HWU6jY6jndnIoXGeBbVnYn04P6eJiSORhmz1ZF5YSC\nwMAUW+w6kkdItgSuHgLRzAPeJoxxlIjkQAOeHLF4WQCc2oaahtnbYZUgt5ADQmlS\nywu3qFCsheZiG5nMPQJu6zrVk1mLArGWXfXJZ7myZjZKKoXl3g/mTz1tqLj/CIl8\nZWYHyBrdLKNI9t3hTHAKtCD5S5LoOFkFHvVw6uZ5wwW5WyBvG5NFJr42Y0egK85L\n97q2avnfH4VuqN1MwhohcfC+E8tsbcE1n74rpoTNoDoOG1kLWWBu2QflIHW+zJMI\nC5uOK6QKckNiMdwsn1olbCABDPCuWXYCFF6qh252QDJGiHf94hKoelOjtujyT1cC\nlNJao5IdI6KtCoMcvHBBeioODUHQKi1MwCq3nCq/FyKh67qPobaA\n-----END CERTIFICATE-----\n","ClusterCsr":null,"HsmCertificate":null,"ManufacturerHardwareCertificate":null},"ClusterId":"cluster-7rq2hgwvl5o","CreateTimestamp":"2021-08-04T18:46:37.841Z","HsmType":"hsm1.medium","Hsms":[],"PreCoPassword":null,"SecurityGroup":"sg-01cd078a29065ebc0","SourceBackupId":"backup-tecrwims3np","State":"ACTIVE","StateMessage":null,"SubnetMapping":{"us-east-1a":"subnet-8e7983f9","us-east-1b":"subnet-8842a6d1","us-east-1d":"subnet-6d565145"},"TagList":[{"Key":"customer-issue","Value":"first-republic"}],"VpcId":"vpc-4dc16428"},{"BackupPolicy":"DEFAULT","BackupRetentionPolicy":{"Type":"DAYS","Value":"1075"},"Certificates":{"AwsHardwareCertificate":null,"ClusterCertificate":"-----BEGIN CERTIFICATE-----\nMIIEczCCAlsCCQCkL360L0D8ODANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJD\nQTELMAkGA1UECAwCUUMxETAPBgNVBAcMCE1vbnRyZWFsMRAwDgYDVQQKDAdHZW1h\nbHRvMQ0wCwYDVQQLDARJRFNTMRwwGgYDVQQDDBNUZXN0Q2xvdWRIU01DbHVzdGVy\nMB4XDTE4MDMwODIyMjMzNloXDTI4MDMwNzIyMjMzNlowgYoxRDAJBgNVBAYTAlVT\nMAkGA1UECAwCQ0EwDQYDVQQKDAZDYXZpdW0wDQYDVQQLDAZOM0ZJUFMwDgYDVQQH\nDAdTYW5Kb3NlMUIwQAYDVQQDDDlIU006ODYxNkE0MkY4Q0M5NEZEQkJGNTY5Q0ZE\nNkM1NUVCOlBBUlROOjgsIGZvciBGSVBTIG1vZGUwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQC6BOMjF7WK0M2hD6WbkW1qPkizTbF1+iAcZAjBTKn6DaFb\nY5fFl3vl52yRno66vWSMxnjcKxyDGBZ5mm+/cmk4sHgpCYnUKQ5hNy/aQP1ZM8IW\n5lYVqBRuqdhTFkEfYctuxjueiyyRU0rpUNWqEbFQO2h9MOtqI2qkogU9yzWASB6l\nekr/zAwl9qx6EEFW/B/VkN/v3a3CHqdYKu0ANDlNSI8481MQF29WtAmyCy6mUdIa\nRO/S/BcBxnIns+nTpvsd7EGtZ+TUPou+qbxgLQW0JOxg6kkUzS0SE370dtiqt0G3\nhjzpMF6fGo5Lz4Xhu4N6EgA/Q6zd0f9ZKjOIdI/xAgMBAAEwDQYJKoZIhvcNAQEL\nBQADggIBALbJkWPp4w+NjAc9b54I76gEE9Lb8y/oO6mk5yQo2nrvCYFqYcCjjD9G\ncQW7KmK300UuUVTTnfjEh4Txjdp4iy46GFBL5+Kn6p6Q6TMWU6CzCtDdWoNcbK+w\nofjotWtCe83NDfCJb0EBSZ8uvq12c7EczoCcyJVvaamRzmVG3f+h2qLgazudkY9s\nwYFNMzhXaw4z8FJpzEtC4QmmRV4zjZJYmA6Wzz9N0Rr8GhaVGAhM6rV8EvFP0Y8N\nz6W7/hQ8gmek8Ts+u7YMY0HWU6jY6jndnIoXGeBbVnYn04P6eJiSORhmz1ZF5YSC\nwMAUW+w6kkdItgSuHgLRzAPeJoxxlIjkQAOeHLF4WQCc2oaahtnbYZUgt5ADQmlS\nywu3qFCsheZiG5nMPQJu6zrVk1mLArGWXfXJZ7myZjZKKoXl3g/mTz1tqLj/CIl8\nZWYHyBrdLKNI9t3hTHAKtCD5S5LoOFkFHvVw6uZ5wwW5WyBvG5NFJr42Y0egK85L\n97q2avnfH4VuqN1MwhohcfC+E8tsbcE1n74rpoTNoDoOG1kLWWBu2QflIHW+zJMI\nC5uOK6QKckNiMdwsn1olbCABDPCuWXYCFF6qh252QDJGiHf94hKoelOjtujyT1cC\nlNJao5IdI6KtCoMcvHBBeioODUHQKi1MwCq3nCq/FyKh67qPobaA\n-----END CERTIFICATE-----\n","ClusterCsr":null,"HsmCertificate":null,"ManufacturerHardwareCertificate":null},"ClusterId":"cluster-d5v3afg4pk2","CreateTimestamp":"2018-03-08T19:39:30.009Z","HsmType":"hsm1.medium","Hsms":[{"AvailabilityZone":"us-east-1b","ClusterId":"cluster-d5v3afg4pk2","EniId":"eni-9343f242","EniIp":"172.30.1.120","HsmId":"hsm-fs4hvzzrnjx","State":"ACTIVE","StateMessage":"HSM created.","SubnetId":"subnet-8842a6d1"}],"PreCoPassword":null,"SecurityGroup":"sg-5a43e82c","SourceBackupId":null,"State":"ACTIVE","StateMessage":null,"SubnetMapping":{"us-east-1a":"subnet-8e7983f9","us-east-1b":"subnet-8842a6d1","us-east-1d":"subnet-6d565145"},"TagList":[],"VpcId":"vpc-4dc16428"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/virtual/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create virtual key, which will be linked to a real key (in Luna HSM). \nLuna key should have following attributes: \n- CKA_EXTRACTABLE = FALSE\n- CKA_SENSITIVE = TRUE\n- CKA_ENCRYPT = TRUE\n- CKA_DECRYPT = TRUE\n- CKA_WRAP = TRUE\n- CKA_UNWRAP = TRUE\n","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"virtual key parameters","schema":{"type":"object","title":"Create virtual key","required":["source_key_id"],"properties":{"source_key_id":{"type":"string","format":"UUIDv4","description":"The unique id of the source key (Luna HSM key) for the first version of the virtual key."}},"example":{"source_key_id":"fe60eab9-bf80-4d9d-b622-309106d65fff"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"b2b01847-3f4b-43c3-afd3-c6ca381b5a45","uri":"kylo:kylo:cckm:virtual-keys:b2b01847-3f4b-43c3-afd3-c6ca381b5a45","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-12-15T06:20:15.699004Z","updatedAt":"2020-12-15T06:25:57.338588051Z","partition_id":"ed5b1bbd-ce0b-48c1-ab69-a4592e5b2da2","partition_label":"cckm-1608012946","source_key_id":"fe60eab9-bf80-4d9d-b622-309106d65fff","version":0,"deletable":false}}}}},"get":{"summary":"List","description":"Returns a list of virtual keys. The results can be filtered using the query parameters.","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results based on virtual key ID."},{"name":"partition_id","in":"query","type":"string","description":"Filter the results based on partition_id."},{"name":"source_key_id","in":"query","type":"string","description":"Filter the results by source_key_id."},{"name":"partition_label","in":"query","type":"string","description":"Filter the results by partition_label."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"b2b01847-3f4b-43c3-afd3-c6ca381b5a45","uri":"kylo:kylo:cckm:virtual-keys:b2b01847-3f4b-43c3-afd3-c6ca381b5a45","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-12-15T06:20:15.699004Z","updatedAt":"2020-12-15T06:25:57.338588051Z","partition_id":"ed5b1bbd-ce0b-48c1-ab69-a4592e5b2da2","partition_label":"cckm-1608012946","source_key_id":"fe60eab9-bf80-4d9d-b622-309106d65fff","version":0,"deletable":false}]}}}}}},"/v1/cckm/virtual/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get virtual key","description":"Returns the details of a virtual key with the given `id`.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"b2b01847-3f4b-43c3-afd3-c6ca381b5a45","uri":"kylo:kylo:cckm:virtual-keys:b2b01847-3f4b-43c3-afd3-c6ca381b5a45","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-12-15T06:20:15.699004Z","updatedAt":"2020-12-15T06:25:57.338588051Z","partition_id":"ed5b1bbd-ce0b-48c1-ab69-a4592e5b2da2","partition_label":"cckm-1608012946","source_key_id":"fe60eab9-bf80-4d9d-b622-309106d65fff","version":0,"deletable":false}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update virtual key","description":"Update parameters of a virtual key with the given `id`.\n","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"Virtual key parameters","schema":{"type":"object","title":"Update parameters of a virtual key.","properties":{"deletable":{"type":"boolean","description":"Indicates if virtual key can be deleted. Default value is false when virtual key is created.\n"}},"example":{"deletable":true}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"b2b01847-3f4b-43c3-afd3-c6ca381b5a45","uri":"kylo:kylo:cckm:virtual-keys:b2b01847-3f4b-43c3-afd3-c6ca381b5a45","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-12-15T06:20:15.699004Z","updatedAt":"2020-12-15T06:25:57.338588051Z","partition_id":"ed5b1bbd-ce0b-48c1-ab69-a4592e5b2da2","partition_label":"cckm-1608012946","source_key_id":"fe60eab9-bf80-4d9d-b622-309106d65fff","version":0,"deletable":true}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete virtual key","description":"Deletes a virtual key with the given `id` from the CCKM.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"204":{"description":"No Content | Virtual key was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/virtual/keys/{id}/versions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns a list of version of virtual key. The results can be filtered using the query parameters.","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"partition_id","in":"query","type":"string","description":"Filter the results based on partition_id."},{"name":"source_key_id","in":"query","type":"string","description":"Filter the results by source_key_id."},{"name":"partition_label","in":"query","type":"string","description":"Filter the results by partition_label."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"b2b01847-3f4b-43c3-afd3-c6ca381b5a45","uri":"kylo:kylo:cckm:virtual-keys:b2b01847-3f4b-43c3-afd3-c6ca381b5a45","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-12-15T06:20:15.699004Z","updatedAt":"2020-12-15T06:25:57.338588051Z","partition_id":"ed5b1bbd-ce0b-48c1-ab69-a4592e5b2da2","partition_label":"cckm-1608012946","source_key_id":"fe60eab9-bf80-4d9d-b622-309106d65fff","version":0}]}}}}}},"/v1/cckm/aws/create-hyok-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create AWS HYOK Key","description":"Create an AWS HYOK key. Currently, only creation of HYOK keys for a locally-hosted key store is supported.\n\nHYOK Keys can be backed by Luna HSM as key source or by Ciphertrust Manager as key source. \nCryptographic operations would be performed using key from chosen key source. \n\nHYOK keys with Luna HSM as key source requires following input:\n\n - Source Key ID (virtual key ID created from Luna HSM Key (AES-256, refer POST `/v1/cckm/virtual/keys` API for details)).\n - Custom key store ID.\n\nHYOK keys with Ciphertrust Manager as key source requires following input:\n \n - Source Key ID (CipherTrust Manager key ID (AES-256 unexportable, undeletable key with usage mask containing - Encrypt, Decrypt, Wrap, Unwrap)).\n - Custom key store ID.\n","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"Create an AWS HYOK key.","schema":{"type":"object","title":"Create AWS HYOK Key.","properties":{"local_hosted_params":{"type":"object","description":"local hosted parameters. Applicable to AWS HYOK.","properties":{"custom_key_store_id":{"type":"string","description":"ID of the custom key store. Required for a custom key store that is locally hosted."},"source_key_id":{"type":"string","description":"It is required parameter for a locally-hosted custom key store. \nIf the source key tier is 'hsm-luna', then this is the ID of the virtual key that is linked to the Luna HSM key from the partition of specified custom_key_store_id. \n(refer POST `/v1/cckm/virtual/keys` API for details). \nIf the source key tier is 'local' then this is the ID of the CipherTrust Manager key (AES-256 unexportable, undeletable key with usage mask containing - Encrypt, Decrypt, Wrap, Unwrap).\n"},"blocked":{"type":"boolean","description":"Indicates whether the endpoint is blocked or not blocked. Default value is false (not blocked)."},"linked_state":{"type":"boolean","description":"Indicates whether xks key should be linked with AWS. Default value is false when HYOK key is created.\n"},"source_key_tier":{"type":"string","description":"Source key tier. Options are local and hsm-luna. Default is hsm-luna."}}},"policytemplate":{"type":"string","description":"ID of the policy template to apply. Policy template is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"key_users":{"type":"array","description":"IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_users_roles":{"type":"array","description":"IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins":{"type":"array","description":"IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins_roles":{"type":"array","description":"IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified, the default policy is used.","items":{"type":"string"}},"external_accounts":{"type":"array","description":"AWS accounts that can use this key. External accounts are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"aws_param":{"type":"object","description":"AWS key parameters.","properties":{"Tags":{"type":"array","items":{"type":"object","title":"Tags","properties":{"TagKey":{"description":"Key of the tag. A tag is a key-value pair.","type":"string"},"TagValue":{"description":"Value corresponding to the key of the tag.","type":"string"}}}},"Alias":{"type":"string","description":"Alias for the key."},"Description":{"type":"string","description":"Description of the key."},"Policy":{"type":"object","description":"Key policy to attach to the KMS key. Policy is mutually exclusive to all other policy parameters. If no policy parameters are specified, the default policy is used."}}}},"example":{"local_hosted_params":{"source_key_id":"64a86305-447d-47ed-908c-ed75e32d5e8b","custom_key_store_id":"0e7e591d-17df-436d-abab-b0136e23ba53","source_key_tier":"local","blocked":false,"linked_state":true},"aws_param":{"Description":"Sample linked key","Alias":"a45","Tags":[{"TagKey":"tag6","TagValue":"value6"}]},"key_admins":["thalesadmin"],"key_users":["thalesuser"],"key_admins_roles":["thaleskms"]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"2522fe50-0b9a-4d1b-8b89-149de01b22ee","uri":"kylo:kylo:cckm:aws-key:7db4f5bd-3799-4bf1-bb31-9a32ccfd501d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-04-28T11:01:04.937181836Z","updatedAt":"2022-04-28T11:01:05.95665111Z","kms_id":"ad8bd0a8-b091-4bf2-abc7-4c21d08c2d2a","kms":"aws__hyok_kms_container","synced_at":"2022-04-28T11:01:05.932186994Z","rotation_status":"","local_key_id":"64a86305-447d-47ed-908c-ed75e32d5e8b","local_key_name":"ZHHBPWMN3IL5EFTZN3SRDIKNJOXYFP5L","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"us-east-1","gone":false,"blocked":false,"linked_state":true,"key_material_origin":"HYOK-CCKM","key_source":"hsm-luna","key_source_container_name":"elabhsm2par24","key_source_container_id":"a3779150-3a70-4279-90c2-b051c789845a","custom_key_store_id":"0e7e591d-17df-436d-abab-b0136e23ba53","aws_param":{"AWSAccountId":"556782317223","Arn":"arn:aws:kms:us-east-1:556782317223:key/584d8352-d433-485a-8e76-0511f912a6f7","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Sample linked key","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"584d8352-d433-485a-8e76-0511f912a6f7","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"EXTERNAL_KEY_STORE","CreationDate":"2022-04-28T11:01:05.544Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::556782317223:root"},"Action":"kms:*","Resource":"*"},{"Sid":"Allow access for Key Administrators","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::556782317223:role/thaleskms","arn:aws:iam::556782317223:user/thalesadmin"]},"Action":["kms:Create*","kms:Describe*","kms:Enable*","kms:List*","kms:Put*","kms:Update*","kms:Revoke*","kms:Disable*","kms:Get*","kms:Delete*","kms:TagResource","kms:UntagResource","kms:ScheduleKeyDeletion","kms:CancelKeyDeletion"],"Resource":"*"},{"Sid":"Allow use of the key","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::556782317223:user/thalesuser"]},"Action":["kms:Encrypt","kms:Decrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:DescribeKey"],"Resource":"*"}]},"Alias":["alias/a45"],"Tags":[{"TagKey":"tag6","TagValue":"tag7"}],"KeyRotationEnabled":false,"XksKeyConfiguration":{"Id":"2522fe50-0b9a-4d1b-8b89-149de01b22ee","Status":"ENABLED","Usage":["ENCRYPT","DECRYPT"]},"CustomKeyStoreId":"cks-46589cbd99c4fd514"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/versions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns a list of the versions of an AWS HYOK key.","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"dfd88e59-b621-45d4-8f19-62d8ea6956e8","uri":"kylo:kylo:cckm:subscription:dfd88e59-b621-45d4-8f19-62d8ea6956e8","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T10:19:09.246956Z","updatedAt":"2020-09-15T10:19:09.245242Z","partition_id":"ed5b1bbd-ce0b-48c1-ab69-a4592e5b2da2","partition_label":"cckm-1608012946","source_key_id":"c0d7f123-6058-418c-bcb0-5e68701df111","source_key_tier":"luna-hsm","version":0,"parent_key_id":"1ab863dd-d431-4ba7-bbb0-a4c862dc0617"},{"id":"dfd88e59-b621-45d4-8f19-62d8ea6956e9","uri":"kylo:kylo:cckm:subscription:dfd88e59-b621-45d4-8f19-62d8ea6956e9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T10:19:09.246956Z","updatedAt":"2020-09-15T10:19:09.245242Z","partition_id":"ed5b1bbd-ce0b-48c1-ab69-a4592e5b2da2","partition_label":"cckm-1608012946","source_key_id":"c0d7f123-6058-418c-bcb0-5e68701df222","source_key_tier":"luna-hsm","version":1,"parent_key_id":"1ab863dd-d431-4ba7-bbb0-a4c862dc0617"}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/block":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Block AWS HYOK Key","description":"Block an AWS HYOK key.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","key_source":"hsm-luna","blocked":true,"linked_state":false,"custom_key_store_id":"eb4fc6ee-35f7-42c7-9116-37fdecb43941","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/unblock":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Unblock AWS HYOK Key","description":"Unblock an AWS HYOK key.","tags":["CCKM/AWS Custom Key Stores"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","local_hosted_params":{"blocked":false},"aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":false,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Disabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an AWS key. Specify the following details.\n- Region where the KMS key needs to be created\n- Parameters for the KMS key such as Alias, etc.\n- IAM users and roles that can use the KMS key in cryptographic operations.\n- IAM users and roles that can administer this key using the KMS API.\n- AWS accounts that can use this key.\n- Name or ID of the Key Management Service (KMS)\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Creates an AWS key.","schema":{"type":"object","title":"Creates an AWS key.","required":["region","kms"],"properties":{"kms":{"type":"string","description":"Name or ID of the KMS to be used to create the key."},"region":{"type":"string","description":"Name of the available regions."},"policytemplate":{"type":"string","description":"ID of the policy template to apply. Policy template is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"key_users":{"type":"array","description":"IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_users_roles":{"type":"array","description":"IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins":{"type":"array","description":"IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins_roles":{"type":"array","description":"IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"external_accounts":{"type":"array","description":"AWS accounts that can use this key. External accounts are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"aws_param":{"type":"object","description":"AWS key parameters.","properties":{"Description":{"type":"string","description":"Description of the key."},"Alias":{"type":"string","description":"Alias for the KMS key."},"KeyUsage":{"type":"string","description":"Intended use of the KMS key.","enum":["ENCRYPT_DECRYPT","SIGN_VERIFY","GENERATE_VERIFY_MAC"]},"CustomerMasterKeySpec":{"type":"string","description":"Whether the KMS key contains a symmetric key or an asymmetric key pair.","enum":["SYMMETRIC_DEFAULT (Default)","RSA_2048 (Asymmetric)","RSA_3072 (Asymmetric)","RSA_4096 (Asymmetric)","ECC_NIST_P256 (secp256r1) (Asymmetric)","ECC_NIST_P384 (secp384r1) (Asymmetric)","ECC_NIST_P521 (secp521r1) (Asymmetric)","ECC_SECG_P256K1 (secp256k1) (Asymmetric)","HMAC_224","HMAC_256","HMAC_384","HMAC_512"]},"Tags":{"type":"array","items":{"type":"object","title":"Tags","properties":{"TagKey":{"description":"key for the tag.","type":"string"},"TagValue":{"description":"value corresponding to key of the tag.","type":"string"}}}},"Origin":{"type":"string","description":"Source of the KMS key's key material. The origin cannot be changed after the KMS key is created.","enum":["AWS_KMS","EXTERNAL"]},"Policy":{"type":"object","description":"Key policy to attach to the KMS key. Policy is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"BypassPolicyLockoutSafetyCheck":{"type":"boolean","description":"Whether to bypass the key policy lockout safety check."},"MultiRegion":{"type":"boolean","description":"Create a multi region primary key."}}}},"example":{"kms":"","region":"","aws_param":{"Alias":"","Tags":[{"TagKey":"key","TagValue":"value"}]}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List","description":"Returns the list of AWS keys. The results can be filtered using the query parameters.\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of the AWS key."},{"name":"keyid","in":"query","type":"string","description":"Filter the results by AWS key id."},{"name":"arn","in":"query","type":"string","description":"Filter the results by AWS key arn."},{"name":"alias","in":"query","type":"string","description":"Filter the results by AWS key alias."},{"name":"kms","in":"query","type":"string","description":"Filter the results by Kms name.","collectionFormat":"multi"},{"name":"kms_id","in":"query","type":"string","description":"Filter the results by Kms id.","collectionFormat":"multi"},{"name":"region","in":"query","type":"string","description":"Filter the results by region.","collectionFormat":"multi"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud name.","collectionFormat":"multi"},{"name":"origin","in":"query","type":"string","description":"Filter the results by AWS key origin.","collectionFormat":"multi"},{"name":"job_config_id","in":"query","type":"string","description":"Filter the results by id of the scheduler configuration job."},{"name":"cckm_policy_template_id","in":"query","type":"string","description":"Filter the results by cckm_policy_template_id."},{"name":"enabled","in":"query","type":"boolean","description":"Filter the results by enabled key."},{"name":"gone","in":"query","type":"boolean","description":"Filter the results by gone."},{"name":"tags","in":"query","type":"string","description":"A valid JSON value. Keys whose 'tags' attribute contains the JSON value will be returned.\nExamples of JSON containment:\n\n- Values contain themselves: `[{\"TagKey\": \"Name\", \"TagValue\": \"TestTag\"}]` contains `[{\"TagKey\": \"Name\", \"TagValue\": \"TestTag\"}]`\n- Values contain subsets: `[{\"TagKey\": \"Name\", \"TagValue\": \"test\"},{\"TagKey\": \"cloud\", \"TagValue\": \"aws\"}]` contains `{\"Name\":\"test\"}` and `{\"cloud\":\"aws\"}`, but not `{\"cloud\":\"azure\"}`\n- Values contains only TagKey: [{\"TagKey\": \"Name\"}]`\n"},{"name":"keystate","in":"query","type":"string","description":"Filter the results by AWS key key_state.","collectionFormat":"multi"},{"name":"keyusage","in":"query","type":"string","description":"Filter the results by AWS key usage.","collectionFormat":"multi"},{"name":"rotation_job_enabled","in":"query","type":"boolean","description":"Filter the results if rotation job is enabled or disabled."},{"name":"CustomerMasterKeySpec","in":"query","type":"string","description":"Filter the results by CustomerMasterKeySpec","collectionFormat":"multi"},{"name":"key_material_origin","in":"query","type":"string","description":"Filter the results by key_material_origin.","collectionFormat":"multi"},{"name":"key_source","in":"query","type":"string","description":"Filter the results by key_source.","collectionFormat":"multi"},{"name":"multi_region","in":"query","type":"boolean","description":"Filter the results by multi_region.","collectionFormat":"multi"},{"name":"multi_region_key_type","in":"query","type":"string","description":"Filter the results by multi_region_key_type.","collectionFormat":"multi"},{"name":"blocked","in":"query","type":"boolean","description":"Filter the results by key block state. Only applies if key is AWS HYOK key."},{"name":"custom_key_store_id","in":"query","type":"string","description":"Filter the results by custom key store id. Only applies if key is AWS HYOK key.","collectionFormat":"multi"},{"name":"custom_key_store_name","in":"query","type":"string","description":"Filter the results by custom key store name. Only applies if key is AWS HYOK key.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":1,"total":15,"resources":[{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/link":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Link an unlinked AWS HYOK Key","description":"Link an unlinked AWS HYOK key (in a local custom key store).","tags":["CCKM/AWS Custom Key Stores"],"parameters":[{"name":"body","in":"body","description":"Links an unlinked AWS HYOK key (in a local custom key store).","schema":{"type":"object","title":"Links an unlinked AWS HYOK key (in a local custom key store).","properties":{"policytemplate":{"type":"string","description":"ID of the policy template to apply. Policy template is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"key_users":{"type":"array","description":"IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_users_roles":{"type":"array","description":"IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins":{"type":"array","description":"IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins_roles":{"type":"array","description":"IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"external_accounts":{"type":"array","description":"AWS accounts that can use this key. External accounts are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"aws_param":{"type":"object","description":"AWS key parameters.","properties":{"Description":{"type":"string","description":"Description of the key."},"Alias":{"type":"string","description":"Alias for the KMS key."},"Tags":{"type":"array","items":{"type":"object","title":"Tags","properties":{"TagKey":{"description":"Key for the tag.","type":"string"},"TagValue":{"description":"Value corresponding to key of the tag.","type":"string"}}}},"Policy":{"type":"object","description":"Key policy to attach to the KMS key. Policy is mutually exclusive to all other policy parameters. If no policy parameters are specified, the default policy is used."},"BypassPolicyLockoutSafetyCheck":{"type":"boolean","description":"Indicates whether to bypass the safety check for the key policy lockout."}}}},"example":{"aws_param":{"Alias":"alias/projectKey1","Tags":[{"TagKey":"key","TagValue":"value"}],"Policy":{"Version":"2022-04-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"BypassPolicyLockoutSafetyCheck":false}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","key_source":"hsm-luna","blocked":true,"linked_state":true,"custom_key_store_id":"eb4fc6ee-35f7-42c7-9116-37fdecb43941","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an AWS key with the given `id`.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes an AWS key from the CCKM.","tags":["CCKM/AWSKeys"],"responses":{"204":{"description":"No Content | AWS key was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/download-public-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Download a public key for an asymmetric key.","description":"Download a public key in PEM format, for an asymmetric key.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK"},"400":{"description":"Bad Request."},"404":{"description":"Resource not found."},"500":{"description":"Internal Server Error"}}}},"/v1/cckm/azure/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Azure key. Specify the following details.\n- Name for the key.\n- Name or ID of the key vault where the key will be created.\n- Type of the key.\n- Size of the key (optional).\n- Attributes for the key like `exp`, `enabled`, and `nbf` (optional).\n- Allowed key operations (optional).\n- For Creating Key Encryption Key for azure BYOK, Ensure setting mandatory parameters such as: Kty as \"RSA-HSM\" and key_ops with only \"import\" operation enabled.\n","tags":["CCKM/AzureKeys"],"parameters":[{"name":"body","in":"body","description":"Creates an Azure key.","schema":{"type":"object","title":"Creates an Azure key.","required":["key_name","key_vault","azure_param"],"properties":{"key_name":{"type":"string","description":"Name for the key on Azure. Key names can only contain alphanumeric characters and dashes."},"key_vault":{"type":"string","description":"Id or name of the key vault where the key will be created on Azure."},"azure_param":{"type":"object","description":"Azure key parameters.","required":["kty"],"properties":{"crv":{"type":"string","description":"Elliptical curve name for the key.","enum":["P-256","P-384","P-521","SECP256K1"]},"key_ops":{"type":"array","items":{"type":"string"},"description":"Allowed key operations on Azure.","enum":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey","import - Applicable only on RSA-HSM Keys. Mandatory to be set for creating Key Encryption Key"]},"key_size":{"type":"integer","description":"Size for the RSA and RSA-HSM keys.","enum":[2048,3072,4096]},"kty":{"type":"string","description":"The type of key to create.","enum":["EC- \"Soft\" Elliptic Curve key.","EC-HSM- \"Hard\" Elliptic Curve key (only for premium key vaults).","RSA- \"Soft\" RSA key.","RSA-HSM- \"Hard\" RSA key (only for premium key vaults)."]},"tags":{"type":"object","description":"Application specific metadata in the form of key-value pair."},"attributes":{"type":"object","description":"Attributes for the key like `exp`, `enabled`, and `nbf` (optional).","enum":["nbf - Activation date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","exp - Expiration date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","enabled - Whether key is enabled or disabled (true/false)."]}}},"exportable":{"type":"boolean","description":"Allow private key to be exported from Azure. Vault must be a premium vault or managed-hsm vault."},"release_policy":{"type":"object","description":"Key release policy. Must be set if exportable is true."}},"example":{"key_name":"","key_vault":"","azure_param":{"kty":"RSA","attributes":{"nbf":1662702740,"exp":1662702740}}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.060940051Z","updatedAt":"2020-09-15T11:10:10.058028121Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:10:10.049846151Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":false,"status":"AVAILABLE","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true,"created":1600168208,"updated":1600168208}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","key_material_origin":"native","gone":false}},"404":{"description":"Resource not found."}}},"get":{"summary":"List","description":"Returns a list of Azure keys. The results can be filtered using the query parameters.\n","tags":["CCKM/AzureKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of Azure key."},{"name":"key_vault","in":"query","type":"string","description":"Filter the results by key vault name.","collectionFormat":"multi"},{"name":"key_vault_id","in":"query","type":"string","description":"Filter the results by vault id.","collectionFormat":"multi"},{"name":"key_name","in":"query","type":"string","collectionFormat":"multi","description":"Filter the results by Azure key name."},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud name.","collectionFormat":"multi"},{"name":"region","in":"query","type":"string","description":"Filter the results by region.","collectionFormat":"multi"},{"name":"crv","in":"query","type":"string","description":"Filter the results by EC curve.","collectionFormat":"multi"},{"name":"status","in":"query","type":"string","description":"Filter the results by status.","collectionFormat":"multi"},{"name":"backup","in":"query","type":"string","description":"Filter the results by backup."},{"name":"enabled","in":"query","type":"boolean","description":"Filter the results by enabled attribute."},{"name":"key_size","in":"query","type":"integer","description":"Filter the results by key size."},{"name":"job_config_id","in":"query","type":"string","description":"Filter the results by id of the scheduler configuration job."},{"name":"deleted_in_azure","in":"query","type":"boolean","description":"Filter the keys which are available in Azure."},{"name":"algorithm","in":"query","type":"string","description":"Filter the keys by algorithm type.","collectionFormat":"multi"},{"name":"kid","in":"query","type":"string","description":"Filter the results by Azure key id."},{"name":"gone","in":"query","type":"boolean","description":"Filter the results by gone."},{"name":"version","in":"query","type":"string","description":"Filters the results by matching version. If version is specified as -1, only latest version of the\nkeys is returned.\n"},{"name":"rotation_job_enabled","in":"query","type":"boolean","description":"Filter the results if rotation job is enabled or disabled."},{"name":"tags","in":"query","type":"string","description":"A valid JSON value. Keys whose 'tags' attribute contains the JSON value will be returned.\nExamples of JSON containment:\n\n- Values contain themselves: `[{\"TagKey\": \"Name\", \"TagValue\": \"TestTag\"}]` contains `[{\"TagKey\": \"Name\", \"TagValue\": \"TestTag\"}]`\n- Values contain subsets: `[{\"TagKey\": \"Name\", \"TagValue\": \"test\"},{\"TagKey\": \"cloud\", \"TagValue\": \"aws\"}]` contains `{\"Name\":\"test\"}` and `{\"cloud\":\"aws\"}`, but not `{\"cloud\":\"azure\"}`\n- Values contains only TagKey: [{\"TagKey\": \"Name\"}]`\n"},{"name":"key_material_origin","in":"query","type":"string","description":"Filter the results by key_material_origin.","collectionFormat":"multi"},{"name":"managed","in":"query","type":"boolean","description":"Filter the results based on key managed by AzureVaults."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.060940051Z","updatedAt":"2020-09-15T11:10:10.058028121Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:10:10.049846151Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":false,"status":"AVAILABLE","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true,"created":1600168208,"updated":1600168208}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","key_material_origin":"native","gone":false}]}}}}},"/v1/cckm/azure/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an Azure key with the given `id`.","tags":["CCKM/AzureKeys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.060940051Z","updatedAt":"2020-09-15T11:10:10.058028121Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:10:10.049846151Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":false,"status":"AVAILABLE","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true,"created":1600168208,"updated":1600168208}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","key_material_origin":"native","gone":false}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"patch":{"summary":"Update","description":"Updates the key attributes like key expiration time, tags and key operations (encrypt, decrypt, and sign etc.)","tags":["CCKM/AzureKeys"],"parameters":[{"name":"body","in":"body","description":"Updates an Azure key.","schema":{"type":"object","title":"Updates an Azure key.","properties":{"attributes":{"type":"object","description":"Key attributes to be updated.","enum":["nbf - Activation date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","exp - Expiration date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","enabled - Whether key is enabled or disabled (true/false)"]},"tags":{"type":"object","description":"Application specific metadata in the form of key-value pair."},"key_ops":{"type":"array","description":"Key operations to be updated.","enum":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"items":{"type":"string"}}}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.060940051Z","updatedAt":"2020-09-15T11:10:10.058028121Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:10:10.049846151Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":false,"status":"AVAILABLE","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true,"created":1600168208,"updated":1600168208}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","key_material_origin":"native","gone":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/keys/{id}/download-public-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Download a public key for an asymmetric key.","description":"Download a public key in PEM format, for an asymmetric key.","tags":["CCKM/AzureKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"}},"400":{"description":"Bad Request."},"404":{"description":"Resource not found."},"500":{"description":"Internal Server Error"}}}},"/v1/cckm/azure/keys/{id}/soft-delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Soft Delete","description":"Soft deletes an Azure key from the vault.","tags":["CCKM/AzureKeys"],"responses":{"200":{"description":"Azure key soft-deleted from the vault.","examples":{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.06094Z","updatedAt":"2020-09-15T11:10:30.665326Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:10:10.049846Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":true,"status":"SOFT-DELETED","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","key_material_origin":"native","gone":false,"version_count":1}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/keys/{id}/recover":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Recover","description":"Recovers a soft-deleted Azure key.","tags":["CCKM/AzureKeys"],"responses":{"200":{"description":"Deleted Azure key recovered successfully.","examples":{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.06094Z","updatedAt":"2020-09-15T11:10:30.665326Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:10:10.049846Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":false,"status":"AVAILABLE","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true,"created":1600168208,"updated":1600168208}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","key_material_origin":"native","gone":false,"version_count":1}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/keys/{id}/hard-delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Purge","description":"Permanently deletes the Azure key.","tags":["CCKM/AzureKeys"],"responses":{"200":{"description":"Deleted Azure key purged from the vault.","examples":{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.06094Z","updatedAt":"2020-09-15T11:13:46.028273Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":true,"backup_at":"2020-09-15T11:10:10.049846Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":true,"status":"DELETED","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","key_material_origin":"native","gone":false,"version_count":1}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/keys/{id}/restore":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Restore","description":"Restores a backed up key to a vault.\n","tags":["CCKM/AzureKeys"],"parameters":[{"name":"body","in":"body","description":"Restores a backed up key to a vault.","schema":{"type":"object","title":"Restore Key","properties":{"key_vault":{"type":"string","description":"Id or name of the vault where the key will be restored. By default, the key will be restored to the vault from where it was deleted."}}}}],"responses":{"200":{"description":"OK","examples":{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.06094Z","updatedAt":"2020-09-15T11:14:37.315345278Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:10:10.049846Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":false,"status":"AVAILABLE","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true,"created":1600168208,"updated":1600168208}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","key_material_origin":"native","gone":false}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/keys/{id}/delete-backup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Delete Backup","description":"Deletes an Azure key and its versions from the CCKM.","tags":["CCKM/AzureKeys"],"responses":{"200":{"description":"No Content | Azure key was deleted successfully."},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/keys/{id}/enable-rotation-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable key for rotation job.","description":"Enable key for rotation job.\n","tags":["CCKM/AzureKeys"],"parameters":[{"name":"body","in":"body","description":"Sets automatic key rotation for the key.","schema":{"type":"object","title":"Set auto rotation on key","required":["job_config_id","auto_rotate_key_source","auto_rotate_key_type"],"properties":{"job_config_id":{"type":"string","description":"ID of the scheduler job that will perform key rotation."},"auto_rotate_key_source":{"type":"string","description":"Source of the key material. Options are native, hsm-luna, dsm and ciphertrust."},"auto_rotate_partition_id":{"type":"string","description":"ID of the partition in which HSM key will be created."},"auto_rotate_domain_id":{"type":"string","description":"ID of the domain in which DSM key will be created."},"auto_rotate_key_type":{"type":"string","description":"Algorithm for the key.","enum":["EC- \"Soft\" Elliptic Curve key.","EC-HSM- \"Hard\" Elliptic Curve key (only for premium key vaults).","RSA- \"Soft\" RSA key.","RSA-HSM- \"Hard\" RSA key (only for premium key vaults)."]},"auto_rotate_key_size":{"type":"integer","description":"Size of the new rotated key. Required only when key_type=RSA.","enum":[2048,3072,4096]},"auto_rotate_ec_name":{"type":"string","description":"Name of the Elliptical curve key. Required only when key_type=EC.","enum":["P-256","P-384","P-521","SECP256K1"]},"auto_rotate_enable_key":{"type":"boolean","description":"Whether to enable the newly rotated key."},"auto_rotate_release_policy":{"type":"object","description":"Optional, new key release policy for exportable keys."}},"example":{"job_config_id":"f0358220-86db-4a0a-a2cf-171a51618f57","auto_rotate_key_source":"native","auto_rotate_key_type":"RSA","auto_rotate_key_size":2048,"auto_rotate_enable_key":true,"auto_rotate_partition_id":"8658e434-1be1-4da6-9c6b-171a51618f57","auto_rotate_domain_id":"ef767cf9-61dd-4765-a4df-ebd65493c728"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.06094Z","updatedAt":"2020-09-15T11:14:37.324819Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:10:10.049846Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":false,"status":"AVAILABLE","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","labels":{"auto_rotate_enable_key":true,"auto_rotate_key_size":2048,"auto_rotate_key_source":"native","auto_rotate_key_type":"RSA","job_config_id":"7a771488-5d90-421a-a1d5-9f62bf38420a"},"key_material_origin":"native","gone":false,"version_count":1}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/keys/{id}/disable-rotation-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable key for rotation job.","description":"Disable key for rotation job.","tags":["CCKM/AzureKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","uri":"kylo:kylo:cckm:azure-key:8658e434-1be1-4da6-9c6b-d4ec4f0e91f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:10:10.06094Z","updatedAt":"2020-09-15T11:14:37.324819Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:10:10.049846Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":false,"status":"AVAILABLE","syncedAt":"2020-09-15T11:10:08Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"ccda2f06b4e946f6be5c7207d9ced115","key_size":2048,"backup":"301072592b2946c983bc8d80edc8439fc826f0fc979642309ba407572e5ee0c4","key_name":"test-key","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/test-key/ccda2f06b4e946f6be5c7207d9ced115","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"_gyC1SIMXWtxqRPXeeibK-0Lh9nH7vVaFdS24og2-xefC8gwiH-tSdd3tzzrI5zOllpKGpzOis3kV6I312uVMnILJ1PLyjTRLtcfmFGKCELOEzdhEYX7JqcSj0zi9nEIvuJs2dv9kTKRzPywzcpwM9LvSz0XarhmsfaNBjxlJumVH0gG4ZtPXfLogPjfwv9n6gHt7wC2O0DuWUcWgVL2cvbtZsqeFQ0B6a7kipjWEqNHUQdX1o79XW-EliiHlUMYXdKKWRmwzRPUYdUssfEwIiqPNLph-VQWdDpJSxtxATBpJKy-LASodX6mHpbsoTP0Ampp5f_QMZVhn1yQywPsbw","e":"AQAB"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true}},"azure_created_at":"2020-09-15T11:10:08Z","azure_updated_at":"2020-09-15T11:10:08Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","key_material_origin":"native","gone":false,"version_count":1}}}}}},"/v1/cckm/azure/upload-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Uploads the CipherTrust Manager key to Azure. Specify the following details.\n- Name for the key on Azure.\n- Identifier of the CipherTrust Manager key to upload. Key name or ID can be specified. This parameter is mandatory if the source key tier is local (The key must be a 2048,3092,4096 bits RSA key).\n- Name or ID of the key vault where the key will be uploaded.\n- Azure parameters like key_ops, hsm and attributes.\n- Source key tier. (optional).\n- PFX key. Specify a Base64 encoded key. (optional).\n- PFX password. Specify only if the PFX certificate is provided.(optional).\n- Identifier of luna hsm key to uplaod. (optional).\n- Identifier of dsm key to uplaod. (optional).\n","tags":["CCKM/AzureKeys"],"parameters":[{"name":"body","in":"body","description":"Uploads the CipherTrust Manager key to Azure.","schema":{"type":"object","title":"Uploads the CipherTrust Manager key to Azure.","required":["key_name","key_vault"],"properties":{"key_name":{"type":"string","description":"Name for the key on Azure. Key names can only contain alphanumreic characters and dashes."},"local_key_identifier":{"type":"string","description":"Identifier of the CipherTrust Manager key to upload. Key name or ID can be specified. It is a required parameter if source key tier is local."},"key_vault":{"type":"string","description":"Id or name of the Azure key vault where the key will be uploaded."},"azure_param":{"type":"object","description":"Azure key parameters.","properties":{"hsm":{"type":"boolean","description":"Whether the key can be created in the Azure HSM."},"key_ops":{"type":"array","items":{"type":"string"},"description":"Allowed key operations on Azure.","enum":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"]},"tags":{"type":"object","description":"Application specific metadata in the form of key-value pairs."},"attributes":{"type":"object","description":"Attributes for the key.","enum":["nbf - Activation date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","exp - Expiration date for the key in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","enabled - Whether key is enabled or disabled (true/false)"]}}},"source_key_tier":{"type":"string","description":"Source key tier. Options are local, pfx, dsm, and hsm-luna. Default is local."},"pfx":{"type":"string","description":"PFX key. Specify a Base64 encoded key."},"password":{"type":"string","description":"PFX password. Specify only if the PFX certificate is provided."},"luna_key_identifier":{"type":"string","description":"Identifier of the luna hsm key. It is a required parameter if source key tier is hsm-luna."},"dsm_key_identifier":{"type":"string","description":"Identifier of the dsm key. It is a required parameter if source key tier is dsm."},"kek_kid":{"type":"string","description":"Identifier of azure key encryption key."},"exportable":{"type":"boolean","description":"Allow private key to be exported from Azure. Vault must be a premium vault or managed-hsm vault."},"release_policy":{"type":"object","description":"Key release policy. Must be set if exportable is true."}}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"f32ee702-f974-491d-ad9f-4bcf00451fc0","uri":"kylo:kylo:cckm:azure-key:f32ee702-f974-491d-ad9f-4bcf00451fc0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T11:19:24.45819877Z","updatedAt":"2020-09-15T11:19:24.455966237Z","key_vault":"azure-vaults::c0d7f123-6058-418c-bcb0-5e68701df869","key_vault_id":"1c8f6a5e-5755-4397-92eb-0f95e31bb66c","region":"northcentralus","deleted":false,"backup_at":"2020-09-15T11:19:24.447354426Z","soft_delete_enabled":true,"key_soft_deleted_in_azure":false,"status":"AVAILABLE","syncedAt":"2020-09-15T11:19:23Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"c752af3e84ce4654aaedbf4cead9f5a5","key_size":2048,"backup":"fa3da1b85f114bf68ec67d857eb7aadc367e3fa69bbe4de494c287e801f87316","key_name":"upload-key","local_key_id":"b9317a102f084befada4d739a6d451871121fba4592c4691bad4382c5565c660","local_key_name":"rsa","cloud_name":"AzureCloud","azure_param":{"key":{"kid":"https://azure-vaults.vault.azure.net/keys/upload-key/c752af3e84ce4654aaedbf4cead9f5a5","kty":"RSA","key_ops":["encrypt","decrypt","sign","verify","wrapKey","unwrapKey"],"n":"tn5IRo22Gs-5AhoqVOC_HdxDR6xEk3jdJ031M6fgvOMftng-KuChOr6pdWJ6zs8XOMpVAMC-KntL4YzMrYez-AeJiImLxPupZp-KT_Ab86DGNSRaE4u78PPzZQqU8ULXgd3aNw0oJUfKLTm0LZJWxWF3nscoRHyJUEpxExaQ61jgQE518yZgGSYodI1K9yiWk409BU96R8Nbpo5IdaFlFN6UarvFguD-XY4ylyyXD6njU20DsZ2MIAS8JcYG_DMVndKz0-xqDbPONf6N-wwpYZMLlMduY6dbt9ZjntxvTkV8DhLVLAlj_KebHXfesWps51OXooZciazR0AaSs1lUHw","e":"AAAAAAABAAE"},"attributes":{"recoveryLevel":"CustomizedRecoverable+Purgeable","enabled":true,"created":1600168763,"updated":1600168763}},"azure_created_at":"2020-09-15T11:19:23Z","azure_updated_at":"2020-09-15T11:19:23Z","tenant":"3428547a-39df-4802-9aa5-f7476b1f6641","meta":{"source_key_id":"rsa"},"key_material_origin":"cckm","rotated_at":"2020-09-15T11:19:24.447355731Z","gone":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronizes Azure keys.\n","tags":["CCKM/AzureKeys"],"parameters":[{"name":"body","in":"body","description":"Synchronize Azure keys of the given key vaults","schema":{"type":"object","title":"List of key vaults name and id.","properties":{"key_vaults":{"type":"array","items":{"type":"string"},"description":"Name or ID of key vaults from which Azure keys will be synchronized. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults."}},"example":{"key_vaults":[],"synchronize_all":false}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"AzureCloud","key_vaults":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false,"sync_item":"azure-key"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns a list of updated synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/AzureKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by synchronization overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"key_vaults","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results of synchronization by key vaults."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:49:49.658814Z","overall_status":"in progress","detailed_status":{"northcentralus/vault-1::742f9921-2d91-41fc-97fc-e98ad007f081":"in progress"},"cloud":"AzureCloud","key_vaults":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false,"sync_item":"azure-key"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a synchronization process with the given id.","tags":["CCKM/AzureKeys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:50:01.676264Z","overall_status":"in progress","detailed_status":{"northcentralus/vault-1::742f9921-2d91-41fc-97fc-e98ad007f081":"in progress"},"cloud":"AzureCloud","key_vaults":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false,"sync_item":"azure-key"}}}}}},"/v1/cckm/azure/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels the synchronization job\n","tags":["CCKM/AzureKeys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:50:08.968859976Z","overall_status":"in progress","detailed_status":{"northcentralus/vault-1::742f9921-2d91-41fc-97fc-e98ad007f081":"in progress"},"cloud":"AzureCloud","key_vaults":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":true,"sync_item":"azure-key"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/vaults":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Vaults","description":"Returns the list of Azure vaults. The results can be filtered using the query parameters.\n","tags":["CCKM/AzureVaults"],"parameters":[{"name":"name","in":"query","type":"string","description":"Filter the results by Azure key vault."},{"name":"location","in":"query","type":"string","description":"Filter the results by Azure key vault location.","collectionFormat":"multi"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud name. Possible values are \"AzureCloud\", \"AzureChinaCloud\", \"AzureUSGovernment\" and \"AzureStack\".","collectionFormat":"multi"},{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"subscription_id","in":"query","type":"string","description":"Filter the results by subscription id.","collectionFormat":"multi"},{"name":"job_config_id","in":"query","type":"string","description":"Filter the results by id of the scheduler configuration job."},{"name":"subscription_name","in":"query","type":"string","description":"Filter the results by subscription_name.","collectionFormat":"multi"},{"name":"type","in":"query","type":"string","description":"Set to 'managedhsm' to list managed HSM vaults only. Set to 'vault' to list non-managed HSM vaults only. Leave blank for all vaults.","enum":["managedHsm","vault"]},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/vaults/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an Azure vault with the given id.","tags":["CCKM/AzureVaults"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"5003b5de-aa57-49f3-a7d5-e9b9f23118f9","uri":"kylo:kylo:cckm:azure-vault:vault-name::bb03157e-7aff-421b-a01d-267f9613f462","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-17T10:04:17.248508Z","name":"vault-name::bb03157e-7aff-421b-a01d-267f9613f462","updatedAt":"2020-09-17T10:04:17.248508Z","azure_vault_id":"/subscriptions/bb03157e-7aff-421b-a01d-267f9613f462/resourceGroups/CCKM-resource/providers/Microsoft.KeyVault/vaults/vault-name","type":"Microsoft.KeyVault/vaults","location":"northcentralus","connection":"azure-connection","cloud_name":"AzureCloud","subscription_id":"bb03157e-7aff-421b-a01d-267f9613f462","azure_name":"vault-name","synced_at":"2020-09-28T07:22:41.410207Z","subscription_name":"Pay-As-You-Go","properties":{"tenantId":"2b0913e6-2c7b-45b8-8c56-c5e2e4ed27bf","sku":{"family":"A","name":"Standard"},"vaultUri":"https://vault-name.vault.azure.net/","enableSoftDelete":true}}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the connection in azure vault. This operation requires connection to have appropriate access permissions on the vault.\n","tags":["CCKM/AzureVaults"],"parameters":[{"name":"body","in":"body","description":"Updates an Azure vaults.","schema":{"type":"object","title":"Updates an Azure vaults.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the connection.."}}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"5003b5de-aa57-49f3-a7d5-e9b9f23118f9","uri":"kylo:kylo:cckm:azure-vault:vault-name::bb03157e-7aff-421b-a01d-267f9613f462","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-17T10:04:17.248508Z","name":"vault-name::bb03157e-7aff-421b-a01d-267f9613f462","updatedAt":"2020-09-17T10:04:17.248508Z","azure_vault_id":"/subscriptions/bb03157e-7aff-421b-a01d-267f9613f462/resourceGroups/CCKM-resource/providers/Microsoft.KeyVault/vaults/vault-name","type":"Microsoft.KeyVault/vaults","location":"northcentralus","connection":"azure-connection","cloud_name":"AzureCloud","subscription_id":"bb03157e-7aff-421b-a01d-267f9613f462","azure_name":"vault-name","synced_at":"2020-09-28T07:22:41.410207Z","subscription_name":"Pay-As-You-Go","properties":{"tenantId":"2b0913e6-2c7b-45b8-8c56-c5e2e4ed27bf","sku":{"family":"A","name":"Standard"},"vaultUri":"https://vault-name.vault.azure.net/","enableSoftDelete":true}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/vaults/{id}/enable-rotation-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable key rotation schedule for azure key vault.","description":"Enable key rotation schedule for azure key vault.\n","tags":["CCKM/AzureVaults"],"parameters":[{"name":"body","in":"body","description":"Sets automatic key rotation for the keys in vault.","schema":{"type":"object","title":"Set auto rotation on key","required":["job_config_id"],"properties":{"job_config_id":{"type":"string","description":"Id of the scheduler job that will perform key rotation."},"override_key_scheduler":{"type":"boolean","description":"Whether to use key scheduler or vault scheduler if both exist."}},"example":{"job_config_id":"f0358220-86db-4a0a-a2cf-171a51618f57","override_key_scheduler":true}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"46d87fd6-97c6-4db2-a440-99e14c0e1425","uri":"kylo:kylo:cckm:azure-vault:CCKM-Soft-Delete::aaaaa-bbbbbb-4d3c-cccc-887620498863","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-08-02T09:54:04.25135Z","name":"CCKM-Soft-Delete::aaaaa-bbbbbb-4d3c-cccc-887620498863","updatedAt":"2022-08-02T11:28:35.521719775Z","azure_vault_id":"/subscriptions/aaaaa-bbbbbb-4d3c-cccc-887620498863/resourceGroups/CCKM-resource/providers/Microsoft.KeyVault/vaults/CCKM-Soft-Delete","type":"Microsoft.KeyVault/vaults","location":"northcentralus","connection":"azure-conn","cloud_name":"AzureCloud","subscription_id":"aaaaa-bbbbbb-4d3c-cccc-887620498863","azure_name":"CCKM-Soft-Delete","synced_at":"2022-08-02T09:57:38.092434Z","subscription_name":"Pay-As-You-Go - KYLO Development 1","labels":{"job_config_id":"c5f5da8f-ffe8-4b37-9c1d-07186f4ed95e","override_key_scheduler":true},"properties":{"tenantId":"tenant-bbbbbb-4d3c-cccc-gfghfhfd-5252","sku":{"family":"A","name":"standard"},"vaultUri":"https://cckm-soft-delete.vault.azure.net/","enableSoftDelete":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/vaults/{id}/disable-rotation-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable key rotation schedule for azure key vault.","description":"Disable key rotation schedule for azure key vault.","tags":["CCKM/AzureVaults"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"46d87fd6-97c6-4db2-a440-99e14c0e1425","uri":"kylo:kylo:cckm:azure-vault:CCKM-Soft-Delete::aaaaa-bbbbbb-4d3c-cccc-887620498863","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-08-02T09:54:04.25135Z","name":"CCKM-Soft-Delete::aaaaa-bbbbbb-4d3c-cccc-887620498863","updatedAt":"2022-08-02T11:59:58.860239795Z","azure_vault_id":"/subscriptions/aaaaa-bbbbbb-4d3c-cccc-887620498863/resourceGroups/CCKM-resource/providers/Microsoft.KeyVault/vaults/CCKM-Soft-Delete","type":"Microsoft.KeyVault/vaults","location":"northcentralus","connection":"azure-conn","cloud_name":"AzureCloud","subscription_id":"aaaaa-bbbbbb-4d3c-cccc-887620498863","azure_name":"CCKM-Soft-Delete","synced_at":"2022-08-02T09:57:38.092434Z","subscription_name":"Pay-As-You-Go - KYLO Development 1","properties":{"tenantId":"tenant-bbbbbb-4d3c-cccc-gfghfhfd-5252","sku":{"family":"A","name":"standard"},"vaultUri":"https://cckm-soft-delete.vault.azure.net/","enableSoftDelete":true}}}}}}},"/v1/cckm/azure/subscriptions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Subscriptions","description":"Returns the list of Azure subscriptions.\n","tags":["CCKM/AzureSubscriptions"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"displayName","in":"query","type":"string","description":"Filter the results by displayName."},{"name":"subscriptionId","in":"query","type":"string","description":"Filter the results by subscriptionId."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"dfd88e59-b621-45d4-8f19-62d8ea6956e8","uri":"kylo:kylo:cckm:subscription:dfd88e59-b621-45d4-8f19-62d8ea6956e8","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-15T10:19:09.246956Z","updatedAt":"2020-09-15T10:19:09.245242Z","subscriptionId":"c0d7f123-6058-418c-bcb0-5e68701df869","subscriptionUri":"/subscriptions/c0d7f123-6058-418c-bcb0-5e68701df869","displayName":"Pay-As-You-Go","state":"Enabled","subscriptionPolicies":{"quotaId":"PayAsYouGo_2014-09-01","spendingLimit":"Off","locationPlacementId":"Public_2014-09-01"},"authorizationSource":"RoleBased"}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/get-subscriptions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Fetch subscriptions from Azure","description":"Fetches Azure subscriptions based on the connection.\n","tags":["CCKM/AzureSubscriptions"],"parameters":[{"name":"body","in":"body","description":"Fetches Azure subscriptions based on the connection","schema":{"type":"object","title":"Fetching subscriptions.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name of the connection based on which subscriptions are to be fetched."}},"example":{"connection":"azure-connection"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":[{"id":"/subscriptions/c0d7f123-6058-418c-bcb0-5e68701df869","subscriptionId":"c0d7f123-6058-418c-bcb0-5e68701df869","displayName":"Pay-As-You-Go","state":"Enabled","subscriptionPolicies":{"locationPlacementId":"Public_2014-09-01","quotaId":"PayAsYouGo_2014-09-01","spendingLimit":"Off"},"authorizationSource":"RoleBased"}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/subscriptions/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an Azure subscription with the given id.","tags":["CCKM/AzureSubscriptions"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"ec1abf08-cdbe-4e93-a793-92dbbf6835af","uri":"kylo:kylo:cckm:subscription:ec1abf08-cdbe-4e93-a793-92dbbf6835af","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-10T13:15:11.003732Z","updatedAt":"2020-09-10T13:15:10.997671Z","subscriptionId":"c0d7f123-6058-418c-bcb0-5e68701df869","subscriptionUri":"/subscriptions/c0d7f123-6058-418c-bcb0-5e68701df869","displayName":"Pay-As-You-Go","state":"Enabled","subscriptionPolicies":{"quotaId":"PayAsYouGo_2014-09-01","spendingLimit":"Off","locationPlacementId":"Public_2014-09-01"},"authorizationSource":"RoleBased"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/cloud-units":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Consumed cloud count","description":"Returns the total number of cloud counts used.\n","tags":["CCKM/Cloud"],"responses":{"200":{"description":"OK","examples":{"application/json":{"count":1}}}}}},"/v1/cckm/aws/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronizes AWS keys.\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Synchronizes AWS keys.","schema":{"type":"object","title":"Name or ID of KMS resource from which the AWS keys will be synchronized.","properties":{"kms":{"type":"array","items":{"type":"string"},"description":"Name or ID of KMS resource from which the AWS keys will be synchronized. synchronize_all and kms, regions are mutually exclusive. Specify either synchronize_all or kms and regions."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all kms and regions. synchronize_all and kms, regions are mutually exclusive. Specify either synchronize_all or kms and regions."},"regions":{"type":"array","items":{"type":"string"},"description":"Regions from which the AWS keys will be synchronized. If not specified, keys from all regions are synchronized. synchronize_all and kms, regions are mutually exclusive. Specify either synchronize_all or kms and regions."}}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"84980655-f1df-40e1-a2ec-736ac77a7889","uri":"kylo:kylo:cckm:synchronize:84980655-f1df-40e1-a2ec-736ac77a7889","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:40:04.915495495Z","updatedAt":"2020-08-06T09:40:04.918785299Z","overall_status":"in progress","cloud":"aws","kms":["de0b5a77-918a-453e-8675-604133a8984e"],"abort":false}}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns the list of updated synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by synchronization overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"kms","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results of synchronization by kms."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"84980655-f1df-40e1-a2ec-736ac77a7889","uri":"kylo:kylo:cckm:synchronize:84980655-f1df-40e1-a2ec-736ac77a7889","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:40:04.915495Z","updatedAt":"2020-08-06T09:40:33.308945Z","overall_status":"in progress","detailed_status":{"123456789012/ap-south-1":"region synchronized successfully","123456789012/eu-north-1":"region synchronized successfully","123456789012/eu-west-2":"region synchronized successfully","123456789012/eu-west-3":"region synchronized successfully"},"cloud":"aws","kms":["de0b5a77-918a-453e-8675-604133a8984e"],"abort":false}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a synchronize process with the given ID.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"84980655-f1df-40e1-a2ec-736ac77a7889","uri":"kylo:kylo:cckm:synchronize:84980655-f1df-40e1-a2ec-736ac77a7889","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:40:04.915495Z","updatedAt":"2020-08-06T09:43:31.731954Z","overall_status":"in progress","detailed_status":{"123456789012/ap-northeast-1":"region synchronized successfully","123456789012/ap-northeast-2":"region synchronized successfully","123456789012/ap-south-1":"region synchronized successfully","123456789012/ap-southeast-1":"region synchronized successfully","123456789012/ap-southeast-2":"region synchronized successfully","123456789012/ca-central-1":"region synchronized successfully","123456789012/eu-west-2":"region synchronized successfully","123456789012/eu-west-3":"region synchronized successfully","123456789012/sa-east-1":"region synchronized successfully","123456789012/us-east-1":"in progress"},"cloud":"aws","kms":["de0b5a77-918a-453e-8675-604133a8984e"],"abort":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels a synchronization job.\n","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"e8f2e77d-95e8-46f6-891f-37469da3bf57","uri":"kylo:kylo:cckm:synchronize:e8f2e77d-95e8-46f6-891f-37469da3bf57","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:46:06.534541Z","updatedAt":"2020-08-06T09:46:25.768957301Z","overall_status":"in progress","detailed_status":{"123456789012/eu-north-1":"in progress"},"cloud":"aws","kms":["de0b5a77-918a-453e-8675-604133a8984e"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/enable-rotation-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable key for rotation job","description":"Enable key for rotation job.\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Sets auto rotation of the AWS key.","schema":{"type":"object","title":"Set auto rotation on key","required":["job_config_id"],"properties":{"job_config_id":{"type":"string","description":"ID of the scheduler configuration job that will schedule the key rotation."},"auto_rotate_disable_encrypt":{"type":"boolean","description":"Disable encryption on the old key."},"auto_rotate_domain_id":{"type":"string","description":"ID of the domain in which the DSM key will be created."},"auto_rotate_partition_id":{"type":"string","description":"ID of the partition in which hsm-luna key will be created."},"auto_rotate_key_source":{"type":"string","description":"Key source from where the key will be uploaded.\n - local for CipherTrust Manager. This is the default value.\n - dsm for Data Security Manager (DSM)\n - hsm-luna for Luna HSM\n"}},"example":{"job_config_id":"f0358220-86db-4a0a-a2cf-171a51618f57","auto_rotate_disable_encrypt":true,"auto_rotate_key_source":"dsm","auto_rotate_domain_id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","labels":{"disable_encrypt_on_auto_rotate":"true","job_config_id":"c1d591cd-2abb-4e67-b15e-dcac4403ba99"},"synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/disable-rotation-job":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable key for rotation job.","description":"Disable key for rotation job.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/import-material":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Import","description":"Imports the key on the AWS KMS. Specify the following details.\n- Source Key Identifier of the key (The key must be a 256 bits AES key).\n- Source Key Tier\n- Whether to enable key expiration.\n- Key expiration time.\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Import key material for an existing AWS key.","schema":{"type":"object","title":"Import a key on AWS KMS.","properties":{"source_key_identifier":{"type":"string","description":"If source_key_tier is local, source_key_identifier is the key identifier of the ciphertrust manager key to be uploaded. source_key_identifier is the mandatory parameter in case of dsm.\n\nIf source_key_tier is dsm, source_key_identifier is the key identifier of the dsm key to be uploaded. By default, a new CipherTrust Manager key would be generated automatically.\n\nIf key material is re-imported, AWS allows re-importing the same key material only,\ntherefore it is mandatory to provide source key identifier of the same CipherTrust Manager key which was imported previously.\n"},"key_expiration":{"type":"boolean","description":"Whether to disable encryption on key which is getting rotated ."},"valid_to":{"type":"string","description":"Key expiration time of new roated key, must be formatted as per RFC3339."},"source_key_tier":{"type":"string","description":"Source key tier. Options are local, dsm and hsm-luna. Default is local."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"b4e99043-9057-4e61-a7c0-105684a6a34e","uri":"kylo:kylo:cckm:aws-key:b4e99043-9057-4e61-a7c0-105684a6a34e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-04T06:52:57.603079Z","updatedAt":"2020-08-04T06:53:15.94086349Z","kms_id":"f106aa24-cd1e-4a14-82ff-d86e9449bf11","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-08-04T06:53:15.940131571Z","local_key_id":"651275a6a1564bc09ddf544674ffa0137c9c8881cacd4a5c9cb37a7ece4ca3ff","local_key_name":"cckm-aes-import-testkeyimport-089794ec-deea-4289-af3f-c54eb11af05e","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"cckm","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/7f4112a2-47bd-44de-a2eb-fd1b454e4c78","CustomerMasterFKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"7f4112a2-47bd-44de-a2eb-fd1b454e4c78","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"EXTERNAL","CreationDate":"2020-08-04T06:52:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/testkeyimport"],"Tags":[{"TagKey":"key","TagValue":"value"}],"ValidTo":"2021-06-23T11:07:59Z","KeyRotationEnabled":false,"ExpirationModel":"KEY_MATERIAL_EXPIRES"}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/delete-material":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Delete key material","description":"Deletes the imported key material from the AWS KMS.\n","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"b4e99043-9057-4e61-a7c0-105684a6a34e","uri":"kylo:kylo:cckm:aws-key:b4e99043-9057-4e61-a7c0-105684a6a34e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-04T06:52:57.603079Z","updatedAt":"2020-08-04T06:54:10.065652063Z","kms_id":"f106aa24-cd1e-4a14-82ff-d86e9449bf11","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-08-04T06:53:15.940132Z","local_key_id":"651275a6a1564bc09ddf544674ffa0137c9c8881cacd4a5c9cb37a7ece4ca3ff","local_key_name":"cckm-aes-import-testkeyimport-089794ec-deea-4289-af3f-c54eb11af05e","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"cckm","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/7f4112a2-47bd-44de-a2eb-fd1b454e4c78","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":false,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"7f4112a2-47bd-44de-a2eb-fd1b454e4c78","KeyManager":"CUSTOMER","KeyState":"PendingImport","KeyUsage":"ENCRYPT_DECRYPT","Origin":"EXTERNAL","CreationDate":"2020-08-04T06:52:55Z","Policy":{"Id":"key-default-1","Version":"2012-10-17","Statement":[{"Sid":"Enable IAM User Permissions","Action":"kms:*","Effect":"Allow","Resource":"*","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}]},"Alias":["alias/testkeyimport"],"Tags":[{"TagKey":"key","TagValue":"value"}],"ValidTo":"2021-06-23T11:07:59Z","KeyRotationEnabled":false,"ExpirationModel":"KEY_MATERIAL_DOES_EXPIRE"}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/rotate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Rotate","description":"Rotates the key within the AWS KMS.\n\nSpecify the following details for HYOK keys:\n- For HYOK key backed by Luna HSM as key source: \n Source key tier and Source key ID are the only parameters applicable to an AWS HYOK key where source_key_id contains the ID of a Luna HSM key. \n Luna key should be Symmetric AES 256 key with following attributes: \n - CKA_EXTRACTABLE = FALSE \n - CKA_SENSITIVE = TRUE \n - CKA_ENCRYPT = TRUE \n - CKA_DECRYPT = TRUE \n - CKA_WRAP = TRUE \n - CKA_UNWRAP = TRUE \n\n- For HYOK key backed by Ciphertrust Manager as key source: \n Source key tier is the only parameter applicable to an AWS HYOK key.\n\nSpecify the following details for BYOK keys:\n- Source Key Identifier of the key\n- Whether to disable encryption\n- Description of the key\n- Whether to enable key expiration\n- Key expiration time\n- Whether to retain alias along with the timestamp on the archived key\n\nSpecify the following details for CloudHSM keys:\n- Whether to disable encryption\n- Description of the key\n- Whether to retain alias along with the timestamp on the archived key\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Rotate key material for an existing AWS key.","schema":{"type":"object","title":"Import a key into AWS KMS.","properties":{"source_key_tier":{"type":"string","description":"Source key tier. Options are local, dsm, and hsm-luna. Default is local."},"source_key_id":{"type":"string","description":"If source_key_tier is dsm or hsm-luna, this parameter is the key identifier of the key to be uploaded. source_key_id is a mandatory parameter in the case of dsm and hsm-luna.\n\nIf source_key_tier is local, this parameter is the key identifier of the CipherTrust Manager key to be uploaded. By default, a new CipherTrust Manager key is generated automatically.\n"},"disable_encrypt":{"type":"boolean","description":"Indicates whether to disable encryption on the new key (after key rotation)."},"description":{"type":"string","description":"Description for the new key (after key rotation)."},"key_expiration":{"type":"boolean","description":"Indicates whether to enable key expiration on the new key (after key rotation)."},"valid_to":{"type":"string","description":"Key expiration time for the new key (after key rotation). This string must be formatted as per RFC3339."},"retain_alias":{"type":"boolean","description":"Indicates whether to retain the alias with the timestamp on the archived key after key rotation."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"3b211bb2-28e7-41b3-b12a-59bd6d641c3f","uri":"kylo:kylo:cckm:aws-key:3b211bb2-28e7-41b3-b12a-59bd6d641c3f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-04T06:51:15.558039893Z","updatedAt":"2020-08-04T06:51:18.505860192Z","kms_id":"f106aa24-cd1e-4a14-82ff-d86e9449bf11","kms":"kms-name","rotated_at":"2020-08-04T06:51:18.500960614Z","rotated_from":"aa4136e8-b9cd-4987-8e6f-2d20263aa063","synced_at":"2020-08-04T06:51:17.841673473Z","rotation_status":"ACTIVE","local_key_id":"9458978d8dd54cdbb947e0c2fe62d85083bc51cf7f51480da17e76ce8545fbfc","local_key_name":"cckm-aes-import-testkey-42963d42-5967-46db-af9e-dc6866071e7c","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"cckm","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/be464e13-b702-4308-ad4a-85d7b4a173fe","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"be464e13-b702-4308-ad4a-85d7b4a173fe","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"EXTERNAL","CreationDate":"2020-08-04T06:51:14Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/testkey"],"KeyRotationEnabled":false,"ExpirationModel":"KEY_MATERIAL_DOES_NOT_EXPIRE"}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/schedule-deletion":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Schedule Deletion","description":"Schedules deletion of the key.","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Schedule deletion for an AWS key.","schema":{"type":"object","title":"Schedule deletion for an AWS key.","required":["days"],"properties":{"days":{"type":"integer","description":"Number of days after which the key will be deleted."}},"example":{"days":7}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":false,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"PendingDeletion","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"DeletionDate":"2020-07-31T04:41:26.378529692Z","KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/policy":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Update key policy","description":"Updates the AWS key policy.\n- Policy and policy template are mutually exclusive to each other and all other policy parameters.\n- If no policy parameters are specified the default policy is created.\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Update the AWS key policy.","schema":{"type":"object","title":"Update the AWS key policy.","properties":{"external_accounts":{"type":"array","description":"AWS accounts that can use this key. External accounts are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins":{"type":"array","description":"IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins_roles":{"type":"array","description":"IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_users":{"type":"array","description":"IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_users_roles":{"type":"array","description":"IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"policy":{"type":"object","description":"Key policy to attach to the KMS key. Policy is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"policytemplate":{"type":"string","description":"ID of the policy template to apply. Policy template is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::123456789012:root","arn:aws:iam::123456789012:user/aws-user"]},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/update-description":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Update key description","description":"Updates the AWS key description.","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Updates the AWS key description.","schema":{"type":"object","title":"Updates the AWS key description.","required":["description"],"properties":{"description":{"type":"string","description":"Updated description of the AWS key."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Updating or adding Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable key","description":"Enable the AWS key.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable key","description":"Disables the AWS key.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":false,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Disabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/add-tags":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Add tags","description":"Adds tags to the AWS key.","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Adds tags to the AWS key.","schema":{"type":"object","title":"Tags to be added to the AWS key.","required":["tags"],"properties":{"tags":{"type":"array","items":{"type":"object","title":"Tags","properties":{"tag_key":{"description":"Key of the tag.","type":"string"},"tag_value":{"description":"Value corresponding to the key of the tag.","type":"string"}}},"description":"Tags to be added to the AWS key."}},"example":{"tags":[{"tag_key":"key","tag_value":"value"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"},{"TagKey":"newkey","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/remove-tags":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Remove tags","description":"Removes tags from the AWS key.","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Removes tags from the AWS key.","schema":{"type":"object","title":"Removes tags from the AWS key.","required":["tags"],"properties":{"tags":{"type":"array","description":"Tags to be removed from the AWS key."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/add-alias":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Add alias","description":"Adds alias to the AWS key.","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Adds alias to the AWS key.","schema":{"type":"object","title":"Adds alias to the AWS key.","required":["alias"],"properties":{"alias":{"type":"string","description":"Alias to be added to the AWS key."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test","alias/newAddedAlias"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/delete-alias":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Delete alias","description":"Deletes alias from the AWS key.","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Deletes alias from the AWS key.","schema":{"type":"object","title":"Deletes alias from the AWS key.","required":["alias"],"properties":{"alias":{"type":"string","description":"Alias to be deleted from the AWS key."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/cancel-deletion":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel delete","description":"Cancels deletion of the key.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":false,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Disabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/keys/{id}/enable-auto-rotation":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable key rotation","description":"Enables automatic key rotation of the AWS key.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":true}}}}}}},"/v1/cckm/aws/keys/{id}/disable-auto-rotation":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable key rotation","description":"Disables automatic key rotation of the AWS key.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"ACTIVE","synced_at":"2020-07-24T04:10:56.125474304Z","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Description":"Description","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/Test"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false}}}}}}},"/v1/cckm/aws/upload-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Uploads the key to the AWS KMS. Specify the following details.\n- Source Key Identifier of the key (The key must be a 256 bits AES key).\n- Name of the available region.\n- IAM users and roles that can use the KMS key in cryptographic operations.\n- IAM users and roles that can administer this key using the KMS API.\n- Parameters for the KMS key such as Alias, etc.\n- Name or ID of the KMS.\n- AWS accounts that can use this key.\n- Whether to enable key expiration.\n- Source key tier. (optional).\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Upload an AWS key.","schema":{"type":"object","title":"Creates an AWS key.","required":["region","source_key_identifier","kms"],"properties":{"source_key_identifier":{"type":"string","description":"If source_key_tier is local, Source Key Identifier of the CipherTrust Manager key to be uploaded.\n\nIf source_key_tier is hsm-luna, Source Key Identifier of the hsm luna AES key to be uploaded.\n\nIf source_key_tier is dsm, Source Key Identifier of the dsm key to be uploaded.\n"},"source_key_tier":{"type":"string","description":"Key source from where the key will be uploaded.\n - local for CipherTrust Manager\n - dsm for Data Security Manager (DSM)\n - hsm-luna for Luna HSM\n"},"region":{"type":"string","description":"Name of the available region."},"kms":{"type":"string","description":"Name or ID of the KMS where the key will be uploaded."},"policytemplate":{"type":"string","description":"ID of the policy template to apply. Policy template is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"key_users":{"type":"array","description":"IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_users_roles":{"type":"array","description":"IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins":{"type":"array","description":"IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins_roles":{"type":"array","description":"IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"external_accounts":{"type":"array","description":"AWS accounts that can use this key. External accounts are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_expiration":{"type":"boolean","description":"Whether to enable key expiration."},"aws_param":{"type":"object","description":"AWS key parameters.","properties":{"Tags":{"type":"array","items":{"type":"object","title":"Tags","properties":{"TagKey":{"description":"Key of the tag. A tag is a key-value pair.","type":"string"},"TagValue":{"description":"Value corresponding to the key of the tag.","type":"string"}}}},"Alias":{"type":"string","description":"Alias for the key."},"BypassPolicyLockoutSafetyCheck":{"type":"boolean","description":"Whether to bypass the key policy lockout safety check."},"Description":{"type":"string","description":"Description of the key."},"Policy":{"type":"object","description":"Key policy to attach to the KMS key. Policy is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"ValidTo":{"type":"string","description":"Key expiration time, must be formatted as per RFC3339."},"MultiRegion":{"type":"boolean","description":"Create a multi region primary key."}}}},"example":{"source_key_tier":"","source_key_identifier":"","region":"","kms":"","key_expiration":false,"aws_param":{"Alias":"","Tags":[{"TagKey":"key","TagValue":"value"}],"ValidTo":""}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","uri":"kylo:kylo:cckm:aws-key:677f9689-b2af-4fdb-ad9a-71cac77f7fa0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-24T04:10:56.180805743Z","updatedAt":"2020-07-24T04:10:56.177874659Z","kms_id":"ebdd67ec-a87b-4ae6-ae71-fd4dd3e3a5ad","kms":"kms-name","rotation_status":"","synced_at":"2020-07-24T04:10:56.125474304Z","local_key_id":"0c20bd6137334d0d832e65cb38aec32165d0ace291ba4a7c939afb987ef2e8e0","local_key_name":"aes-local-key","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"ap-southeast-1","gone":false,"key_material_origin":"cckm","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:ap-southeast-1:123456789012:key/677f9689-b2af-4fdb-ad9a-71cac77f7fa0","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"677f9689-b2af-4fdb-ad9a-71cac77f7fa0","KeyManager":"CUSTOMER","KeyState":"Enabled","KeyUsage":"ENCRYPT_DECRYPT","Origin":"EXTERNAL","CreationDate":"2020-07-24T04:10:55Z","Policy":{"Version":"2012-10-17","Id":"key-default-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":"kms:*","Resource":"*"}]},"Alias":["alias/uploadtest"],"Tags":[{"TagKey":"key","TagValue":"value"}],"KeyRotationEnabled":false,"ExpirationModel":"KEY_MATERIAL_DOES_NOT_EXPIRE"}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/alias/verify":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Verify alias","description":"Checks whether an alias exists on the KMS.","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Checks whether an alias exists on the KMS.","schema":{"type":"object","title":"Checks whether an alias exists on the KMS.","required":["alias","region","kms"],"properties":{"alias":{"type":"string","description":"Key alias to be verified."},"region":{"type":"string","description":"Region in which the alias is to be verified."},"kms":{"type":"string","description":"Name or ID of the KMS."}}}}],"responses":{"200":{"description":"OK"}}}},"/v1/cckm/aws/kms":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add AWS KMS","description":"Adds an AWS account and regions so that they can be managed by the CCKM.\n","tags":["CCKM/AWSKms"],"parameters":[{"name":"body","in":"body","description":"Adding an account and regions.","schema":{"type":"object","title":"Adding an account and regions.","required":["account_id","connection","regions","name"],"properties":{"account_id":{"type":"string","description":"ID of the AWS account."},"connection":{"type":"string","description":"Name or ID of the connection in which the account is managed."},"name":{"type":"string","description":"Unique name for the KMS."},"regions":{"type":"array","items":{"type":"string"},"description":"AWS regions to be added to the CCKM."},"assume_role_arn":{"type":"string","description":"Amazon Resource Name (ARN) of the role to be assumed."},"assume_role_external_id":{"type":"string","description":"External ID for the role to be assumed. This parameter can be specified only with \"assume_role_arn\"."}},"example":{"account_id":"account ID","connection":"connection name","regions":["us-east-1"],"name":"kms"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"da69adcb-a864-46b7-8307-5a2afce71cff","uri":"kylo:kylo:cckm:kms:kms-name","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-05T10:46:01.228868693Z","name":"kms-name","account_id":"123456789012","arn":"arn:aws:iam::123456789012:user/aws-user","connection":"aws-connection","regions":["ap-northeast-2","ap-northeast-1","sa-east-1","ca-central-1","ap-southeast-1","ap-southeast-2","eu-central-1","us-east-1","us-east-2","us-west-1","us-west-2"],"cloud_name":"aws"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List AWS KMS","description":"Returns the list of the AWS Key Management Services (KMS). The results can be filtered using the query parameters.\n","tags":["CCKM/AWSKms"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"name","in":"query","type":"string","description":"Filter the results by name."},{"name":"account_id","in":"query","type":"string","description":"Filter the results by account id."},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud name. Possible values are \"aws\", \"aws-us-gov\" and \"aws-cn\".","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/kms/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Get the details of AWS KMS with the given id.","tags":["CCKM/AWSKms"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"da69adcb-a864-46b7-8307-5a2afce71cff","uri":"kylo:kylo:cckm:kms:kms-name","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-05T10:46:01.228868693Z","name":"kms-name","account_id":"123456789012","arn":"arn:aws:iam::123456789012:user/aws-user","connection":"aws-connection","regions":["ap-northeast-2","ap-northeast-1","sa-east-1","ca-central-1","ap-southeast-1","ap-southeast-2","eu-central-1","us-east-1","us-east-2","us-west-1","us-west-2"],"cloud_name":"aws"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes an AWS KMS account from the CCKM.","tags":["CCKM/AWSKms"],"responses":{"204":{"description":"No Content | AWS KMS account was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the connection and regions of an AWS KMS account.\n","tags":["CCKM/AWSKms"],"parameters":[{"name":"body","in":"body","description":"Updates an Aws kms.","schema":{"type":"object","title":"Updates an Aws kms.","properties":{"connection":{"type":"string","description":"Name or ID of the connection in which the account is managed."},"regions":{"type":"array","items":{"type":"string"},"description":"Regions to be updated."},"assume_role_arn":{"type":"string","description":"Updates the ARN of the role to be assumed."},"assume_role_external_id":{"type":"string","description":"Updates the External ID for the role to be assumed."}}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"da69adcb-a864-46b7-8307-5a2afce71cff","uri":"kylo:kylo:cckm:kms:kms-name","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-05T10:46:01.228868693Z","name":"kms-name","account_id":"123456789012","arn":"arn:aws:iam::123456789012:user/aws-user","connection":"aws-connection","regions":["ca-central-1","ap-southeast-1","ap-southeast-2","eu-central-1","us-east-1","us-east-2","us-west-1","us-west-2"],"cloud_name":"aws"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/kms/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"User ACLs","description":"Grants permissions to users or group to perform specific actions on the AWS KMS, using Access Control Lists (ACLs). User ID and group are mutually exclusive – specify either of the two.\n\nFor the first time users or group, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.\n\nFor example, a user or group is permitted actions, keycreate, keyupdate, and keyrotate. Now, to permit one more action \"keydelete\" to the user or group, set \"permit\":true and \"actions\": \"keydelete\" and run the API. Similarly, now to deny permission to the action \"keycreate\", set \"permit\":false, \"actions\": \"keycreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n APIs | Actions Required | Description\n ------------------------------- | ---------------------------- | ---------------------------------------------------\n Create | keycreate | Permission to create an AWS key.\n Import | keymaterialimport | Permission to import the key on the AWS KMS.\n Delete key material | keymaterialdelete | Permission to delete the imported key material from AWS KMS.\n Rotate | keyrotate | Permission to rotate the key on the AWS KMS.\n Schedule Deletion | keydelete | Permission for schedule deletion of the key.\n Cancel delete | keycanceldelete | Permission to cancel deletion of the key.\n Synchronize | keysynchronize | Permission to synchronize AWS keys.\n Cancel | keysynchronize | Permission to cancel a synchronization job.\n Update key policy | keyupdate | Permission to update the AWS key policy.\n Update key description | keyupdate | Permission to update the AWS key description.\n Enable key | keyupdate | Permission to enable the AWS key.\n Disable key | keyupdate | Permission to disable the AWS key.\n Add tags | keyupdate | Permission to add tags to the AWS key.\n Remove tags | keyupdate | Permission to remove tags from the AWS key.\n Add alias | keyupdate | Permission to add an alias to the AWS key.\n Delete alias | keyupdate | Permission to deletes alias from the AWS key.\n Enable key rotation | keyupdate | Permission to enable automatic key rotation of the AWS key.\n Disable key rotation | keyupdate | Permission to disables automatic key rotation of the AWS key.\n Upload | keyupload | Permission to upload the key to the AWS KMS.\n List | viewnative | Permission to view kms and its native keys.\n List | viewbyok | Permission to view kms and its external keys.\n Get (AWS Keys) | viewnative/viewbyok | Permission to get the details of an AWS key with the given id.\n List AWS KMS | viewnative/viewbyok | Permission to view kms and its keys.\n Get (AWS Kms) | viewnative/viewbyok | Permission to get the details of AWS KMS with the given id.\n Create Report | reportcreate | Permission to create report\n Delete Report | reportdelete | Permission to delete report\n Download Report | reportdownload | Permission to download report\n View Report | reportview | Permission to view report content\n List (HYOK Key) | viewhyokkey | Permission to view AWS HYOK keys.\n Create (HYOK Key) | hyokkeycreate | Permission to create an AWS HYOK key.\n Block/Unblock (HYOK Key) | hyokkeyblockunblock | Permission to block/unblock an AWS HYOK key.\n Delete (HYOK Key) | hyokkeydelete | Permission to delete an AWS HYOK key (applicable only to unlinked key).\n Link (HYOK Key) | hyokkeylink | Permission to link an HYOK key in CM to HYOK key in AWS.\n List (CloudHSM Key) | viewcloudhsmkey | Permission to view AWS CloudHSM keys.\n Create (CloudHSM Key) | cloudhsmkeycreate | Permission to create an AWS CloudHSM key.\n Delete (CloudHSM Key) | cloudhsmkeydelete | Permission to delete an AWS CloudHSM key.\n List (Custom Key Store) | viewkeystore | Permission to view Custom key stores.\n Create (Custom Key Store) | keystoreadd | Permission to add Custom key store.\n Update (Custom Key Store) | keystoreupdate | Permission to update Custom key store properties.\n Delete (Custom Key Store) | keystoredelete | Permission to delete Custom key store.\n Block (Custom Key Store) | keystoreblock | Permission to block any operations on keys in Custom key store. \n Unblock (Custom Key Store) | keystoreunblock | Permission to unblock operations on keys in Custom key store.\n Connect (Custom Key Store) | keystoreconnect | Permission to connect Custom key store to AWS. \n Disconnect (Custom Key Store) | keystoredisconnect | Permission to disconnect Custom key store from AWS.\n Link (Custom Key Store) | keystorelink | Permission to link Custom key store to AWS.\n\n **NOTE:** \n\n The `view` permission will be automatically converted to `viewnative` and `viewbyok` permissions.\n\n If the `view` permission is set to `false`, all the permissions granted to the user/group will be removed.\n","tags":["CCKM/AWSKms"],"parameters":[{"name":"body","in":"body","description":"Providing permissions to Users.","schema":{"type":"object","title":"Adding a User.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit, false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keyupdate","keymaterialimport","keymaterialdelete","keyrotate","keydelete","keycanceldelete","keysynchronize","keyupload","viewnative","viewbyok","reportview","reportcreate","reportdelete","reportdownload"]}}}}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"da69adcb-a864-46b7-8307-5a2afce71cff","uri":"kylo:kylo:cckm:kms:kms-name","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-05T10:46:01.228869Z","name":"kms-name","account_id":"123456789012","arn":"arn:aws:iam::123456789012:user/aws-user","acls":[{"user_id":"local|0f25bbf5-0eaa-41da-a60a-82d69c0891ee","actions":["keycreate"]}],"connection":"aws-connection","regions":["ap-northeast-2","ap-northeast-1","sa-east-1","ca-central-1","ap-southeast-1","ap-southeast-2","eu-central-1","us-east-1","us-east-2","us-west-1","us-west-2"],"cloud_name":"aws"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/accounts":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"List account","description":"Lists the AWS account and regions associated with the connection.\n","tags":["CCKM/AWSKms"],"parameters":[{"name":"body","in":"body","description":"Lists the AWS account and regions associated with the connection.","schema":{"type":"object","title":"Listing AWS accounts and regions.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the connection in which the account is managed."},"assume_role_arn":{"type":"string","description":"Amazon Resource Name (ARN) of the role to be assumed."},"assume_role_external_id":{"type":"string","description":"External ID for the role to be assumed. This parameter can be specified only with \"assume_role_arn\"."}},"example":{"connection":"aws-connection"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"account_id":"123456789012","regions":["eu-north-1"]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/vaults/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Vault ACLS","description":"Grants permissions to users or group to perform specific actions on Azure key vaults. User ID and group are mutually exclusive – specify either of the two.\n\nFor the first time users or group, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.\n\nFor example, a user or group is permitted actions, keycreate, keyupdate, and keypurge. Now, to permit one more action \"keydelete\" to the user or group, set \"permit\":true and \"actions\": \"keydelete\" and run the API. Similarly, now to deny permission to the action \"keycreate\", set \"permit\":false, \"actions\": \"keycreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n APIs | Actions Required | Description\n ----------------------------- | ------------------------ | ---------------------------------------------------\n Create | keycreate | Permission to create an Azure key.\n Recover | keyrecover | Permission to recover a soft-deleted Azure key.\n Purge | keypurge | Permission to permanently delete the Azure key.\n Soft Delete | keydelete | Permission to soft delete an Azure key from the vault.\n Upload | keyupload | Permission to upload the CipherTrust Manager key to Azure.\n Synchronize | keysynchronize | Permission to synchronize Azure keys.\n Cancel | keysynchronize | Permission to cancel the synchronization job.\n Restore | keyrestore | Permission to restore a backed up key to a vault.\n Update | keyupdate | Permission to updates the key attributes, tags and key operations.\n List | view | Permission to view vaults and its keys.\n Get (Azure Keys) | view | Permission to get the details of an Azure key with the given id.\n List Vaults | view | Permission to view vaults and its keys.\n Get (Azure Vaults) | view | Permission to get the details of the Azure vault with the given id.\n Delete Backup | deletebackup | Permission to deletes an Azure key and its versions from the CCKM.\n Create Secret | secretcreate | Permission to create an Azure secret.\n Recover Secret | secretrecover | Permission to recover a soft-deleted Azure secret.\n Purge Secret | secretpurge | Permission to permanently delete the Azure secret.\n Soft Delete Secret | secretdelete | Permission to soft delete an Azure secret from the vault.\n Synchronize Secret | secretsynchronize | Permission to synchronize Azure secrets.\n Cancel Synchronize Secret | secretsynchronize | Permission to cancel the synchronization job.\n Restore Secret | secretrestore | Permission to restore a backed up secret to a vault.\n Update Secret | secretupdate | Permission to updates the Certificate attributes, and tags.\n Delete Backup | secretdeletebackup | Permission to deletes an Azure secret and its versions from the CCKM.\n Get (Azure Secrets) | secretview | Permission to get the details of an Azure secret with the given id.\n List | secretview | Permission to view secrets of a vault.\n Create Certificate | certificatecreate | Permission to create an Azure Certificate.\n Recover Certificate | certificaterecover | Permission to recover a soft-deleted Azure Certificate.\n Purge Certificate | certificatepurge | Permission to permanently delete the Azure Certificate.\n Soft Delete Certificate | certificatedelete | Permission to soft delete an Azure Certificates from the vault.\n Synchronize Certificate | certificatesynchronize | Permission to synchronize Azure Certificates.\n Cancel Synchronize Certificate | certificatesynchronize | Permission to cancel the Certificates synchronization job.\n Restore Certificate | certificaterestore | Permission to restore a backed up Certificate to a vault.\n Update Certificate | certificateupdate | Permission to updates the Certificate attributes, and tags.\n Delete Backup | certificatedeletebackup | Permission to deletes an Azure Certificate and its versions from the CCKM.\n Get (Azure Certificates) | certificateview | Permission to get the details of an Azure Certificate with the given id.\n List | certificateview | Permission to view Certificates of a vault.\n Upload (Azure Certificates) | certificateupload | Permission to upload the CipherTrust Manager certificate to Azure.\n Create Report | reportcreate | Permission to create report\n Delete Report | reportdelete | Permission to delete report\n Download Report | reportdownload | Permission to download report\n View Report | reportview | Permission to view report content\n","tags":["CCKM/AzureVaults"],"parameters":[{"name":"body","in":"body","description":"Providing permission to Users.","schema":{"type":"object","title":"Adding a ACL.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit, false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keyupdate","keydelete","keypurge","keyupload","keyrecover","keyrestore","keysynchronize","view","deletebackup","secretcreate","secretrecover","secretpurge","secretdelete","secretsynchronize","secretrestore","secretupdate","secretdeletebackup","secretview","certificatecreate","certificateupdate","certificatedelete","certificaterecover","certificatepurge","certificaterestore","certificateupload","certificatesynchronize","certificateview","certificatedeletebackup","reportview","reportcreate","reportdelete","reportdownload"]}}}}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"9d36e58b-e58f-49b8-a27f-d107ba9d7e4f","uri":"kylo:kylo:cckm:azure-vault:vault-name::bb03157e-7aff-421b-a01d-267f9613f462","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-17T07:40:23.090889Z","name":"vault-name::bb03157e-7aff-421b-a01d-267f9613f462","updatedAt":"2020-09-17T08:32:27.215954Z","azure_vault_id":"/subscriptions/bb03157e-7aff-421b-a01d-267f9613f462/resourceGroups/CCKM-resource/providers/Microsoft.KeyVault/vaults/vault-name","type":"Microsoft.KeyVault/vaults","location":"northcentralus","connection":"azure-connection","acls":[{"actions":["view"],"user_id":"local|b1403de0-224c-4433-8487-36a3bef2240c"}],"cloud_name":"AzureCloud","subscription_id":"bb03157e-7aff-421b-a01d-267f9613f462","azure_name":"vault-name","synced_at":"2020-09-28T07:22:41.410207Z","subscription_name":"Pay-As-You-Go","properties":{"sku":{"family":"A","name":"Standard"},"vaultUri":"https://vault-name.vault.azure.net/","enableSoftDelete":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/vaults/{id}/remove-vault":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Delete","description":"Deletes a vault.","tags":["CCKM/AzureVaults"],"responses":{"204":{"description":"No Content | Vault was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/add-vaults":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Azure Vault","description":"Adds an Azure vault so that it can be used by the CCKM.\n","tags":["CCKM/AzureVaults"],"parameters":[{"name":"body","in":"body","description":"Adding Azure Vault.","schema":{"type":"object","title":"Adding a vault.","required":["subscription_id","vaults","connection"],"properties":{"subscription_id":{"type":"string","description":"Subscription ID of the vault."},"vaults":{"type":"array","description":"Azure vault parameters.","items":{"type":"object","title":"Vault Data.","required":["name","azure_vault_id","type","location","properties"],"properties":{"name":{"type":"string","description":"Name for the vault."},"azure_vault_id":{"type":"string","description":"ID of the Azure vault."},"type":{"type":"string","description":"Type of the Azure vault."},"location":{"type":"string","description":"Location of the Azure vault."},"tags":{"type":"object","description":"Tags for the Azure vault."},"properties":{"type":"object","description":"Properties of the Azure vault.","properties":{"tenantId":{"type":"string","description":"The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault."},"enableSoftDelete":{"type":"boolean","description":"Property to specify whether the 'soft delete' functionality is enabled for this key vault. It does not accept false value."},"createMode":{"type":"string","description":"The vault's create mode to indicate whether the vault need to be recovered or not. Possible values include - 'CreateModeRecover', 'CreateModeDefault'"},"enablePurgeProtection":{"type":"boolean","description":"Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value."},"vaultUri":{"type":"string","description":"The URI of the Azure vault for performing operations on keys and secrets."},"enabledForTemplateDeployment":{"type":"boolean","description":"Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault."},"enabledForDiskEncryption":{"type":"boolean","description":"Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys."},"enabledForDeployment":{"type":"boolean","description":"Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault."},"softDeleteRetentionInDays":{"type":"integer","description":"Soft delete data retention days. It accepts >=7 and <=90."},"enableRbacAuthorization":{"type":"boolean","description":"Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions."},"sku":{"type":"object","description":"Sku details of the Azure vault.","properties":{"family":{"type":"string","description":"SKU family name of the Azure vault."},"name":{"type":"string","description":"SKU name to specify whether the key vault is a standard vault or a premium vault. Possible values include - Standard, Premium"}}}}}}}},"connection":{"type":"string","description":"Name or ID of the connection. Connection name must be associated with the key vault to which it belongs."}},"example":{"subscription_id":"6fb0c68f-123e-456f-789g-8fd7f946e530","connection":"azure-connection","vaults":[{"name":"vault-name","azure_vault_id":"/subscriptions/bb03157e-7aff-421b-a01d-267f9613f462/resourceGroups/CCKM-resource/providers/Microsoft.KeyVault/vaults/vault-name","type":"Microsoft.KeyVault/vaults","location":"northcentralus","properties":{"tenantId":"2b0913e6-2c7b-45b8-8c56-c5e2e4ed27bf","sku":{"family":"A","name":"Standard"},"vaultUri":"https://vault-name.vault.azure.net/","enableSoftDelete":true}}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"2b0913e6-2c7b-45b8-8c56-c5e2e4ed27bf","uri":"kylo:kylo:cckm:subscription:2b0913e6-2c7b-45b8-8c56-c5e2e4ed27bf","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-17T10:04:17.245885271Z","updatedAt":"2020-09-17T10:04:17.243561592Z","subscription_id":"bb03157e-7aff-421b-a01d-267f9613f462","subscription_uri":"/subscriptions/bb03157e-7aff-421b-a01d-267f9613f462","displayName":"Pay-As-You-Go","state":"Enabled","subscriptionPolicies":{"locationPlacementId":"Public_2014-09-01","quotaId":"PayAsYouGo_2014-09-01","spendingLimit":"Off"},"authorizationSource":"RoleBased","connection":"azure-connection","vaults":[{"name":"vault-name::bb03157e-7aff-421b-a01d-267f9613f462","azure_vault_id":"/subscriptions/bb03157e-7aff-421b-a01d-267f9613f462/resourceGroups/CCKM-resource/providers/Microsoft.KeyVault/vaults/vault-name","type":"Microsoft.KeyVault/vaults","location":"northcentralus","properties":{"tenantId":"2b0913e6-2c7b-45b8-8c56-c5e2e4ed27bf","sku":{"family":"A","name":"Standard"},"vaultUri":"https://vault-name.vault.azure.net/","enableSoftDelete":true}}]}}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"}}}},"/v1/cckm/azure/get-vaults":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get Azure vault","description":"Returns the list of Azure vaults.\n","tags":["CCKM/AzureVaults"],"parameters":[{"name":"body","in":"body","description":"Getting Azure Vault.","schema":{"type":"object","title":"Getting a vault.","required":["subscription_id","connection"],"properties":{"subscription_id":{"type":"string","description":"Subscription ID of the vault."},"connection":{"type":"string","description":"Name or ID of the connection. Connection name must be associated with the key vault to which it belongs."},"limit":{"type":"integer","description":"Number of the vaults to view. Default value is 10. Maximum value is 1000."},"nextLink":{"type":"string","description":"Nextlink is used to get the remaining vaults left in the list. The limit to view the vaults is same as you set for the first time. For eg. If there are 20 vaults and you set the limit to 11 then to view the remaining 9 vaults you need to use nextLink."}},"example":{"subscription_id":"6fb0c68f-123e-456f-789g-8fd7f946e530","connection":"azure-connection","limit":10,"nextLink":"https://management.azure.com/subscriptions/6fb0c68f-123e-456f-789g-8fd7f946e530/resources?%24filter=resourceType+eq+%27Microsoft.KeyVault%2fvaults%27&%24top=10&api-version=2015-11-01&%24skiptoken=eyJuZFUkVWTVJlV3LS0ifQ%3d%3d"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"vaults":[{"name":"vault-name","azure_vault_id":"/subscriptions/bb03157e-7aff-421b-a01d-267f9613f462/resourceGroups/CCKM-resource/providers/Microsoft.KeyVault/vaults/vault-name","type":"Microsoft.KeyVault/vaults","location":"northcentralus","properties":{"tenantId":"2b0913e6-2c7b-45b8-8c56-c5e2e4ed27bf","sku":{"family":"A","name":"Standard"},"vaultUri":"https://vault-name.vault.azure.net/","enableSoftDelete":true}}],"connection":"azure-connection","subscription_id":"bb03157e-7aff-421b-a01d-267f9613f462","nextLink":"https://management.azure.com/subscriptions/bb03157e-7aff-421b-a01d-267f9613f462/resources?%24filter=resourceType+eq+%27Microsoft.KeyVault%2fvaults%27&%24top=1&api-version=2015-11-01&%24skiptoken=eyJuZXh0UGFydGl0aW9uS2V5IjoiMSE4IU5VSTRNelUtIiwibmV4dFJvd0tleSI6IjEhMTYwIU1qWXdSVU5DUlRjM056ZENORVF6UXpnMFJVRTRPRGMyTWpBME9UZzROak5mVkVkT1RDMU5TVU5TVDFOUFJsUTZNa1ZMUlZsV1FWVk1WRG95UmxaQlZVeFVVeTFCUVVSV1FVdzZNa1JTUnkxQlFVUldRVXc2TWtSV01UQTZNa1JJUVZNNk1rUk1UMDVIT2pKRVRrRk5SUzFYUlZOVVZWTS0ifQ%3d%3d"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/get-managed-hsms":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get Azure managed HSM vaults","description":"Returns the list of Azure managed HSM vaults.\n","tags":["CCKM/AzureVaults"],"parameters":[{"name":"body","in":"body","description":"Getting Azure Managed HSM Vaults.","schema":{"type":"object","title":"Getting a vault.","required":["subscription_id","connection"],"properties":{"subscription_id":{"type":"string","description":"Subscription ID of the vault."},"connection":{"type":"string","description":"Name or ID of the connection. Connection name must be associated with the key vault to which it belongs."},"limit":{"type":"integer","description":"Number of the vaults to view. Default value is 10. Maximum value is 1000."},"nextLink":{"type":"string","description":"Nextlink is used to get the remaining vaults left in the list. The limit to view the vaults is same as you set for the first time. For eg. If there are 20 vaults and you set the limit to 11 then to view the remaining 9 vaults you need to use nextLink."}},"example":{"subscription_id":"6fb0c68f-123e-456f-789g-8fd7f946e530","connection":"azure-connection","limit":10,"nextLink":"https://management.azure.com/subscriptions/6fb0c68f-123e-456f-789g-8fd7f946e530/resources?%24filter=resourceType+eq+%27Microsoft.managedHSMs%2fvaults%27&%24top=10&api-version=2015-11-01&%24skiptoken=eyJuZFUkVWTVJlV3LS0ifQ%3d%3d"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"vaults":[{"name":"vault-name","azure_vault_id":"/subscriptions/bb03157e-7aff-421b-a01d-267f9613f462/resourceGroups/CCKM-resource/providers/Microsoft.KeyVault/managedHSMs/vault-name","type":"Microsoft.KeyVault/managedHSMs","location":"eastus2","properties":{"tenantId":"2b0913e6-2c7b-45b8-8c56-c5e2e4ed27bf","sku":{"family":"B","name":"Standard_B1"},"vaultUri":"https://vault-name.managedhsm.azure.net/","enableSoftDelete":true,"softDeleteRetentionInDays":7}}],"connection":"azure-connection","subscription_id":"bb03157e-7aff-421b-a01d-267f9613f462"}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"}}}},"/v1/cckm/servicenow/endpoints":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","tags":["CCKM/ServiceNow"],"parameters":[{"name":"body","in":"body","description":"Endpoint parameters","schema":{"type":"object","title":"Create Endpoint","properties":{"name":{"type":"string","description":"Unique name for endpoint"},"instance_id":{"type":"string","description":"ServiceNow instance ID"},"description":{"type":"string","description":"description"},"blocked":{"type":"boolean","description":"blocked"},"source_key_id":{"type":"string","description":"ID of source key"}},"example":{"name":"ServiceNow test endpoint","instance_id":"dev96533","description":"A test ServiceNow endpoint","blocked":false,"source_key_id":"4c31e73f-38ca-4942-9346-ef38d28b099b"}}}],"responses":{"201":{"description":"OK"}}},"get":{"summary":"List","description":"Returns a list of ServiceNow Endpoints. The results can be filtered using the query parameters.","tags":["CCKM/ServiceNow"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results based on ServiceNow Endpoint ID."},{"name":"name","in":"query","type":"string","description":"Filter the results based on ServiceNow Endpoint name."},{"name":"instance_id","in":"query","type":"string","description":"Filter the results by ServiceNow Instance ID."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"ServiceNow endpoint name.","type":"string"},"instanceID":{"description":"Instance ID of the ServiceNow endpoint (must be unique across domains).","type":"string"},"blocked":{"description":"Blocked status of endpoint.","type":"boolean"},"description":{"description":"Description of the ServiceNow endpoint.","type":"string"},"sourceKeyID":{"description":"ID of the endpoint source key.","type":"object"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:servicenow:servicenowendpoint-1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-02-10T00:19:40.321138Z","name":"servicenowendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","instance_id":"dev96533","blocked":false,"description":"An endpoint corresponding to dev96533","source_key_id":"76e5b274-5cb8-4aa5-9645-164f375bbb35"},{"id":"0a80bdd4-c6d7-419d-82ef-38ad854097ca","uri":"kylo:kylo:cckm:servicenow:servicenowendpoint-2","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-03-10T00:19:40.321138Z","name":"servicenowendpoint_2","updatedAt":"2021-02-10T00:20:25.036189Z","instance_id":"dev96888","blocked":true,"description":"An endpoint corresponding to dev96888","source_key_id":"e5e19463-394c-468b-a91d-bb4bc15f8b65"}]}}}}}},"/v1/cckm/servicenow/endpoints/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a ServiceNow Endpoint with the given `id`.","tags":["CCKM/ServiceNow"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:servicenow:servicenowendpoint-1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-02-10T00:19:40.321138Z","name":"servicenowendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","instance_id":"dev96533","blocked":false,"description":"An endpoint corresponding to dev96533","source_key_id":"76e5b274-5cb8-4aa5-9645-164f375bbb35"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update ServiceNow endpoint\n","tags":["CCKM/ServiceNow"],"parameters":[{"name":"body","in":"body","description":"ServiceNow endpoint parameters","schema":{"type":"object","title":"Update ServiceNow endpoint","properties":{"description":{"type":"string","description":"Description of the ServiceNow endpoint"}},"example":{"description":"an example ServiceNow endpoint"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:servicenow:servicenowendpoint-1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-02-10T00:19:40.321138Z","name":"servicenowendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","instance_id":"dev96533","blocked":false,"description":"An endpoint corresponding to dev96533","source_key_id":"76e5b274-5cb8-4aa5-9645-164f375bbb35"}}}}},"delete":{"summary":"Delete","description":"The ServiceNow endpoint will be deleted\n","tags":["CCKM/ServiceNow"],"responses":{"204":{"description":"ServiceNow endpoint was deleted successfully","schema":{"type":"string"}},"404":{"description":"Resource not found"}}}},"/v1/cckm/servicenow/endpoints/{id}/block":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Block a ServiceNow Endpoint","description":"Blocks a ServiceNow endpoint - on the next GET call from ServiceNow, an expired ValidUntil timestamp will\nbe provided, leading to ServiceNow being unable to decrypt the relevant database\n","tags":["CCKM/ServiceNow"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:servicenow:servicenowendpoint-1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-02-10T00:19:40.321138Z","name":"servicenowendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","instance_id":"dev96533","blocked":true,"description":"An endpoint corresponding to dev96533","source_key_id":"76e5b274-5cb8-4aa5-9645-164f375bbb35"}}}}}},"/v1/cckm/servicenow/endpoints/{id}/unblock":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Unblock a ServiceNow Endpoint","description":"Unblocks a ServiceNow endpoint\n","tags":["CCKM/ServiceNow"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:servicenow:servicenowendpoint-1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-02-10T00:19:40.321138Z","name":"servicenowendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","instance_id":"dev96533","blocked":false,"description":"An endpoint corresponding to dev96533","source_key_id":"76e5b274-5cb8-4aa5-9645-164f375bbb35"}}}}}},"/v1/cckm/servicenow/certificates":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","tags":["CCKM/ServiceNow"],"parameters":[{"name":"body","in":"body","description":"Certificate parameters","schema":{"type":"object","title":"Create Certificate","properties":{"certificate":{"type":"string","description":"The servicenow root certificate"}},"example":{"certificate":"-----BEGIN CERTIFICATE....."}}}],"responses":{"201":{"description":"OK"}}},"get":{"summary":"List","description":"Returns a list of ServiceNow root certificates. The results can be filtered using the query parameters.","tags":["CCKM/ServiceNow"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results based on ServiceNow root certificate ID."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"certificate":{"type":"string","description":"ServiceNow root certificate"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:servicenow:servicenowendpoint-1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-02-10T00:19:40.321138Z","updatedAt":"2021-02-10T00:20:25.036189Z","certificate":"-----BEGIN CERTIFICATE-----"},{"id":"0a80bdd4-c6d7-419d-82ef-38ad854097ca","uri":"kylo:kylo:cckm:servicenow:servicenowendpoint-2","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-03-10T00:19:40.321138Z","updatedAt":"2021-02-10T00:20:25.036189Z","certificate":"-----BEGIN CERTIFICATE-----"}]}}}}}},"/v1/cckm/servicenow/certificates/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a ServiceNow root certificate with the given `id`.","tags":["CCKM/ServiceNow"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"certificate":{"type":"string","description":"ServiceNow root certificate"}}}]}]},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:servicenow:servicenowendpoint-1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-02-10T00:19:40.321138Z","updatedAt":"2021-02-10T00:20:25.036189Z","certificate":"-----BEGIN CERTIFICATE....."}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"The ServiceNow root certificate will be deleted\n","tags":["CCKM/ServiceNow"],"responses":{"204":{"description":"ServiceNow root certificate was deleted successfully","schema":{"type":"string"}},"404":{"description":"Resource not found"}}}},"/v1/cckm/ekm/endpoints":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create EKM Endpoint or EKM-UDE Endpoint for Google EKM supported services.\nYou can create a new KEK or specify an existing KEK for wrapping and unwrapping operations. \nExisting KEK is applicable for migrating EKM integration from another CipherTrust Manager deployment. Specify the following required details:\n- Unique name for the Endpoint.\n- Base hostname for the Key URI.\n- Policy attributes in rego or basic format, including allowed service accounts. \n\nNote: \nThis API is applicable for creating EKM or EKM-UDE Endpoint from Ciphertrust Manager only. \nCreation of EKM endpoint in a cryptospace is not supported with this API. \n","tags":["CCKM/Google Cloud EKM"],"parameters":[{"name":"body","in":"body","description":"Endpoint parameters","schema":{"type":"object","title":"Create Endpoint","required":["name","keyURIHostname","policy"],"properties":{"name":{"type":"string","description":"Unique name for Endpoint."},"key_type":{"type":"string","description":"EKM Key type. Default is symmetric","enum":["symmetric","asymmetric"]},"algorithm":{"type":"string","description":"EKM Key Algorithm. Default is AES256","enum":["AES256","RSA_SIGN_PSS_2048_SHA256","RSA_SIGN_PSS_3072_SHA256","RSA_SIGN_PSS_4096_SHA256","RSA_SIGN_PSS_4096_SHA512","RSA_SIGN_PKCS1_2048_SHA256","RSA_SIGN_PKCS1_3072_SHA256","RSA_SIGN_PKCS1_4096_SHA256","RSA_SIGN_PKCS1_4096_SHA512","EC_SIGN_P256_SHA256","EC_SIGN_P384_SHA384"]},"endpoint_type":{"type":"string","description":"EKM Endpoint type. The default value is ekm.","enum":["ekm","ekm-ude"]},"keyURIHostname":{"type":"string","description":"Base url hostname for KeyURI."},"meta":{"type":"object","description":"Additional information associated with this Endpoint."},"cvm_required_for_encrypt":{"type":"boolean","description":"Is a confidential VM (and valid attestation) required for encryption. Default is false. Applicable for UDE Endpoint only."},"cvm_required_for_decrypt":{"type":"boolean","description":"Is a confidential VM (and valid attestation) required for decryption. Default is false. Applicable for UDE Endpoint only."},"raw_policy_enabled":{"type":"boolean","description":"Flag to denote whether the sent policy is in raw format. Default is false.\nEKM Policy in basic format is required if raw_policy_enabled=false.\n"},"policy":{"type":"object","description":"EKM Policy attributes.","title":"ekm policy","properties":{"basic":{"type":"object","description":"EKM Policy in basic format. Required field if raw_policy_enabled=false.","title":"basic ekm policy","required":["clients"],"properties":{"clients":{"description":"Allowed Service Accounts. It is a mandatory field.","type":"array"},"justification_required":{"type":"boolean","description":"Flag to denote whether key access justification should be enforced. Default is false."},"justification_reason":{"description":"Justification reason can't be empty when `justification_required` is set to true.\nAllowed Key Access justification reasons.\n","type":"array","enum":["REASON_UNSPECIFIED,","CUSTOMER_INITIATED_SUPPORT,","GOOGLE_INITIATED_SERVICE,","THIRD_PARTY_DATA_REQUEST,","GOOGLE_INITIATED_REVIEW,","CUSTOMER_INITIATED_ACCESS,","GOOGLE_INITIATED_SYSTEM_OPERATION,","REASON_NOT_EXPECTED,","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"]},"attestation_zones":{"description":"Allowed zones. Applicable for UDE Endpoint only.","type":"array"},"attestation_project_ids":{"description":"Allowed Project IDs. Applicable for UDE Endpoint only.","type":"array"},"attestation_instance_names":{"description":"Allowed Instance Names. Applicable for UDE Endpoint only.","type":"array"}}},"rego":{"description":"EKM Policy in rego format. Required field if raw_policy_enabled=true.","type":"string"}}},"existing_key_id":{"type":"string","description":"Identifier to be used to find the latest version of an existing CipherTrust Manager key. This identifier can be the ID of any version or the name of\na CipherTrust Manager key. This key is either a symmetric or an asymmetric key type. The symmetric key must have Encrypt, Decrypt, Wrap, and Unwrap usage\nmasks while the asymmetric key must have sign and verify usage masks. In addition, this key must not be exportable or deletable. \nAn EKM endpoint will be created using the latest version of this key. If the identifier is not supplied, a new CipherTrust Manager key will be created.\nThis identifier is applicable to the migration of an EKM endpoint from one CipherTrust Manager deployment to another. When creating a new EKM endpoint using\nan existing CipherTrust Manager key in the new deployment, CCKM uses this identifier to associate all of the existing versions of a CipherTrust Manager key\nto the new endpoint.\n"}},"example":{"name":"ekmendpoint_1","keyURIHostname":"ekm.thales.com","meta":{"color":"blue","size":"big"},"cvm_required_for_encrypt":true,"cvm_required_for_decrypt":true,"endpoint_type":"ekm-ude","key_type":"symmetric","algorithm":"AES256","raw_policy_enabled":true,"policy":{"rego":"package example\r\n\r\ndefault allow = false\r\n\r\nallowedClient {\r\n input.client = {\"abc@google.com\"}[_]\r\n}\r\n\r\nallowedJustification {\r\n input.justificationReason = {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\r\n}\r\n\r\ndefault allowAttestation = false\r\n\r\nallowAttestation {\r\n\tinput.attestationRequired = false\r\n}\r\n\r\nallowAttestation {\r\n input.attestationZones = {\"us-east1a\"}[_]\r\n input.attestationProjectIDs = {\"project1\"}[_]\r\n input.instanceNames = {\"instance1\"}[_]\r\n}\r\n\r\nallow {\r\n allowedClient\r\n allowedJustification\r\n allowAttestation\r\n}"},"existing_key_id":"20f73d40-e187-4eca-9e8f-76a0bd106ac1"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:kacls-ekm:ekmendpoint-1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"ekmendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","keyURIHostname":"ekm.thales.com","keyURI":"https://ekm.thales.com/api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","key_path":"api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","kekName":"ekmendpoint_1","kekID":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","meta":{"size":"big","color":"blue"},"enabled":true,"kekVersion":"0","cvm_required_for_encrypt":true,"cvm_required_for_decrypt":true,"endpoint_type":"ekm-ude","key_type":"symmetric","algorithm":"AES256","raw_policy_enabled":false,"policy":{"basic":{},"rego":"package example\r\n\r\ndefault allow = false\r\n\r\nallowedClient {\r\n input.client = {\"abc@google.com\"}[_]\r\n}\r\n\r\nallowedJustification {\r\n input.justificationReason = {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\r\n}\r\n\r\ndefault allowAttestation = false\r\n\r\nallowAttestation {\r\n\tinput.attestationRequired = false\r\n}\r\n\r\nallowAttestation {\r\n input.attestationZones = {\"us-east1a\"}[_]\r\n input.attestationProjectIDs = {\"project1\"}[_]\r\n input.instanceNames = {\"instance1\"}[_]\r\n}\r\n\r\nallow {\r\n allowedClient\r\n allowedJustification\r\n allowAttestation\r\n}"},"existing_key_id":"6767fbc7-cd53-470d-949d-dc016290224d"}}}}},"get":{"summary":"List","description":"Returns a list of EKM Endpoints. The results can be filtered using the query parameters.","tags":["CCKM/Google Cloud EKM"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the result based on EKM Endpoint ID."},{"name":"name","in":"query","type":"string","description":"Filter the result based on EKM Endpoint name."},{"name":"key_type","in":"query","type":"string","description":"Filter the results by EKM Key type."},{"name":"endpoint_type","in":"query","type":"string","description":"Filter the results by EKM Endpoint type."},{"name":"algorithm","in":"query","type":"string","description":"Filter the results by EKM Endpoint algorithm."},{"name":"cryptospace_id","in":"query","type":"string","description":"Filters the results by matching cryptospace id. \nIf cryptospace_id is specified as \"-1\", EKM Endpoints that are not associated with any cryptospace are returned. \nIf cryptospace_id is specified as \"-2\", EKM Endpoints that are associated with any cryptospace are returned. \n"},{"name":"cryptospace_name","in":"query","type":"string","description":"Filters the results by matching cryptospace name. \nIf cryptospace_name is specified as \"-1\", EKM Endpoints that are not associated with any cryptospace are returned. \nIf cryptospace_name is specified as \"-2\", EKM Endpoints that are associated with any cryptospace are returned. \n"},{"name":"gcp_relative_resource_name","in":"query","type":"string","description":"Filters the results by matching relative resource name of the GCP Cloud KMS Key \n(E.g. projects/my-proj/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-key/cryptoKeyVersions/19).\n"},{"name":"relative_resource_name_without_version","in":"query","type":"string","description":"Filters the results by matching relative resource name (without version) of the GCP Cloud KMS Key\n(E.g. projects/my-proj/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-key).\nIf version is specified as \"-1\", endpoints with unique values for relative resource name\n(by creation time) would be returned.\n"},{"name":"gcp_key_ring_name","in":"query","type":"string","description":"Filter the results by GCP Cloud KMS Key ring name corresponding to EKM endpoint."},{"name":"gcp_key_name","in":"query","type":"string","description":"Filter the results by GCP Cloud KMS Key name corresponding to EKM endpoint."},{"name":"gcp_project_id","in":"query","type":"string","description":"Filter the results by Google project id.\nApplicable only if EKM endpoint is in a cryptospace.\n"},{"name":"state","in":"query","type":"string","description":"Filter the results by key state. Its value could be ACTIVE, DESTROYED or empty (for querying keys in all state).\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"EKM Endpoint name.","type":"string"},"kekURI":{"description":"URI of KEK created by EKM Endpoint.","type":"string"},"kekURIHostname":{"description":"URI Hostname of KEK created by EKM Endpoint.","type":"string"},"kekName":{"description":"Name of KEK created by EKM Endpoint.","type":"string"},"kekID":{"description":"ID of KEK created by EKM Endpoint.","type":"string"},"meta":{"description":"Additional information associated with EKM Endpoint.","type":"object"},"enabled":{"description":"Status to allow wrap or unwrap operation using this EKM Endpoint.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"2,","resources":[{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:kacls-ekm:ekmendpoint-1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"ekmendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","keyURIHostname":"ekm.thales.com","keyURI":"https://ekm.thales.com/api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","key_path":"api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","kekName":"ekmendpoint_1","kekID":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","meta":{"size":"big","color":"blue"},"enabled":true,"kekVersion":"0","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"endpoint_type":"ekm-ude","key_type":"symmetric","algorithm":"AES256","cryptospace_id":"76e5b274-5cb8-4aa5-9645-164f375bbb35","raw_policy_enabled":false,"policy":{"basic":{"clients":["abc@google.com"],"justification_required":true,"justification_reason":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT"],"attestation_zones":["zone1","zone2"],"attestation_project_ids":["project1","project2"],"attestation_instance_names":["instance1","instance2"]},"rego":"package example\r\n\r\ndefault allow = false\r\n\r\nallowedClient {\r\n input.client = {\"abc@google.com\"}[_]\r\n}\r\n\r\nallowedJustification {\r\n input.justificationReason = {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\r\n}\r\n\r\ndefault allowAttestation = false\r\n\r\nallowAttestation {\r\n\tinput.attestationRequired = false\r\n}\r\n\r\nallowAttestation {\r\n input.attestationZones = {\"us-east1a\"}[_]\r\n input.attestationProjectIDs = {\"project1\"}[_]\r\n input.instanceNames = {\"instance1\"}[_]\r\n}\r\n\r\nallow {\r\n allowedClient\r\n allowedJustification\r\n allowAttestation\r\n}"},"state":"ACTIVE"},{"account":"kylo:kylo:admin:accounts:kylo","algorithm":"AES256","application":"ncryptify:gemalto:admin:apps:kylo","createdAt":"2022-11-23T01:47:40.727232Z","cryptospace_id":"a5d55e6f-6145-40ca-86e3-d9b2ec77503f","cryptospace_name":"cryptospace-1","cvm_required_for_decrypt":false,"cvm_required_for_encrypt":false,"devAccount":"ncryptify:gemalto:admin:accounts:gemalto","enabled":true,"endpoint_type":"ekm","gcp_key_name":"key-test-1","gcp_key_ring_name":"my-keyring","id":"72ad421d-3cb0-4d2a-b8ba-3ae0c53f4de0","kekID":"47425e5655c1449f8fce099e437ddf729e98fab6857d40038995101bd1934f96","kekName":"ks-47425e5655c1449f8fce099e437ddf729e98fab6857d40038995101bd1934f96","kekVersion":"0","key_path":"api/v1/cckm/ekm/endpoints/72ad421d-3cb0-4d2a-b8ba-3ae0c53f4de0","key_type":"symmetric","keyURI":"https://ekm.thales.com/api/v1/cckm/ekm/endpoints/72ad421d-3cb0-4d2a-b8ba-3ae0c53f4de0","keyURIHostname":"ekm.thales.com","meta":null,"name":"cryptospace-1/my-proj/us-central1/my-keyring/key-test-1/0","policy":{"basic":{"clients":["richard-roe@google.com","john-doe@thales-test-proj.iam.gserviceaccount.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"],"justification_required":true},"rego":"\npackage example\ndefault allow = false\n\ndefault allowedClient = false\nallowedClient {\n\t\tinput.clients = {\"richard-roe@google.com\",\"john-doe@thales-test-proj.iam.gserviceaccount.com\",\"starjammers-ekm@gemalto-kyloeng.iam.gserviceaccount.com\"}[_]\n}\n\ndefault allowedJustification = false\nallowedJustification {\n\t\tinput.justificationReason = {\"CUSTOMER_INITIATED_SUPPORT\"}[_]\n}\n\nallow {\n allowedClient\n allowedJustification\n}\n"},"raw_policy_enabled":false,"relative_resource_name_without_version":"projects/my-proj/locations/us-central1/keyRings/my-keyring/cryptoKeys/key-test-1","gcp_relative_resource_name":"projects/my-proj/locations/us-central1/keyRings/my-keyring/cryptoKeys/key-test-1/cryptoKeyVersions/0","updatedAt":"2022-11-23T01:47:40.727232Z","uri":"kylo:kylo:cckm:ekm-e2e-key:cryptospace-1-my-proj-us-central1-my-keyring-key-test-1-0","gcp_project_id":"my-proj","state":"DESTROYED"}]}}}}}},"/v1/cckm/ekm/endpoints/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an EKM Endpoint with the given `id`.","tags":["CCKM/Google Cloud EKM"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:ekm-e2e-key:ekmendpoint-1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-11-17T22:48:10.81538Z","name":"ekmendpoint_1","updatedAt":"2021-11-17T22:48:10.81538Z","keyURIHostname":"ekm.thales.com","keyURI":"https://ekm.thales.com/api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","key_path":"api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","kekName":"ks-4b9e5fe0d7934bf7a115db711a88b7073a933af817d04651a0323af811bcf95f","kekID":"4b9e5fe0d7934bf7a115db711a88b7073a933af817d04651a0323af811bcf95f","meta":{"size":"big","color":"blue"},"enabled":true,"kekVersion":"0","cvm_required_for_encrypt":true,"cvm_required_for_decrypt":true,"endpoint_type":"ekm-ude","key_type":"symmetric","raw_policy_enabled":true,"policy":{"basic":{},"rego":"package example\r\n\r\ndefault allow = false\r\n\r\nallowedClient {\r\n input.client = {\"abc@google.com\"}[_]\r\n}\r\n\r\nallowedJustification {\r\n input.justificationReason = {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\r\n}\r\n\r\ndefault allowAttestation = false\r\n\r\nallowAttestation {\r\n\tinput.attestationRequired = false\r\n}\r\n\r\nallowAttestation {\r\n input.attestationZones = {\"us-east1a\"}[_]\r\n input.attestationProjectIDs = {\"project1\"}[_]\r\n input.instanceNames = {\"instance1\"}[_]\r\n}\r\n\r\nallow {\r\n allowedClient\r\n allowedJustification\r\n allowAttestation\r\n}"},"algorithm":"AES256"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update EKM Endpoint.\n","tags":["CCKM/Google Cloud EKM"],"parameters":[{"name":"body","in":"body","description":"EKM Endpoint parameters","schema":{"type":"object","title":"Update EKM Endpoint.","properties":{"keyURIHostname":{"type":"string","description":"Base url hostname for KeyURI."},"meta":{"type":"object","description":"Additional information associated with this Endpoint."},"cvm_required_for_encrypt":{"type":"boolean","description":"Is a confidential VM (and valid attestation) required for encryption. Default is false.\nApplicable for UDE Endpoint only.\n"},"cvm_required_for_decrypt":{"type":"boolean","description":"Is a confidential VM (and valid attestation) required for decryption. Default is false.\nApplicable for UDE Endpoint only.\n"},"raw_policy_enabled":{"type":"boolean","description":"Flag to denote whether the sent policy is in raw format. Default is false."},"policy":{"type":"object","description":"EKM Policy attributes.","title":"ekm policy","properties":{"basic":{"type":"object","description":"EKM Policy in basic format.","title":"basic ekm policy","properties":{"clients":{"description":"Allowed Service Accounts.","type":"array"},"justification_required":{"type":"boolean","description":"Flag to denote whether key access justification should be enforced. Default is false."},"justification_reason":{"description":"Justification reason can't be empty when `justification_required` is set to true.\nAllowed Key Access justification reasons.\n","type":"array","enum":["REASON_UNSPECIFIED,","CUSTOMER_INITIATED_SUPPORT,","GOOGLE_INITIATED_SERVICE,","THIRD_PARTY_DATA_REQUEST,","GOOGLE_INITIATED_REVIEW,","CUSTOMER_INITIATED_ACCESS,","GOOGLE_INITIATED_SYSTEM_OPERATION,","REASON_NOT_EXPECTED,","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"]},"attestation_zones":{"description":"Allowed zones. Applicable for UDE Endpoint only.","type":"array"},"attestation_project_ids":{"description":"Allowed Project IDs. Applicable for UDE Endpoint only.","type":"array"},"attestation_instance_names":{"description":"Allowed Instance Names. Applicable for UDE Endpoint only.","type":"array"}}},"rego":{"description":"EKM Policy in rego format.","type":"string"}}}},"example":{"keyURIHostname":"keybroker.thales.com","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"raw_policy_enabled":false,"policy":{"basic":{"clients":["abc@google.com"],"justification_required":true,"justification_reason":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT"],"attestation_zones":["zone1","zone2"],"attestation_project_ids":["project1","project2"],"attestation_instance_names":["instance1","instance2"]}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:kacls-ekm:ekmendpoint-1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"ekmendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","keyURIHostname":"keybroker.thales.com","keyURI":"https://keybroker.thales.com/api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","key_path":"api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","kekName":"ekmendpoint_1","kekID":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","meta":{"size":"big","color":"yellow"},"enabled":true,"kekVersion":"0","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"endpoint_type":"ekm","key_type":"symmetric","algorithm":"AES256","raw_policy_enabled":false,"policy":{"basic":{"clients":["abc@google.com"],"justification_required":true,"justification_reason":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT"],"attestation_zones":["zone1","zone2"],"attestation_project_ids":["project1","project2"],"attestation_instance_names":["instance1","instance2"]},"rego":"package example\r\n\r\ndefault allow = false\r\n\r\nallowedClient {\r\n input.client = {\"abc@google.com\"}[_]\r\n}\r\n\r\nallowedJustification {\r\n input.justificationReason = {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\r\n}\r\n\r\ndefault allowAttestation = false\r\n\r\nallowAttestation {\r\n\tinput.attestationRequired = false\r\n}\r\n\r\nallowAttestation {\r\n input.attestationZones = {\"us-east1a\"}[_]\r\n input.attestationProjectIDs = {\"project1\"}[_]\r\n input.instanceNames = {\"instance1\"}[_]\r\n}\r\n\r\nallow {\r\n allowedClient\r\n allowedJustification\r\n allowAttestation\r\n}"}}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"An EKM Endpoint KEK for wrapping and unwrapping operation will be deleted. \n\nNote: \nThis API is applicable for deleting EKM or EKM-UDE Endpoint created from Ciphertrust Manager only. \nDeletion of EKM or EKM-UDE endpoint created from Google Co-ordinated Keys is not supported with this API. \n","tags":["CCKM/Google Cloud EKM"],"responses":{"204":{"description":"EKM Endpoint was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/ekm/endpoints/{id}/policies":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","consumes":["text/plain"],"tags":["CCKM/Google Cloud EKM"],"responses":{"200":{"description":"Success!","examples":{"text/plain":"package example default allow = false allowedClient {\n input.client = {\"abc@google.com\"}[_]\n} allowedJustification {\n input.justificationReason == {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\n \"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\n \"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\n} default allowAttestation = false allowAttestation {\n\tinput.attestationRequired = false\n} allowAttestation {\n input.attestationZones = {\"us-east1a\"}[_]\n input.attestationProjectIDs = {\"project1\"}[_]\n input.instanceNames = {\"instance1\"}[_]\n} allow {\n allowedClient\n allowedJustification\n allowAttestation\n}\n"}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update of EKM or EKM-UDE endpoints created from Google Co-ordinated keys is not supported with this API. \n\nThis API only supports update of policy of EKM or EKM-UDE endpoints when created with \"raw_policy_enabled=true\". \n\nUpdating an EKM Policy requires some understanding of an Open Policy Agent ( https://www.openpolicyagent.org ).\n\nBefore updating an EKM policy, the policy can be tested, validated and evaluated in the playground here, https://play.openpolicyagent.org\nUse the sample EKM policy (below), and use the sample INPUT provided below for testing and evaluating the policy.\nSample INPUT For example, \n\n{\n \"attestationProjectIDs\": \"project1\",\n \"attestationRequired\": true,\n \"attestationZones\": \"us-east1a\",\n \"client\": \"abc@google.com\",\n \"instanceNames\": \"instance1\",\n \"justificationReason\": \"CUSTOMER_INITIATED_SUPPORT\"\n}\n\nDetailed docs on policy language can be found here, https://www.openpolicyagent.org/docs/latest/policy-language/\n\nThe EKM policy will enforce the set justification parameters to allow the wrap, unwrap operations.\n Sample EKM Policy E.g.\n\n package example\n default allow = false\n allowedClient {\n input.client = {\"abc@google.com\"}[_]\n }\n allowedJustification {\n input.justificationReason == {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\n \"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\n \"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\n }\n default allowAttestation = false\n allowAttestation {\n \tinput.attestationRequired = false\n }\n allowAttestation {\n input.attestationZones = {\"us-east1a\"}[_]\n input.attestationProjectIDs = {\"project1\"}[_]\n input.instanceNames = {\"instance1\"}[_]\n }\n allow {\n allowedClient\n allowedJustification\n allowAttestation\n }\n\nExplaination:\n\n - `package` is the rego policy package name.\n - `default allow = false` is line is mandatory, can have `true` or `false` assigned and variable `allow` must be declared.\n\n - Rest the lines are OPA programming:\n\n - Input can have following members, all are optional:\n - clients\n - justificationReason\n - attestationZones\n - attestationProjectIDs\n - instanceNames\n\n - clients:\n Set param with GCP Service Accounts that should be allowed to perform wrap/unwrap operations.\n\n - justificationReason:\n Set param with needed Justification Reasons to allow wrap/unwrap operations.\n Justification Reasons options are REASON_UNSPECIFIED,CUSTOMER_INITIATED_SUPPORT,GOOGLE_INITIATED_SERVICE,\n THIRD_PARTY_DATA_REQUEST,GOOGLE_INITIATED_REVIEW,CUSTOMER_INITIATED_ACCESS,GOOGLE_INITIATED_SYSTEM_OPERATION,\n REASON_NOT_EXPECTED,MODIFIED_CUSTOMER_INITIATED_ACCESS,GOOGLE_RESPONSE_TO_PRODUCTION_ALERT,\n, MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\n\n - attestationZones:\n Set param with Zones that should be allowed during UDE Attestation. Applicable only for UDE Endpoints.\n\n - attestationProjectIDs:\n Set param with Project IDs that should be allowed during UDE Attestation. Applicable only for UDE Endpoints.\n\n - instanceNames\n Set param with Instance Names that should be allowed during UDE Attestation. Applicable only for UDE Endpoints.\n\n\nNote: `Swagger may show error while entering EKM Policy, but a right policy code will work.`Add/Update EKM Policy.\n","consumes":["text/plain"],"tags":["CCKM/Google Cloud EKM"],"parameters":[{"name":"body","in":"body","required":true,"description":"Update policy for this EKM Endpoint.","schema":{"type":"object","title":"Update the EKM Policy."}}],"responses":{"200":{"description":"Success!","examples":{"text/plain":"package example default allow = false allow {\n input.clients == {\"abc@yahoo.com\", \"abc@google.com\", \"abc@msn.com\"}[_]\n input.justificationReason == {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\n}\n"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/ekm/endpoints/{id}/rotate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Rotate EKM Endpoint","description":"Rotate adds a new key version to this Endpoint. \n\nNote: \nThis API is applicable for rotating EKM or EKM-UDE Endpoint created from Ciphertrust Manager only. \nRotation of EKM or EKM-UDE endpoint created from Google Co-ordinated Keys is not supported with this API. \n","tags":["CCKM/Google Cloud EKM"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:kacls-ekm:ekmendpoint-1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"ekmendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","keyURIHostname":"ekm.thales.com","keyURI":"https://ekm.thales.com/api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","key_path":"api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","kekName":"ekmendpoint_1","kekID":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","meta":{"size":"big","color":"blue"},"enabled":true,"kekVersion":"1","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"endpoint_type":"ekm","key_type":"symmetric","algorithm":"AES256","raw_policy_enabled":false,"policy":{"basic":{"clients":["abc@google.com"],"justification_required":true,"justification_reason":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT"],"attestation_zones":["zone1","zone2"],"attestation_project_ids":["project1","project2"],"attestation_instance_names":["instance1","instance2"]},"rego":"package example\r\n\r\ndefault allow = false\r\n\r\nallowedClient {\r\n input.client = {\"abc@google.com\"}[_]\r\n}\r\n\r\nallowedJustification {\r\n input.justificationReason = {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\r\n}\r\n\r\ndefault allowAttestation = false\r\n\r\nallowAttestation {\r\n\tinput.attestationRequired = false\r\n}\r\n\r\nallowAttestation {\r\n input.attestationZones = {\"us-east1a\"}[_]\r\n input.attestationProjectIDs = {\"project1\"}[_]\r\n input.instanceNames = {\"instance1\"}[_]\r\n}\r\n\r\nallow {\r\n allowedClient\r\n allowedJustification\r\n allowAttestation\r\n}"}}}}}}},"/v1/cckm/ekm/endpoints/{id}/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable EKM Endpoint","description":"Allow wrap or unwrap operation using this Endpoint.","tags":["CCKM/Google Cloud EKM"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:kacls-ekm:ekmendpoint-1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"ekmendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","keyURIHostname":"ekm.thales.com","keyURI":"https://ekm.thales.com/api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","key_path":"api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","kekName":"ekmendpoint_1","kekID":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","meta":{"size":"big","color":"blue"},"enabled":true,"kekVersion":"0","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"endpoint_type":"ekm","key_type":"symmetric","algorithm":"AES256","raw_policy_enabled":false,"policy":{"basic":{"clients":["abc@google.com"],"justification_required":true,"justification_reason":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT"],"attestation_zones":["zone1","zone2"],"attestation_project_ids":["project1","project2"],"attestation_instance_names":["instance1","instance2"]},"rego":"package example\r\n\r\ndefault allow = false\r\n\r\nallowedClient {\r\n input.client = {\"abc@google.com\"}[_]\r\n}\r\n\r\nallowedJustification {\r\n input.justificationReason = {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\r\n}\r\n\r\ndefault allowAttestation = false\r\n\r\nallowAttestation {\r\n\tinput.attestationRequired = false\r\n}\r\n\r\nallowAttestation {\r\n input.attestationZones = {\"us-east1a\"}[_]\r\n input.attestationProjectIDs = {\"project1\"}[_]\r\n input.instanceNames = {\"instance1\"}[_]\r\n}\r\n\r\nallow {\r\n allowedClient\r\n allowedJustification\r\n allowAttestation\r\n}"}}}}}}},"/v1/cckm/ekm/endpoints/{id}/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable EKM Endpoint","description":"Disallow wrap or unwrap operation using this Endpoint.","tags":["CCKM/Google Cloud EKM"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a1d22b5c-1734-40b8-8437-6a01987edef0","uri":"kylo:kylo:cckm:kacls-ekm:ekmendpoint-1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"ekmendpoint_1","updatedAt":"2021-02-10T00:20:25.036189Z","keyURIHostname":"ekm.thales.com","keyURI":"https://ekm.thales.com/api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","key_path":"api/v1/cckm/ekm/endpoints/a1d22b5c-1734-40b8-8437-6a01987edef0","kekName":"ekmendpoint_1","kekID":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","meta":{"size":"big","color":"blue"},"enabled":false,"kekVersion":"0","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"endpoint_type":"ekm","key_type":"symmetric","algorithm":"AES256","raw_policy_enabled":false,"policy":{"basic":{"clients":["abc@google.com"],"justification_required":true,"justification_reason":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT"],"attestation_zones":["zone1","zone2"],"attestation_project_ids":["project1","project2"],"attestation_instance_names":["instance1","instance2"]},"rego":"package example\r\n\r\ndefault allow = false\r\n\r\nallowedClient {\r\n input.client = {\"abc@google.com\"}[_]\r\n}\r\n\r\nallowedJustification {\r\n input.justificationReason = {\"REASON_UNSPECIFIED\",\"CUSTOMER_INITIATED_SUPPORT\",\"GOOGLE_INITIATED_SERVICE\",\"THIRD_PARTY_DATA_REQUEST\",\"GOOGLE_INITIATED_REVIEW\",\"CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_INITIATED_SYSTEM_OPERATION\",\"REASON_NOT_EXPECTED\",\"MODIFIED_CUSTOMER_INITIATED_ACCESS\",\"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT\",\"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION\"}[_]\r\n}\r\n\r\ndefault allowAttestation = false\r\n\r\nallowAttestation {\r\n\tinput.attestationRequired = false\r\n}\r\n\r\nallowAttestation {\r\n input.attestationZones = {\"us-east1a\"}[_]\r\n input.attestationProjectIDs = {\"project1\"}[_]\r\n input.instanceNames = {\"instance1\"}[_]\r\n}\r\n\r\nallow {\r\n allowedClient\r\n allowedJustification\r\n allowAttestation\r\n}"}}}}}}},"/v1/cckm/ekm/cryptospaces/{id}:createKey":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Create a key in a cryptospace.","description":"Create a key in a cryptospace.","tags":["CCKM/Google Cloud EKM CryptoSpaces (Data Plane)","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"Key creation parameters","schema":{"type":"object","title":"Create Key","required":["crypto_space_path","algorithm","relative_resource_name"],"properties":{"crypto_space_path":{"type":"string","description":"The crypto space in which the new key is to be created."},"algorithm":{"type":"string","description":"EKM Key Algorithm. Default is AES256","enum":["AES256","RSA_SIGN_PSS_2048_SHA256","RSA_SIGN_PSS_3072_SHA256","RSA_SIGN_PSS_4096_SHA256","RSA_SIGN_PSS_4096_SHA512","RSA_SIGN_PKCS1_2048_SHA256","RSA_SIGN_PKCS1_3072_SHA256","RSA_SIGN_PKCS1_4096_SHA256","RSA_SIGN_PKCS1_4096_SHA512","EC_SIGN_P256_SHA256","EC_SIGN_P384_SHA384"]},"relative_resource_name":{"type":"string"},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}}},"example":{"crypto_space_path":"c193f73c-e80b-4a35-8396-94f0a716d0d7","algorithm":"RSA_SIGN_PKCS1_3072_SHA256","relative_resource_name":"projects/my-proj/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-key/cryptoKeyVersions/2","access_reason_context":{"reason":"CUSTOMER_INITIATED_ACCESS"}}}}],"responses":{"201":{"description":"Created","schema":{"type":"object"},"examples":{"application/json":{"new_key_path":"ekm-vpc-connection/api/v1/cckm/ekm/endpoints/e5280816-aa75-4118-9144-85ec2c303290","state":"ENABLED","crypto_space_path":"c193f73c-e80b-4a35-8396-94f0a716d0d7","relative_resource_name":"projects/my-proj/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-key/cryptoKeyVersions/2"}}}}}},"/v1/cckm/ekm/endpoints/{id}:destroyKey":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Destroys a key in a cryptospace. The key will be marked as DESTROYED state.","description":"Destroys a key in a cryptospace. The key will be marked as DESTROYED state.","tags":["CCKM/Google Cloud EKM CryptoSpaces (Data Plane)","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"Destroy key parameters","schema":{"type":"object","title":"Destroy Key","required":["key_path","relative_resource_name"],"properties":{"key_path":{"type":"string","description":"The path of the key to destroy"},"relative_resource_name":{"type":"string","description":"The relative resource name"},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}}},"example":{"key_path":"ekm-vpc-connection/api/v1/cckm/ekm/endpoints/e5280816-aa75-4118-9144-85ec2c303290","relative_resource_name":"projects/my-proj/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-key/cryptoKeyVersions/2","access_reason_context":{"reason":"CUSTOMER_INITIATED_ACCESS"}}}}],"responses":{"204":{"description":"Key marked as DESTROYED state","schema":{"type":"object"},"examples":{"application/json":{"destroyed_key_path":"ekm-vpc-connection/api/v1/cckm/ekm/endpoints/e5280816-aa75-4118-9144-85ec2c303290","crypto_space_path":"c193f73c-e80b-4a35-8396-94f0a716d0d7"}}}}}},"/v1/cckm/ekm/cryptospaces/{id}:checkCryptoSpacePermissions":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Check cryptospace permissions","description":"API is called by Google to verify whether the service account has the required permissions.","tags":["CCKM/Google Cloud EKM CryptoSpaces (Data Plane)","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"Check cryptospace permissions.","schema":{"type":"object","title":"Check cryptospace permissions","required":["cryptoSpacePath","permissions","ekmConnectionRelativeResourceName"],"properties":{"cryptoSpacePath":{"type":"string","description":"cryptospace path"},"ekmConnectionRelativeResourceName":{"type":"string","description":"The relative resource name."},"permissions":{"description":"List of permissions to check.","type":"array","enum":["CREATE_KEY,","DESTROY_KEY,","WRAP,","UNWRAP,","GET_PUBLIC_KEY,","ASYMMETRIC_SIGN,","GET_INFO"]},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}}},"example":{"cryptoSpacePath":"test","ekmConnectionRelativeResourceName":"projects/my-proj/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-key/cryptoKeyVersions/2","permissions":["CREATE_KEY"],"access_reason_context":{"reason":"CUSTOMER_INITIATED_ACCESS"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"cryptoSpacePath":"test"}}}}}},"/v1/cckm/ekm/session/beginsession":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Begin Session","description":"Begins an EKM UDE Session. Causes an encapsulated TLS (1.3) session to be initiated. A server session is created in CipherTrust and the encapsulated first TLS message is handled from the client. A unique session ID is created and returned - this accompanies all further uses of this session","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"BeginSession parameters","schema":{"type":"object","title":"BeginSession request","required":["tlsRecords"],"properties":{"tlsRecords":{"type":"string","description":"TLS records, base64 encoded"}},"example":{"tlsRecords":"FgMBAQkBAAEFAwPhMWYHjDnBaS07RScAKiqGyrkoyoV8uV7MgSYWpijB5SBxVINMSjWCDF6qShN/uEvbsvdhjj+C+zn50vUCRTW7OQAmwCvAL8AswDDMqcyowAnAE8AKwBQAnACdAC8ANcASAAoTARMCEwMBAACWAAAAHQAbAAAYY2lwaGVydHJ1c3QudGhhbGVzY3BsLmlvAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP/AQABAAASAAAAKwADAgMEADMAJgAkAB0AIJZrq5TvLSrOIkf3AZAu5FeWfFAcgbyu6na9MwCjdz9c"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"sessionContext":"dGzVTVyXSPqupMv2/SGMFw==","tlsRecords":"FgMDAHoCAAB2AwOG06Q/qICAUTPRod7TE1oW0l5bnuZbamn9ml8m2EjFpSBl+j7DokmCGen6PnLZoXQ5YWhmCVRT/YdQv8067gTgoxMBAAAuACsAAgMEADMAJAAdACAM1NviuzG7fB59yuCJjfesmG6J7tKTg4tE08DWWvFWUhQDAwABARcDAwAXfeZnE0W9l2k+yrVUS2gotVe9rq8uo20XAwMFWj3c4K7ZFJfvC3WR+sCyKRU2EeVScEHyGEYu4lMSmewHMKyQTzidzpECmiVMx+GE7d02vThd/XVJaycmRVo7ERgnBTA1U0ui+mn4JcdNzjQ1jwXsZqwuIBUuGVrsM9yojnro9W4wDoFXe6JKOm/1X8eKurzKtRNSPYR3j5x4i6RrCYQVr4eJMKqcmLdZEpvBZ/djlUQn4p4Lcp0oe9y0dcaMY/XuG+z9G+KwbmOlIZr/TQgmpTpuOTcG75OD/YhSnKRCZj1H/XVCx53REF6roFfn1+VXHUz6oe9AgXiDo+myYe/iS6VumvrP6wHvCAXvy7WvuYW73DcaFxYKJb05k0Pg4HiwYB1810HCteFvajqKpHPUyiZQPnRfFAy6verwEeB+SlpP/PXOjJxgZwY6Kr5YrA88aBwkvDPKKWEIPgg9DhlnkVIfqfg01+4GnIMFrs7/DYyZ65ChjmJIbyz6ZsrOaps6HoZBUspoGIdAg4cK4Z17s96KnoqZ6dbQoSkxwZCtYYHVSPqig44a0YZYkHkSbC4/d8zitkOPe3pinTSZ1XZjAjBb/RHwTjq7KlpoO4zUsH0SyZqIzU72icamQQ3HfXHTuh/tc0Ak2XF4RQfNOFt9AUskorBjz8yJQG1X8mmbYBgupkHC+164ZR0NXpZamvSkZoHhm34378O61i2y4Cz4Zwb7+CsDQNq/8AHZhaokSfAd1pHij2enGYkEnDLt+41qM9cV7qqImm21DGOp50NJnkCnKLKqLXGnYWg5rOoV/Ow2woOLfAUvMvfArKzuxwpIdOOWY9ElPYPYFNf4ZIviYcHEamudgUvw7+uHasP8+bkXrTElv5psd/I2ddaCXdLtF2pMefLEvUKLVGaJMEuZoGnXQCWODzHrDNvz0XwL+TOLeoFsYbTgdKNx/iMqPh0fYr3IwQUZ/rY0Ut5q4aVWL1dpJDeC6Hgvc3AGyvl/b9vpDU5oJkQ09uB2O3A52OLIUqBpQL8u3AzSZLJ7WJBXactCc++atLwgidOJnrF+XoO6BtJl+oMX6DL8qjkDC1oacoIZFSXfpvapiSZcEgr/VR4hL8heq0UxcacmyauN4EtYRGB4mZEEuKVPUdhG1uttAx97NyG8ktQXOmQCgvR/U7s7VK/JzVHPDWveK9ygYy52zsOokD9ANh46ofJQOVGlhl89v1ahyv21OBQIe6scXucsvpO4KUw9+XN9xa0bEayFxzI+ejFLJJl4MSDW9mlBixc1YXVYREf/2hwL+tTzfKPTuJk5irHwV2a6AddDLIC6pcF7jjggCTiJDLXzgoYEXI9P70S+M+BP5htHqCXqyu51kgBr0ZySPZnr3TNiTCbRneuRizK0EutLgZob79Gmq8+wejN/1laKWY9O/6ctF1keDzJQdpVk5jmy2t1Ch5fk8OlL0tcwaljKLzb/y5TgHq9ATREkxrriN6wfuK+nEeVMNRA3s7gkdFOdDRM7OUJY2dZAMTqxV8yCA1D0VliKi23tl14mbNa/rMjfZquduy6ywr9IZtu1U9am8n78URT2UU15s+qEfciIvTd+h3E/QvozOo/eVrHqG/jn4Wy089PPDznti3h04TZr/HAAz3WwcDxJYvi8QQTLn7P/FcKS5rxOrvykYEsLScdV+OUr2SaK20dMKjAQhpWLAenMu2F+zLXuyVnAqVMqoQszlaSdKcqlCCFMGaul1sYTpyj04BUTgNPArs9/XtiRKU+7RvKswo1smeJOHOF1CjOIeQVOqcmt8dMtdH7DbxW57XXFa/IEMU2d2qa/iNiZFNr0rBI3USEI5RRJBQKLLiHOHqCyEL/JaccdFwMDARmISXzxB9NmQwNKZFMcG4MdjZT6uOqq0qDFlIFdNRcLeaPrU7Wg9NNdykZ8oGbAr//Yw08s8x2GxAN4c0LQz1WXKqcTf/hIV70kGyJ3XnAtQRLk8N1xb3hLzwiOjDvKNqlPnD5zmJCXhs11j6ihbvcLpnDAoVc/JJ2qJaC+5cOclD38Y1kHuP4COl5Edf1WsYt6ytx7f5lQfzYW1HNv2hvhTeL/5OhVNzWn9L/kOttYqtMHNwe8KqjG8TlGA98JTZ8yxylqIUk8xHlOIh/HCV1n6pcETEsQYllaaY7wzMVmgTnNIj7cyXP3EPfiZ49DKKFGY7+tOBwNuIiFpTINDdVLVpRtmz9q1vQh2E54Y5BytLW4lWBuEk+7DhcDAwA1hHbS7/FEyxFYZGzqQyiFJcCkDwtpADNuHTBa9p9dPburzwTPotUCjsME8BstXYrJHqvGags="}}}}}},"/v1/cckm/ekm/session/handshake":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Handshake","description":"Completes the encapsulated TLS handshake. All subsequent messages using the established session are encrypted.","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Handshake parameters","schema":{"type":"object","title":"Handshake request","required":["sessionContext","tlsRecords"],"properties":{"sessionContext":{"type":"string","description":"Session context identifier"},"tlsRecords":{"type":"string","description":"TLS records, base64 encoded"}},"example":{"sessionContext":"G9crsdEhQKqlz+4a9udSCg==","tlsRecords":"FAMDAAEBFwMDADXWDgmV7ocp1xUeFedTzoDDlKTAVk92KWVGeRoNVaGcKDdCnnnnfwfli5j/zegbI4M1ubM+/w=="}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":null}}}}},"/v1/cckm/ekm/session/negotiateattestation":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Negotiate Attestation","description":"Performs EKM UDE attestation negotiation. The client presents the set of attestation options (NONE, TPM, TCG_LOG) it is willing or capable of providing and the server determines acceptability. The server responds with the subset of attestation options, which must be provided for this session, or an error if no acceptable combination is possible","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"NegotiateAttestation parameters","schema":{"type":"object","title":"NegotiateAttestation request","required":["sessionContext","offeredEvidenceTypesRecords"],"properties":{"sessionContext":{"type":"string","description":"Session context identifier"},"offeredEvidenceTypesRecords":{"type":"string","description":"TLS records, base64 encoded"}},"example":{"sessionContext":"mqtJe1JmQOCNRXLB1lO8GA==","offeredEvidenceTypesRecords":"FwMDABXVEPbKEeFbemtOdIcp7ekI3jE2gL8="}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"requiredEvidenceTypesRecords":"FwMDABV/eu1ohY23YTV7gjOH4mQqsvOoUI4="}}}}}},"/v1/cckm/ekm/session/finalize":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Finalize","description":"Attestation evidence (if any) is presented for this session. This is evaluated and also compared with the attestation(s) required in /negotiateattestation. If acceptable, the session is associated with the attributes conveyed by these attestations","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Finalize parameters","schema":{"type":"object","title":"Finalize request","required":["sessionContext","attestationEvidenceRecords"],"properties":{"sessionContext":{"type":"string","description":"Session context identifier"},"attestationEvidenceRecords":{"type":"string","description":"TLS records, base64 encoded"}},"example":{"sessionContext":"BYW2ApRzSKaYRfsPDV5/Bw==","attestationEvidenceRecords":"FwMDCVVFqAU63cRMvAwGcMGDTUKK/hwiS1JPofBe/eFkg4WE56ebPqaJNULHgS9AaH9CiFKjW8VCW0PkJm5tblwd3cYepg7vWfSJZeipDcagajcYRCD71nyB2666eDz6Ny02jbVNLBnHqEm/8O1BxRs0VELr9L9WiiRBYQYl8Zk2CIm07P/YWnUtH9aqFXdJpxLdiMpwGdFNZ3Zd/S+yxUOVq6ERpj6BLMvKHnJomixwqIg+FQvwd3b9UKA6pgO8aBzlVgVQm5/xLwCrgfzOxt/IwhmJKQNHpJ7u27exRp0EEZx70z90mIki9zpCxsnLroK2+EhXdsismoXCzEaEDQw0YUWLC7jejICNtIozPcd3awryymLdBZ7N0FXX9Y81u7kULKFrcMjNCPI+PqISimgmUywRcRM06QyabEMWEcQrxvlEL/rhCx8BrONbg12FXqUp37ZwTM5BLDs2Y6G5m4ojDBvVfIap1YEF9xiAq4DwbmJHxi1ehkY10hjnpRnUmEKidBfI6YtEQ22owP3wJyn9IlB6lx45XxKRIg9CidttKD/kfRs9rQBDJN6GtmgKRbR+8HZngVSZ5D/Y2mCDqPNcaGi2zesPO3B6xQWp9S95PIPE9sFVdKrRzQLzUJcJMKPvlcxzuWFccWtB6FTWwYwyJlxfbcG7NUFT0LSg0E762eMSCeEzGyZ51o0OspyL3DDyUkIbbWzw9n2d5zp7qF7UuEhHca+H5U4KpceLpyjxLx2ziBed2vPMm9oLGq3EDLE1e0gt9eFEaIkyKBHDJNGpmh4iDNr/NGyzq0SWhxKk/WIreUBydgqWFY6Smv9tF/ALhpRvAo1EKNAVRP/5eMUVMde3OGo8ram9YpFBgM77niYTfBzkiGR0/gOmrt12cSDQSGnmbno5MBuFxVwg9h6fxnujNlLZS/iI7Wr13pk/ajHF57fg3wFhT5zjVNVfEZQ6uV+ub+2PCq2xdaxUZ7ltBQCSc28qyKXtlwZpvDfj8oEeHyGaTAFI2GZFbQX6MhVfBejcwy9xi5Yx15CnRu8PQEWmTa7GiaiPPW2TZVzkPjiRqJv8O2T5ECg/Z4jmXP+92GbcRd1lTBhZtTSY8xD4g1l8T++OHM02LH+KzpRwK7G0EfzlNhT6IJgRSlsrbaW+jJWXkWdRAjdUFD/VXWDXWuJoS8+wfvQGr6tgoondeSlDGyg68tTELaFYZQa80jhb6rbiIjgneQln+OvwvkCb6JDorLdCwwIwm8tEmrgE4SE7Q/BKCHAZWnE5iBhQDvdObKr4PEy//0YHpix/kG5Xomy8teMGXDv1CNGTQ61iK2jj6WOhFp3ir2OwjhnX8iGfYQ/p2p/qCWQDX75c4h4f9YsO1M3Cvn2BfCa02QgB9Hp+GA5ST9sLqGJhlYwYic6notzKUYyylBpTg1XM4++1fb7di9/LxcU2zNjiCCYk0C5XCV27SYdhFdEXeGRrzG8DM0gDDar8MKEgNe0BBRdQT/egDrQGj3UBivXZm8flzM3s+bYIlpvgj8J3Td85XpxV6dZ7hwfff7oMuWJKa7tKCM3NcCHXfHnhxWmThXwSZwYobp+em+OvNmtG2NrWh/9QZ8D0dCnFgstfgv+8KPQ7jR04F4Q8WIqRfYFtpCMZU2d5YXnZytnYreiSCnJO3WOoKoxLvRWNB542qrP8u6oof4rRJk0pBdRZdHHuLhG/c73myKD/gJRFPpcSVZwHvN8cLQfI4B+wW6TjRN07TSQe0TGyTAXIidEAI4KEEcZDXFxDjJWRXow+3VaqgEfzUHDvPs5r01BFJZComY4DklLmUQlZ3o5dPknHzg97T8lGfRTHO2eQFcX6+lBFMMLu2a9zXGRFs7c/Dhkd8sk2l2XbTzEUF8kfdCWoXqL4E7YQIlL2mvtwAk4x1TdD4ZrwaWnZO/BwD3w4/v7m8QvJ1ZFfUFs9CwEyNSHRLJKFcJVlWLCuq9mZj+Y/XQIBDOX+BZMSL97diqni5d/COIFPwKWPARA2R44FRr6G620d2lqCR0g6N7AyWagKacGZseLjyEaHeNPJEmqN04PJFsAGkFslRJG2UxXdodUNLZkaofi84eD9iAYqgUL47YS7/DEVnfgGO5llyUe7KEiJP51njXqFgYfo+yhQMaLpP+o7LMvpltZAT+KybVZ4OX1sArkCJKCfeKgCUT2vtLcz4i57o31P7ua/Ey7esvyX6tL05g1WnW5RXwXw8a/+/MjbcFsHQe1M6bvKiWvxYwP0qPWl/FcqRxqB/k+OJl9Ff4nfKFmKiT7q6O2M6BWc5A84m6DQjRDxA3ctpj/vv2znIWeyu20o3IRWyRz55cag/24Eu7O6BYleJ7EbAuydNIlttZDnKZnuHHIK1MAKtQKhmpRipv8QpPis2kUCGPpWUxn20AIin3hjUc40X26BicO1py/tY00HJ4nb6uFGdDxcUIfnQ3tzypyNGLJTxADcMfyaKKMuC/G6mGTvaC/T7OQwMoHqHP5H4HQhOlNpI87iUJcr7ciuX66l4grsp5KTQiXAZTx4E3eW0CwZzktaSBSy+CuFq9G/d6gzjfY5t6eV2E5Y1X6CK5oUZtKq2JXhxfygUIWwrSWOwdRGO8Oez31rOgCjN0HBlnx0dZ8R2Gi/R0wEW4Uwd6CbnTQOiz3n2HQ5iG08tkLIHb4vA6cOiWUnuF+nXkAgXsbAswL0qsFjgtatAcHjFdy2yF7Yo3ABtFA+dvw4e1eAmF11KNVc68FQTkG3cPLhfMHc9boU9Hl1HazFEXeC3EKKRpppDk+2MLkTUiaNypMrrRJJjyXkUtvS3yLPXr0PHrpjq5IERKuhzTd5TvdyJ7uWorMv4VT+rKgX2leQR0R5WQOvklvezd1XNTKdrM3IOBcEC7XRbgJjSGoT/Gpgib23zQAwx5ijm9768An6XVAnbO3nBIgTvkPkNVIykP/Mi1tLeuUTRHpJUD726PdXLDynRGOlvfUJKpD7KCT2qA+ERgN2af8bxtGQiZWWUlJLEhskxKecCHwanukWxfy8KcZCwBHXvpQPMT/Z27hDQOhIJi9OsmzahPz5GLSBF7APTbLNc2HUkRx+xKKwxwRu/ZTdJsdDqoIECbGv4VXE8NmnbB/dBuftd2+yjZ9sdkb1avy5BQA0CFRE01mAuVzXy9KYr7ZAkcne8vMaBxDrQe4pbgWsDGtTFwMDDfeNSs3aphKEX7SKPdUbL3EdVswvra+/QuM4+ex4oag6glrTmrhWgotBUcM6M2BiaknWt8l8jiLPVp9INrF3DZsaqqy8ZWRPwAj5tLTiELz0rLfD6GLf6xjv4zLuq80ZtUmnX88FP1OF/8bK2lQFGcQLZNPRaxSB5DqPTrSylixY+NOrgIpOjc03ogfjrSECVkBw5JRawANFQayK2dF11vI5st46uVPnCKLHH53cA1lyQrNCY5IGWDMYak2xdgAyPmD3Tf7F07eBeFjhqGfnqdrBDyU4QG7Hn/UWP9rCF2BDvdC7ZgjZNJ1JH5CoPCY0R9N4mDTZXcEv2dkZIuN5e+z4Rf97LOJiLdmlURWtAV9e3VI/W08bfN5tYOGH9u31ksYDEw83hpO6DNiTslf67bauSLCTXL85gy9Z99zy/YOBdUpFK/JoYLmffZXJjWa0ZgmSKBOWvIiTApQJl5lomoGlsB2uKt6iFV+59URbR258W2vkMLNO14rrQTcOnrXSGGyp7r4G9h2YumihXZ0RNUjgyRMLH7FyCOWp5lZQGDlQKKi3XnfVzpnMuUCW05qOH7Xa5vIPcI68v9IltyxMFX3IigR4n7Thzr+O1l7cE1R3mak/G8l10lZ2dZByjyy9/CNaotvZoPKevnBhww+3+h+N4t3dbis1L7QWroJwzvO8Ry2MkqUnnZTJDBjtH9LfeD558HUr7zLWdIOnIoi4iSJU5tUz3kIqau7vvXi/gz/ktJqIAiTH8Zrw8SUdUti2/V/LsUJcnfpyuVY4wHo3HPNDKy/uEcs11eS8v2DkZLyrOubCeZr1+QQmDrLeUwnlgVmA5+Zo9rJG/DOeL3QIqDS9G5WTq7y2QKpRdh6/3+450IndP8gOZYMW6iPwDxlXMSKG6gKtgrtNLO4vYpA7W6oFZX5UvqSkQxW9Thg5LqV4npii/mGqgYDQYhO6VP2g84haPYOiM5jg7YgNinU3VJnhGQPjZWKtEaWDsF3LpWyQ0mu3GMjwT5itXgARmIfiojCT1TgC5tA70schatiMrQt17cWEirjcFASLBJIjaJzFBANBbF39QA1KM98oULpA6JahG8q4DEq6OynMt9prV90Z30bJrjWgICrlhUhQHciiBuf9scXRkd8ItLdj31azkKTkM9RYZ5Imn485LTSGx/nq1xiX/Fa2hNGTrB7StmarCFqdbwklhl9jcIkjXVBKW8cHppZQ2eXtP1hL+S7KAT+5RgJCKwOdiMVOk19upjIwXaP1xke/7U5jmZgKoM75iK0ltbuqNvXNiSjSA1nbVaq1Zg057f31JN+RdZVV+gPKXMrhI7oB3LbBo5Dx2+MDP6z/JJnPZBSli9MikD1+gTDfN0yZbPNwO+1zovE5hVJDd3CwTqnVT4j+TOhStXT2qegCtdYH97UkKuqdCSnZWkYLEEdO1cMUaH5x7ca5pBw1/czHhZ5ZJLhWdyLH8eVBJipKAUPX1JnPJuf6jcUGksmgRQiJJW2johKg1DgKVbAkgStlkBNfRM1Hz82Ltxg0V5kKXvWy6KtL5FkHpBrT+vIL5JqZ8zggx++C+LZZpC4eK5pd547ODUQ5CWqY6PHO0K9T75fBsAwGTe8L59kGTCv8iCQdhKPESnwjborZFWUR+POQ0BNehxspH2VwZXSBGdT0/Hpba6wHi7XQBrWbywPaaSWex5PS8c5A/aGMdymz9ozL8DCW+oF/MdiBKv1+AjJdLWeKzjXo3WoSD3uHxzAPoFIH0Ujl+iL4EoDgpot9Q+yt242096UauTWVtdaBwz/Znt91hHi28EkOrT79KZglHWTRLKl2pTFzWLXT2D3NvkBKIg3qV90x00lw9SGBNulGL/enyFuCqJq4d3qrSUfinJgXAm4KkAso2UvR5q1c+6dICApMUrFQqzDL0UCimxzR1sKlRkM1iN/huc1kUoJBNKC3b+ukigoyNYpeBCmEYjQk+YEkQ4DDNY9P4IKry0DhI4/qwQHB4UGLhmYxPYUUE8aA6iA2IEnfNgJThA0niAV/D2q9SrMGXzCN6gRYDHI9agsGecz+mTA5xBvOGRxcF4UxH/1rKlVSO3RhzpucjYUXpfrA78y6LmZZR5x2Q4I3FKlQEX8mOHGSKTIwcMHboKR5X6TYf/YD5xWzuCaakxNbxISewiNiwVPMNEEK66LHQSyT+7mSthUASXHiMZ0bJLcoNkUM528HReYK33S0KxvTN1Aitl+nFmXAyIRJU1hDYJcYO+9b6F53BV+4H/OBdpl4ITj1jLQ1SdYwnoR2vu7NOcWFHN68VhGYWoFDWVS/QVweVTJeKBS70l7dA+gYjsR2cfS0Lf3IXQfU5INgMYNqyGna+GG0oKYTN+cbB8v4oHfSKLB32dbYUMUt1F7E2QNeJeKXcvmzUNEfT8s2zn3JyxP2v5sgEQwQziVHSEoL4urUHCr7GTjuKDHXG1IqKdz0lYgyI0AXYvEQ5DdH3r6yP4FAsRXhG2Aa8LVvZlcSw8C7cqoXlz0p4JEN+1nE8z8FowZQHDW9NhDNzfIbDuh4YkZKvSBg/S2MxnacUHYsLTDAJadkDGr/5fuExA8Bb6sZ3GlpA+mKfVc8iurrHuvYFs6xnPF4nVmICWPH6YVIxJWZBZHZMj9ge5LFcQln50KDhvZrbrOVrirtrIa/TYRtxEIF6YGgllT8t2LzGRCq4dbQ9uU8C6a6B0WOkaWssUYf4H0OtrycyGwGSUWox62A0HgolVNy+wgPYHK+ttvbp7GfJHJNefjmwbKqIkimFULIHXBujHp+33wH/fMWZPv43YXAXPrbf9K60UcLHHEOjRBk1MX6oNqIahqKBcu02yMlFvFf9JQ5gW0s0HkfhBGmXZ05vXV0uWFT54PjizueZkxRawZP9cYdQkE5DRw4g4x0hszY9k3nMTTQ09o8V0cIUIP7L62AiHw9h3lJzoWHQX7A4gxECKQ51z6GhyttAzDdrpJgR8G22FFVljHQWSO7LNkkVM5YUEkmQ63nqRkwTsoYej4cCvSMymch00cRVc++vuttaaNZjJ77jk8w1Iv6SndRKXPJGbmMHKvQhnWRmsdX9RB2dI74T4PpmPMfTw4yj7JnR6nf3IiYdUhNDUI3F8z03viZW6Byl03EN3CXvA3TcAtWGmjaX6NYuuUHicWYNNgoY8zwxH9tyZvO6XciIlrjgxSvJtC+Z4z21V6To2eSJpCKoXLHTlylOYl36vb3LK7ZWxOWjqfVTwJ244kcMyRPPlnyG4+Q+Kr+xQvMWUlupNc4DV8qcH2adqI+Jo0XFBCPmXiDZ8WFBM24RuAMZdPIbWr0vdp5ED3NVUbm0etO1G22DFOoe8onwiKfoIi57iItSHpYh9zfWmyeGBp8EAUnTIycbYcnumkVny3EurNITUQllBJMvmdsxiiaOsn074HqPJdXHJ2Glk9hNk3Z2UkGhiUk0wOcj4Wd9R7Lwh9xHQjXeMjAWf6XicdkWduafzMcVBDuNPsPxPHCr1X8WWni1AA8LWCGewZMDj5kHEf4XwoezxC/YZoGhE3/aAAuL1vcRIxbf/pp+6mHijwAYPuNOUEDPYgiOhmp4j2KNmYzrLtOog8BuRwnQdwEpDC8ECIdoSVeHVcmyvS7Wp+go86EpgPlBVyKyMcjKJXkBMBCVlfPqjcMtvbu74UEshmPDA5cFEjs+ZjASh9v0Pavyanbonbmp/lZd/+Aw93KfKu+d+7bzLx0e/hSSZwwshrsOou6bHKDgPaP58sNGLMWSV6jNBoGD18xmyojauLDSgFCEEg15GyoXVRRgPGaaw9KE0DzD5OTldhDm2bY79xLQYo4f6vyGUHfTKwoFuWnh8JHI08G1ZEFHAAjMKLLWnQ1bvi9s9EXxfbwEfaESmApSVsd1chNHjZjXjqtNJTEvviV1khIXCSgudcQN+y+5Pxo+2IiDeo27cW+7A5wDYyYRzgM41QDumm0seHYIZZj9E+lBq3zemkcLbZ6PL8id47g7wlC97f9o2Ogxa/tDYYqn69HhzPE7idmvYDUUjT2Ndl/WZ0YGSuNAnjHWYybmzEeuIagtc9ln+O5Wq04C8y+mD/VRIAcvYgqx1uPxDTDE6yGb6INhK36RpKRhZtiWF0T326uB1TWKOkqPdkrTtwwmeTKAMlf1RbdgO8g2B7cT3i5S0WAb6QdXrmIrl+JlbWiOpd/EH3NTSRqLDzjmQJoloNruCqMimWb80LLj2sSB9sBy0bbH+HNbpMfEGsdbV+nGG0i9b5SZ033vlst2jwEwJ0ctvzJ0Fntzmht4pjy9j2K4NnrzTwY5fnaNrYEZ/FlAdtu5rbWnKDMpzdh+8FLfLVTyihWE+3t64xv0729Njaov6uXnCdeG+QPHf+k+dzS79dXgafu5XbAqEOnb8O8md8ks59NXCwBE3TtJaWidTwCx8SaD5oYnF6YK2h8IOWRPv39b4pSG9m1BNGzgudJAzty/wbojk6TPRJ6jp4nFwXxUMvMg/RAjDZm2LBFfo8jSIQqXayBpTayqPc9UBgV63FjaChv7QyHNAkALpT8mmypv02p6xMRkUR6Dxk1mrfb0GTlBWFcou9SnmF2VDI48E48EvDPXmG2nb3ZncYQ4GO4B6TQ0VhGTvkQodoP7Uazaii/EWT7EJmsY5YaSdNMFZxJTYOqtQpCUX/Fz7aA2VNxy6XulCvDCjkMZoMNpoqWV8EEdmkrfIirgIfzTtSYLYw/iys1j9XVkh1KMUd3F8cyHSKLobvzDueCQPxaMbqh1pMrnRcDAxKZbT3OYpr574+IXNR5goTWBiSDx0RoI/3hXlOAPYW4sf2N551PtEkUi7bwVS6AUGzjaoER8PJOLSvpeFhYIkrH57okZZoUg1JQAJ2Kd0/hwU/I+1hBeSejzEWHG5dcOTL4SO0Lx39pMFACCsKMBY5EJAbZOETmBIeT4+y+C7S5fUMgl6EFIcwZ6dkUaNx6VDwdTp6XUGIxcQR4OkPUBw9V98m83FS7y+D2YRADed8QKRBiDOyXZ+k7uZ2a31FrcUJKC1hAusKV2CS9elYPKngfWrGWNadbQGpILs5DcPaJ93N3poSO1uXuWVMNI8SjzY+2H5+x0i65igtLt5ECKW111HzhGt9Dbwh/8vF1SJOro8bkAwgy9HSbaH/3aRPYB2BlUh4VefdLwHEuZ0qy2iCi+o1iz9SDe3FUzs4nOb7OliuO46XJKuTOHNu/kuE5kMZRn3UGWLqhu+7yh+QDU9RmUgCCTv3k0Dzyo5bhe9RHOxAQ32Ppw4Zx+cQ8mcpOFw7IXjclHUZtgyUIRVObS9Be8jeiuQP0p1N0luZ884cUHNzKOKiAAw4lB4MkbWllyEM77MfBGq94t/DpkCpCDYUZtlImc+yQA2yPVjq8lmMzaetZ44QHWn37QOjUal4fyaK7yE8TWbviOYluPrnU5X0Kc09rZbs0+MRNcdDEtkBEtr6mhx/lppSmfXt8z6RAWKEdF3owpDRl6x0DGDUQVVdc6o3pRDVDt9FokVafuRJDJWioM+4yd6/scU5H7yiCUmlTLwLcwk6NGcWN1l24M67/GFkq/uJDHkwmJcfGoyCrodf+EMSmdNeQzZHon4SA79D2JtZe9ivcyICHGsJogSQBqG+WUG77jZI/7k8pCfbixcSJCnpoNkxuRbeGOar4RrzZ79iIC3Eiw3SMJiQ8DUGa9FILJtlwCAYhV2FdWDIz1Tt42iUDPFjAOdXAk1bXmV+SP06Z1Q1mRhtVcrvFQZMXK3iPRqQSzCs/xrF5EaxeYJy2MFQMFcP+zTKbo5/6hhvDVBwSKagljcyt9NP2maJ6/slhbHByw0FvQLOUkK3Anu/if+j+3Q6wX9dyk+Z6P8C8OuUT539aod5t3m+Mx40Vee8DmPJ4i2f4SZfRqbvqVZJqQxKO1SqcA1noerZ6LTTA1ASQEP0Br/35aPi4LB06N1mizbgmW57NGV5yT69hfgpLU7rs7SBx3Mfyn3txV4UlOQZ67W6m0N4vQjIfTrDwbNyg8Jx9baY6Us6ql14jBr5v6v788cujqh2EdUznYT4ND3100LtLpWi94dBFPDq0/jjgSFg30zhMmxmsBMyYdYKi5MrMkM0MT3WrcAVwF9xvkuH5rcoVd0DxjqDdoTROse+vNZSs4WTP0/5B9rz65aXPK7cYvJVFl9xmAZvwGK4RcHZtEG6JJOwPM9ZC9OiJb9lqV2b2jIg7JLsFzgyxp0DPTmjKmSqLlLWUa4aSedWQVbMXzNrr+GAl7NUukzMSzk5zllK+kKcWSE+rO7AtsoLnEVGcL3P9bAxRvOHIWP8oM9t0qBtg+2c1D3Retn3ZNVJMLiEw0fcS+Z6H0FOTXnf35CeEaUM8zkVCpV+f/vznFeGylpjye8ERqFtiy5Q6ayBfmB1XfesrCOtzx3wG44YGbvi/XuG/3DuThUNnHtBmV0VdlviqLmbDpqkPsX6dluud5JOo9EfdA5OWSwYOFo1K192ciMv+oiLRSsk158H9bHRLrnSMXlu8nFbk6deUq6zt6Hgdo1xLLmn3E6VEb8jtLjJDsawWqFI0YSjU/3BAGusSFM+pp8Yb/MmXVcBYfndX4pZhoenMCJnXE5mcxEFISL2HPAl/XruhTXJWSgyrQniYw7ldxlDKhmMgiiE5qa0N842XyKLAOQ4Y7vJAIQPC95/DfOr0fKN4eOAp9nl15VkjvJH0pu4824dHxPJdlqyTYR64eqpGFMF65uZHzixZ5/IpkdrI4zS0jUFAZI2QekhdQySDwEDw1oAH4AfdIzeU4CAKkHZ19y6NkvzM9FwGwO6y0sBQKL8bSFkKRQFn6nMklHateU3y5PQvFEKtCDiSo0csU3CHtzAaDfcIiMvUcq4+9AU+Mv5nNi94FxPqpdN4RZsIvl/afhfVOhYE/n+XBnHaGfIU2LRVORrZi3a/yfCFHGTeHnUWWUaWQioElrAfRnBUL9VA72MUjrnsJW9LG8GoLBGvwLSQl5TXHUeSj6ZvfcQZwmCCeBFYiZpRQH88sQ+ZfM2Vq7Xe1HTh7WnfrGjqid3BtR9Q4J3atZ4taTS0pYmvzO2NqX3pDjlof9EBYoWKaaR8GXfvTZx9SigW4yP3PP/jqkfcVFwlxyz4Zm4dBcIWw5Hmd6HPRM8budlNu1qxRThR9sbXeQt0ITegBhi4BJ5uT2oyNjoWxp7H2kJNu4MR4wLFbfOQu9M8l2YBrjEXJdfjkdncN9G19CenffehzQ7NVXYC5CcfgQg+p97o993rvE93sL6NkafZsD1C3tj9cLzb3f3gFiZ6biErXVBxuebxltvPovz342ThGqWsRvG3riuZkeZN/epF7UM/AYK5vtoDkTK73a6ELDRzQPAFjvVxpw+hNAzzKXaeA4a6hccsGzvemiGLc+eq0h1EvPAZltH4C/COlMzujbl0sQK7cxRFK6pNNkEnTopom9af4+PSh3q6vw9a/hzIo9oMIagSOTIDPvZ1b7QPURQsLu82G5kW/AvMOezc3JbZaSLvzLlFxjd2YHpkO9t8S9cVGYJ8s/9/gkaupYTqYaRs34ifCvFUgalFGh+3Dw05fgQg0SX1JOsKkD2tqStjMEPpfpCTkxph6Asu/YPtHZLqhdGG7ppjtrR/CWeKnzz8iB9b0j7xz/t2mTkWxUSgnAZ+qpmah3gpPFN51RwxOgKv/v7c9uWJ7pBm1K+JLdVD89M8V+XVwN++s/YjP2hUfTa7QCCNyukt00OFQnv+cTu+/5FtB93OsEReAnQvdSobmRneEsuPc6Q/sf/zBHW7fPEkfwx9VxXS8yeiAyDdQwH2xSmyRHXaFEuup6j8isL7MN0X/QtsAqjpoSj2hI1sJSu5xp3LeIAoaCoFKw5MAC7f9+IMoT91RvEl+MhNSiNbs+NR4HkqYUNurMQbDYWfTPZ5OGsPZK8rmIVxMomCSNNuviQsE5Tj+PLrgnANt5OH65U56GXoS2YBZMyPCsVNkNDO5a2m8/qBTfjl8Et5S073GJP+zlui0BA0YFt6NzqzIUwaSnBHBjvRjyDFblF66FSKB0h1v3+206sB87XAa8UR28xLfZrGOuNRaL/lcHPtr+PisNzi8j8UfvM1KAZGS4fbMIeKdHYPVB89U6ju76IWtPzX4bPxUBTbTsR1e9qRh4NNfSNrd5D0kEeX3j3yTBAhQ3tw5Y/DanhpTa9CQYcLsvfO0Wc2FlubbzpfnSgYcNw6uRjY9oTho91tTuqudagr40iRtyq3nakMW6iNUUdB7mHMjDkVpUyz63w/PyR1HFYDZ9l/1JLSjwk1z/uLpqzCy3FtoQxt0kA0M0PfhR+1N4vRY5xJMtEAAeI4NvxmVruyKgKyO73etfsAlSCLJejVonvn2qEMVSVk9wmzbE4g3EeumF5zxOEFe8ig+5qrJDM8pwKr3DrcwHPbhAxkJNI4/0RwGXKEXkLcCZDRKwICN4F+pK/mc3OTuO51nC4ssnqor9RuMFxSwZZTpnB0WdTIiWE75SCAC2/JUa7X7t3VeEHbUPBDTEJTNJ8nVV5I8gYASorELudxxlA0oEkDZDVcbadw3z1+7xqwd33149nJM+YAmsTL533fsL/514V2MTBzm1+6a0WSphL69HLGz50CqycKX64FSipoBbGfN+iKJ8Fgjw8HW5BDvlE+4xKZMfV02WfsiyK9SvxSN66WRyqn15LGwLou1p0pD4kmx7wfy/upt55oV8iDMN6NOGkBqKJ3IY6y/eq7CEldmPaaFuv5qyEt4XN0sNFRie/pF+uqOa4xmfI31bxI9mwoqTOamuZAgxKVFicVFwKzhxyxkDfTrO2d3HGNyqHkIuLFAodRWkMmm2IDBadGmu91cdJV+JxiAuoZ+lzCrOeqnrCbBbdYIppaDU3u2gdMNJRLLcyvxhguZFFSx3UBPMTW0qYo6PrHM9clYHIB8vZ21TcHKzm0VY4G6JAeIKEW9kzYRg0R1Tfa4H6ut2umEQgo5rYRQq7dpZmBZ7mm1NgbawF1h3ehyUf5H0GnWL31jaU0sFRr+BhW7oEc7mVkBU8Y2NucuhlL+wi7vjG3bEASh0wFToSLFm6NNyHsUvQHwZwvoviMgeXTkrUGVFrr8uaUbOFzMaJOxm6158UBle6iRx1UUcm/BqG4dZPkSaEaKbYpZbQZ7v5J2YNcrafqNni0k+jMWEtfkdKIhuxxO+orGZso4+mTr+VADjkH2hmRIsnWv1zLzqIFrH8iasn7c6om72aps7+pz5xXaCejJMFTNzTy/KWx+U1hj2/qUn298LwgM/hXGIvsbzGDKAeHYiRVvg+PW20GLKZKXtXmKnfke4KahMQij80kM+XyW3lnazazNT09rnc4TE4d3EycoZHbfYJssJCzKxwZGa/dc2jc2SHQnLcVhjoxL01SHQZORqR2FNFDU3PPPZvuUni4K/JFuWzNhwm9fGz4giG1SSVvvJ8EC7PiHbDixlQzYLXcdPpU/+B21p6DUAEpJ/r6BI9B6/cwZk0lTsKFivzRGXJj0IgV0KR7ZS4CcXDhXsJENrq/geLOk/214L4kr7LdfMU67nQHxH4Gy4ivz9wvALGgy3gSnLGUSqdXx+9PmSiC5cXjOautlD2fhirwiZkyke8fUfXDf0VMYP6ZxQSd//h8i+fsUjvn+SB7eWJuXVc8f9rpsgOUYJAMZEFLNhkMxnIy+/YdqUMXAft4MeKCz1gCrP/tiPhibBQ0/HS9iSmoHaIvTGiXoJ6FyiLZpCv+wz0esHuR3zy+28kruEBypdfUCYFcz8kzdi90YP7TsXuuluaSX333+2HpAs1Du66dg7UVX99h+BT6UE312vwYAxEjtdurWHWKZS9x6t5Z2lCmFHIVi9B72MrZQ1wk1v0RaAzVJiO2ZWNySH6zQ9fKT+g/UDu7+yoCHDnWfV7nLGl1a5jhWubEN1JUb2Ml9UJvIr1q1idwQ+Kn35WkINKH6PqZdv7aie1bLA8ct0omXxprYjqW+N6PFwn8R+IDlPkZcgMhG0NnI22rjBzp0dRhbLUK/XmjIPTeepQ/urm9iP6SMbjINLJhyz9LMBc5aWglfB7esiaznYzTs4sdm0ms/5IIjfTfo6iGh1iFr7TiJ2jc8C0wsIiXfYlVx23uPICoW2BnMqUUjORfunsYPVP0QNJ9n+6znJ0L9NvI0PE28uIaDh/zUvr1mkJE8yHUhwFYRAIjIm2jhOmNyLtd3FEkEA1GpRRxGCrOq0Fn5PLigUUxvLBW2j2ewJiC/E4+u2HglC9BUHMRCxFlfqaitTnqgVk5vZIq5lQf441P1o9uYTwcLUMn3iaenc6B3cA4pBSmufitjTy8vMZjt0hgGu8AGz3ymtkT9r0qZ142Ah8tSt21BjROQGS71hO4vpTzyv5W7qKYLVJELwAT23lGVTBgBfZ/NK/8MOBbcSaPIZWM6ts/9MgYvgs0xYzbUqHYqWLsFD7P1wM72RP+IuCOvcybKbVgsTT4v9dGvBhyjL4dm+1/PUmhzNxdr1T795/yyZaj0dwkTGn5hi/CLFcto4JKrYFFJXa32F0q0TONbI8NzYr64xP3zwq+aecYM7p2bVIbV38UuSbdtzMRgBq8jNYTDa56cLfdrsl2P1MCgAK+Bs+Wiu+19KPBDJmtdH9vmTPbl/8DfFEZIG0Tn2n5UhDE0akxxeaoZBo/xmIA9qGBAO+0sOhCbNVK1tRB4lFcUk65G+dG8wbS9lW1VM0JmVwwdSMjxKRQoXeg+bQUiKB5hxGPQnEeIPn96Tl+dphVLiI/4iERUAixJwCTp1sa9niDv+TVOD29jrOhpF3yDbMN9wgpx/nnzfCM1+AqyywSIoahcM83j4qanRUDfAnWrugVQNm/Lv/5LOBWq/LABrCUlkSIbyzxQd8m7C8pUaJIoNsLRLuQ8XiQFlPOaOz3Miwe1KTCtUiqjTkZRm7Yhlx5Gvk263mrCdjC9XKXaWlRgmrqkJfwdCQd3AgWT6wR3xkh1c3dy5c/FMFQjDa5mx1OQAOBdyZrt8C/KGWT8QQ2X1ivJvt1QG3W/Wm9HduIW76DJbMaLc9ZHbZP6EZ06nbrWN64HtHiDWuDVpNOELVRuyywka8UJ5gsV3l39WhjKMme8W2xhWpOVwFX0M6o9DyWFwMDFzuIGMSdNhQeq+EkLrtp5IL8RBSiZnKkXPn1oLotk3U9ECI4/Gcg/gccl8j3ZDMSpRGGrKXn52/ygjTa953d6G6bbFcObc1Je1AV45IJISszPymF+RPEQiL5DmCJgDHigPLmfjRRqhoWOJaXLBreNoXcmAoezY/ScAfDLn4+0FcaRB0HiMajmm6V8lQ58rX0dL8ScfamwBwJyoHpWel7A509Uv4TEUVQ7sUiHfbV+aGvRQ3DbYBNNxx5na3Ljzet3HlPJPLiAR8AZOecZkFYhZY1TAIDuHZrumnsDsSkh57/uvX74qDETmtSPjfHJfGTDAgb8hU3yGcCnX7y50dx3o98/UDXby8WUJQqKFecyqxJYfYpM5KooRTW43YXhGiXUU8MtTtvLlhxCAnZaZsfNyQOiZUHrMLGLiJDIFnc78zDCf/ewoJ2IFuT6+ig99lfePpOcDvif6Nc4rSH+gz2hN/6SqQblOU/0zyfSeA144fakj6o8S9NOhopJfW7/HAGuddaSk58gLZ/qmT8Vv0YnfUk0LbkfcsZTfxEbbVyc+UNistHTxHBjK9Mfn8m0g3nDW1pS/LhbkT2/af9JGYCTRBpzzZe9ZZ5tdX0dluSeM/iU8IwiTo4cd9IDM8ROg0RFNJOwGpFNZ3qdUqYgMRggN1x2zu01BgQHoFdzhSBNKUHsEAX2CpYsS/+bJ7LzxtFq2PDg/AGoeyvFGINHTKW7Yrj5uMvuadhLUJhaBjpnq8IBJIUrD7u+rSJLLPJQQqEidS+Q2RV5zyn8VEeUXvVdypg7Pm9maEdajoiNa0UoWGZBRA9JtYzvbOEOVuN6SsHxfyyk79bQvNt3hWrE0yV5QAM+OnX0c7Tpi6SnUq1nFqgdjBZ1+4M3yxR+qUiWcGl/WRqHyloxdy5PvHunm3TC0PULiso3Mxx0mA/03PHWug4pJuH9Lxbuvy+SqrYJHxG3KxRLMd2Eguqiu4zeWT9oDi7On81jpgvRCQBx2qM/t/ZBDJobAJ+20Bo6wJduHL6gnYL83EsHu5sCK/GPfeEsziAvHzDL+x3jjix6SJVQgHDFcGG0XNhK2vcb+Z0yqDYDxdhO2kBGkIT4Edjx4VCahXQowyLw3JzWa/seHuSPEr9MOII+NdCdat/dE7Fin6MACdBKb/mmgfZAUZsG9RDyDRa7suiM9ldU88TxMN/QW/M/4J+aCZMO3wq/7RWK+ewqund4qIA3SPns2vXxNA0tpQM+AseAxdBJuiPcljfdQV/WZuArPJu9Ky5yK62WzOYsfPGUksDa2fn73zTrYyZVdeMx9N3hIb+2fP3ZnmXFJLitzGE+KZRKCQ/dV++9ETF++1W6t6+/yOSJXS839AIdjsF4i7yi1GXe1vvyVH5/E9SA5VjAsBciayPY7ZROfSYKKHKaug+dFeL4RHvHzjq7krQZuJvzSNdj7Q9QeunfwkKbl+3qqJ5PkMg4JwLYcUJRZIQ1fTz1TwnCl8s9h0inv9pd9yfVfjKq1tVqGejM+uVZyJ2kOogYinopM2vv4VJaapLIo5SRfi9sj6aDQA9lOe/aMvmC3HV77+6PXAVepH+b3oMGTVBTx38bF62ShLQQ0r9Fe0DpqCwGLRUwcEdQOX8jF8JbTbNHm1LnzxJp/hxD8cUZq1LLPZL+Ef2Z6767rBZYZuhoBxJzHIALTmbl6i1FZK5ltcdeF0LXr/3Nog1BIEFCQJTjNq/kMARL7YI0hBURX79meToVCOgPNIP622opDsnR2DaaTWzJmP5IcblEp9gPAwhIX32Fh+l9tk9/4uUnsv9oPsA0mxIfPzuxBXErWIO3Xz8Wtdb+5w5PLqHq/RfKm8qTcqL+DmuHQLnmxYGVcnPEECZTw219vqtYWbx2re1BZPeW/HhGBP3zCv07XWQyiebvoGqeXHmwC51nMMmTOQRR4paK3aybFvEkFTWvs4YLJwQIJH3Fdy/C8v+3yHm85oZpWv9p1GePq3nW4H53UEko8hX0WyLibr/m5hTtK2dDJF4o9T7AxvW3R4pRyKfFqAK5PcK+dZXtGtgDteVaCAh9gg0BqOux6N+MuJWE6tK6tGdQ0PfyGNWKxS2uorhB3BErrckROPpsit1kZH64e0qPU4ZwEzYipwLvtAIMTcxHoJ/Bzq66WQBbZOFiiajVviuSe+PrvlW6984T4TtiUthCd4TkI2PUORFypLDVqyn+vR8mpF9ODMQGwCr3S41PHgXSwPt5WHUFXaKG6jqrJmcz+bCsEAQk+FqBDKooySF4LfVayxfIPNLR4KZpXTthBku3MjXvrPjRYjBmrihvpbKuFuvUzmCRMIGReXwTGp4GiE51BSRiMBOsRU2cxtAJhxqcnxRPG26/H9RzQx/lXAKHGSaA9dsmdd0Jz6kAnH+lvx14BDA+tUTlhsgQgRdd/vqLw3YsPSy+6cjTrgVQQd4PrgBTD6yPkTF2xR4f8PnGFd+RcrGX6NpgIBqTA0EF5tkIoPsV15lgoVWGdzs+hkACxpda4EJiQUsj5g6/QOyhTryqiV4k8LhY4BlNY1csgDviP+ERZJeg9h+tvx7Gd7lbGFN+Vn7ha9S+qeYsKVXDRDp+8XQ9CQYI2wWSD+vm1YHhlIBYgFfwFqGjkoFxUFXYYwmgZapyGuHflIzVnjhdyEYShYYa1qdD0035x7dB8J57VseHiMKuYkoLGPTKHqMvcWjfKFrhSL4WsKQxMdeC8SxXbEOlHuKxVdQ3i+1i0j2/O97bsYww+Vj9tLdtv4KCKZT5xhL2iRs8+6DLnFNdxRJGxieZjujxiveBVJDHw7/cYKUlmCijQHt8zkaOXYtvAQF7a1clpaNuLAJ80lnVES+x97kHDVdsGMJlXqQKVOkKIFd4NEXLuX1cK4NkNazJuKlylqvZfnDGgmX0e6WGS1yf205jeV0MWsODrxwQXe8H4CX9xUxDtFieLXPhFcisrkeQUs7oiB9k0fs0jkEyFZUI608DmskQJxr+S+q0soRTHqYY2vGwzeHGCUovuIAqXcXfAZanYkyI0mvcVybUfgNbzEtTtR/1ruj64BtaqYKB1OMfTFx7puVNKuni5lDt2UPXfrAzI1nRhdmMvio8wMIa26WgGxq4v4L6Dqe3GJ8Qm00fimlgIpOCIf6laWuJaHtk2ytJo7yBhRXrqMzPga9tcgy4abrGIzA1XowfsTvRlv3mqXVO3K0pjXzs4SZ/WtIgPoFaP5gm6a9CzhUBnC3Wze/71fdKh6htaAW7h4vnSG+ISY355XnJMV3Zuw8am+ZOIgD5ZjLTgqSEXWzC3Bl66sT+pI3JLS/TnOyNIxezBDOg/de+1fPRVVvtK9zKJmPmlYA+m7duHdKP7/pBaL2bhAJgoXg/L2ZS51YeGf4n4neCWoaGPoV0/fthRIrA2/gB9doPzhBSe+m+oLttkOFxoNbwHSsisw5rdYVgyxxMReTuhkxqmZGiAdKEnOFbUXtQH22exs43lFAH3XCI/3rqrVf0SJS4DJ4CVn5VdFEynRP0XdUH/Rdt5/eQzvnW7MnI4ZmypMu4eUTfRm4E15RHw/8gP2Ygon5xrntqFpZQ69w2mAN/JujYLPdRZOT+WzWA8UyIyt0SPst6M0QE2DbtoZu9dI8KE7ZWffqnsrrfTb9UaNn4SAf+Ej8bJAjpSwc2mm2e+PUonEGVAJCLy+HMJk7VRblh4FSLHhWXUK2rjsVy70fySPd19FNHzqsRwzGkTBHbOaAlCjM09A+IDklO1JTmq4F7UrRGPxJVKNiTxRQfnn5LIVOhv6ApXZacRLDGRu/hGIWrJfBl/LqrfcPTtCAhp8ev6LGlqOYmH0/oTgkdVkTHv32+EL4mdSLkMMrMuKt4VW/UZAIaeNuvulsDyJQe6u7CBXvfCeHe9sCKjX7QUwwtJsmEfbIHohMpV5AMUDdgftgNi9M9NQzKAF+Q80E6d0POf6P4/tbAMEkhZDAd6ujOLdnDHhsrHy/e/rlFfxavb8G9dG8rYZanaLMQjQG1nhZqtuKZrVj7LABMUOtk5s3RkGRaEv32BzjpKvuDk39XWXg7NLI3vvhI4KfAXuR7IkUJMTAYRSpVD4wEYNpIHEzN2C/+vSUBp5ZWVz/LNHP+v2+SYXYmCMrfL/v3d4nMjED0pRQFQ+PdVrheeuAqH9O3ihEchnjKVgtrKR7dF+gmaiBuJsEN4wcooM7PI8S/8ROnabR94tiYrmUg71+/8RHpm6Xu+FlhoRxX5RWEZrNhmzLw6Vjf6R9DFmBwdvgjXc6Y5h5m/0LeOj9xQ65D4ijTB0bvNRcrrwsLsrVb+0NDObEGwk4YbiJKaQ6fZ8iohZJS61/dQFO0wlF9LwmIqDMkUeW3a9zCc59M6noyh7kwsTtvcZyWWoGfQNY3kP6hfh5d+D17m+GnhciRdxJTawc5KSUkidyhPH3iaGvENnjHxAWh7PufAzmV7W5YUsRK4Y83HBUc3ZaYdij+Y00B6VEu6WBxXvUFj90tEeGdY68SEmk1ZSZ7YkcVqkGqg0237e6xP1dJa41pHnxSfeAZw4hebZhzR7M5iydIFNvcIAfRzTCk6dfqVa0DOG5yRNnxAgY6SAHnvDk1zjNul1u7vVnAwZKJ8ILW7PGIBej/XSmiPqxzea+QNe3K9ELxdvfEGZDZmhlQ6e89qMa/zbBig/UmQj40WwMvnoB7x+mdcP9MvzMXNP588m5Mbl8PtNrVM4h68rhHKKLxozICKvVaRzKXAN65fP5K2JNAmjqrSq1px65fHc8HSgEqHxdJE6Q0lCQrstQyOYE81tKeDzehArqKbCyQsDqV/cMKsFXUk5i+b2oStkwq+rGW0XLY155Mu+A/DXaRxqKJ54rKu+y3DBcamjUtdxarHLXhJ4e5TKBfmuxF03zUJys12p7YzjPuvxPDvouskSiElrRVz+xMNF/pFDt+9rhbXHHZyqliBRn6RwAktD23i9kwHq888BAL+iF0qTtFRNgnhfrNPkSCTd9iRDHMjq8zOs98XMxVisxJHN8aHKvL21l6Owee1P/kWlq6Og2PV7K/WM2bo/7YIlRsTpeR8wuUTtb4S8AvUHTQ3t4tfb+PF4EH4IwHoQSIBLL8gcdPn5GYjfJtkM1hY4I5MzltwerxTrucraC225bKpyQ97/hKRnZ/+/K+IRkyMRg0PamePHp8ucA1Mq2ykgYE3tx7ShVfoaVjfw927otrkYXx+cOH6dinM35Csz7FKguiC4CDlUwO+CnP+j8rIUD/Nu+jbVmVPmU+TUh4NMF3zKO4MrbOjG1hnk34PRpYKNssCDkY6lZPnGDicNnWfjp9DJgBW5kmauyHRTVWWER6DpGSNuqrMsVFvRz9cFJC89BprbpKmnDWnkujQLlY6h+Kra344MGBNvDoKix1cBMEpf/fxnHIJinUGeu6AEylWJqX5Q50sXSMWLoghytxY7BQjlgICqFD/eoW3kbxphzWL3joQ9pdscWyEJEsi0+93Vbcm1Gz2pT4fHoD9sZ3St8q5sHA+hZ0+VWBlSVoGqdDqYkx5vB2WHOmuP+z0MmzS2UD9z2An+NWvnp2VEScxI6j+ak/+sm2CHevdh23z0seCV9rKqW6tfgc5Y7d06k7tg624prC1ys+L6md1utSKwAg+q7uTYbR40PUv5fjm83b0Eoj7NuGOhxTvlO1bO+IZEC9xs/oGdsRGvXFf2BfOH2DHSvYo4ZlOOFRkHkRnhjbm3YXHo17UrHy80az3Fj/YHH5mcEfl6KqdBU3nipzqYZP56PYKltpKz5Wxn6naitCgRqYghs6rsq1xMx7EZW0ZwUP9p+DtOy1DFSEglkclDrBgiogEqkjJn0uJdBgCaOC1B4mCYBw0Nkb/GWv2Ul5lLE2doQ5FSTEza89Kw1fGe1k0QW+sHL/Qu1wMPvXrrkpbxUlfcFvwJ/8V6qxZ5jmobDu6k3Y0dplDKO1vZDDU5awl5tNo2VUHCKOke9TuXWWjWZ5NHnUeR6wVJOZXcpW15LTU/5tCocr2iTAX5kA34irkmUStWY7ZE6JdflQ4QhybfZRjBaAHGvgg7ZoeU0PvPZHR2MWOPkKgSO902MNWgeyu7PnnaYRV5JI67G75qM0bh0tH1FoiqsvWTIGbAZwnCDVUg9HbVS+OH36nd8RSMlELG6pAzGDMrSUc2Cwq1nQ9JeYIaUGTsQEoRta6uWjWi8IYc6cmQJ8JRQ0wFcmK2XglQElzUSkF24D3coQzXXh56jStGkVuwpkyvV4oDB7RB/6eSp6Pp7H7XKK1Cu6G0MCN/++6fDVBwjQMv1l47FWEtsKxwgg3Ks4NInGIjYfdaeUs2BYEPnZPivEOvld25xqEKYiOOY8VcoZZQW0tnGb9trujH3aD2P0nDilrSLHtVIY5AE7uOiCu+DQzosgPxy50ubsuqDIkfIFFe+DmJGvzvCIGT7ISlRejGORWA3DGaBXBw3QBw+SrRXOHk8dKAgvJiyh2mjFIKRc3cbEr8YHCdaar2OHPkJG91N+5SZH8mAvhZX9RdlhGrXcoe9MVciKi87wBtvDnFbUHdqr6Ps5ykQEhMm8t3qU/eZHU4cPUroJODC/br/GMIZW6+61U9lZbVqbGoBDP7Lfv5ZpUkrHrEBa1m9sTRHdD06QmtgfUOxU44CZDo4KgAYbGqTfFbKJIJRUVVnFWsoXrkUYUh93KRdDXm7fjtr3W5RzUz0ld6HOMLSZFxJALqPsRe4fLtpWzZUg7tsQ1NoKlRD7OJc5YCX8wxUNuBS2y1dd5U1Ra4YeddwwjBfVpHEpkWvyw1x2I5RuxepNgFbyUp1dx2TlKM3SC/bHd22rT5W0x/rCwRsOyMHBO4Dtxz0a6dDBhNEMUFE8uYTiD3qXZNWM3DNQiyZfOIXNqyH+i/Dq5ks1zTln8dsAY5awmYefxQS6Y1rz3S0eR4WPscptrmHaQ4gBibt0X2QFlIMcDkopWxDS8coHhHKr7poK9JrNqlWoMbg4KadZppTTqR5jS1hKBaO0n3DekgN7dNPSEFPGBTfT2KuO25irTj78KhlSpK2kHufUrGaV71moj5tRe0yrQ5wMdiMEnDqVDxnjFwzC6ev4LoAg+NQNenrx1p9z4XokFlTQsWgsUAAQ+8tsJKr9tW24sIMJk0zaOjU9SS/KzkZ4FJV3dvLTt2S6XQn7LYdDH0rdEN4D5N3DRNvBPbYSvbIco+hvcTXbOR9/QkZQUh6+pJZBIPEZPebV/oGcISL0oGL085IjInzhFNslx8cPBPdI+Wwlw98VHuAM7dKuml3NBKeIMEzBblDBHlQJCKL2KhlKG7tlIq0UFkNsgMnKgmA+ogoAMxJDDI1RNKicK0Uic9H6ts5QCpeqeKCdoHNbtBahBQl13+ARF5J7BFH21Uul49tqZ8SdmLlYccuUSu9UDk9iTzrk2AWD3H1OhH/MfOkOWWpLY9f2vYYBsDi4soOGqySDD8if17y1d05qqs+iExU0SuYTccg07ZzdV0CtzowBBF6FD0mebVMuKbEHhF0kp/omKTVFZEehIOd/hfoSSFE1OIxcN8h432sFPrbUyKiv5zOkkAn/jdX9yTJVNGhKWCp9VazdK0IcL83SR3l5LHkVXzcYke6TY41YhVf93KYVKDuZt7U9grlizGZbjlQkNy6VALW33bbBz2DlE1DgLy7S+h61rw9iSh7j85uimxeIE0K4k1g04lh325GGnBfnfCsQop4zmSOQWlx1cSLtjpJggJR4xUvQJ5f0IS0jzMIALudObH0xD5agpIlvHlZqEQ3JHoH1fbJbRo3JYmQS1lPtLVITph5dR4mpc7taGjtaV6qWWiuW5D55opgvIuAdlAuiPBZOrdA4HoOZi/BPgX5etXzy1SMA7/TzDEM0ysmxg94pRAVExWOHiy3QTsAvrpjELbK+mAdSndnTgjuSwZoELf+YjOCSUtciquK3/1OFwMDG90ulehpWNoAQLLHAPnl0R+iMDj5SusQsddrf4nHYFOoG8c+7O4skF0pufG7sJE2qWEHRV6A3hW6tlPEpQrAg2NDui+ecWDgQmY2VGKBZyakpzoV8gUb7vVv92ZbN4FJocAxh1BAf35MY97XM6jaLlmT5h8bzJ7yXCl3xwhpU7UIUkTkX60KRhPefWSjOziKP8z4RhhnoVrKDwDDTIHyviI/sDF8UN14YUlt/i98fnd7uquaiVbH5GjZUSf4gsIW2+pkEnWGp+XB7iiUkfvpPHzIJEVzzyTvluN80p+bHOZjA5IwjgYe1nUglWQjoZJMjNpc2ogrZVTfqoLR3+Q/3Bu1w1FLC1bHGtSJy+AGvtO0QLdP2seFuBu2nXMsqgdN8u1L+mp6AqbUuqb/ac1PXLh8uFZOJjD/M5d/PjL72zUFRMFjiAKpf0xPYFHbR/xqhDpVFu78uk7dnhPiOHWL1Nqwf2Gz42+6B2F4OToglSjT3oXv+iUMoBZis7BAlXrdYJ9GItYiEJQVynHrq0o/ijV909lrZuc4PfDtDWCveMb2grFaUGMgYmwkCVwMr36Od7tCWenxbkFPYAE4/IOGDTlp/aW3/b6fDrzuHXNQzWsSR++7ScBADfGzqG63/OZlWy6h2vfOKDgK4oXikcJPuIA4phblu1chFNx3iRd0ubTjMzdLpxQd07NWNpouwc8xZVlvm2YJGLibssXHdjk/AQOjs0KsljUTLqH+Kru0PR82cGhgrMKpBNHnBpTVqkSWGuJ0Ra6G7/PPRckmT6YPsZlSYwgzedvs0ldr0RRiAofbfo8FkUxRhxQww9uuYWW4Qp7cKoWrxPjCobYCWdaOhK3FjLgdJ+kdJ7k6Fm5vEmTBF+kWjGqdIjjgEJIfqoZtIqs9CukOPdHqbSe6R+jA5j/oUaHCC1KSO697Yan8jifskqMlW3SHue0IBhlAv7fI7/vubnfjs4PCvxj3jmgJClU8dxRyCkTfqvl1s5WQr9CduOuzOmmwtkXc4S9U8ivOy9E4JeuIS8KGPR0Ns3un6YW2gDdSqlB/S7SFtqBCapX/7HGqsXppDh5Kt8SzLjDfIGpJzchU/TGB0F5MEaAIPhjmilkuU/agpH7Ok9zA6UvAth0mz4JGaEECTaJcDjN6aoJKNpAYxGo1evBw5UvH9jxWtChFFL1LT+17N3IQTBaVA1vqt3z6dyjjeP1Q08FBbQEU7qaM+FU0qy6fuzRXs/Hwiejlt2g872TVY0nOFi0R6sHHh6Oh89Ip4qXqQHrfXdOYzU86ZVh7KYApmQp7/ILhP3eExjYkxLQsEJQkbTIJUalHZxcGzXxvJ4tQ9S3y3IC1WfPiwyps//pwMWxg34F1GpPMnw0IMzSQRoMKHuLZDbUWt0GFM+8y2mgZdIRoFvcov9UsxDf4XrnrRZtSAi/67b7YIW3Apv31d7bVJZkadZB5lbwuWLJkU7Awzgs+hB/3G9m+lBOZCx9DjA//eRu0kmSH1PbpGdj6EcV++u7Duzd6JTuLpAyUPgEWu9G46ox89sYg3cZDtVXJCZGnCze9AZ47Skl4wR4c+fv/fWPkC23YbYw2ftKoEqWAjaDaNSjTKb+F6aZjjYJVbgAbX+uUDxmSp2NAmYJbrkdH08T8ZUCNsfYECQdmDRPc9i0dmZxro4pKD2fvmGp/eOgdL7r4XHK3rg5jzBhLcuR8UxbBvqitI6JTvLuzZhCpJmBCnqfprlSfTuKp+JHVBHqx0QtbAyJIM85F7H5hK/nXCw0lRsrHnTyu6AhTmcQZ7/wTxXdc2LS20nXZcBwtedxZuHoUD7ZaTHiwZiqLy5VOHlCDLUQ9JXWlZ/5nwRH3q68oRbO25cVnIiYEIQHNnirN00hYzwweq+Ry3Mx165/XaCTx6Y6R7u8yHcYgG3Ux5CntEU07M2LtZigIXV3+sBm0+/gpG7nOmwrNXtK8QYYKSCacOFN76NVlzqoIxp3FG819T1Qx2LPaW3fqqQR8B+DeN41YfbqH6Fa6m3SU+77jmTTStqTHnFlXEqeYbAPb5w0/Sfnh/brr21ud0dECEVURAw1J+7g0jQjkRfHcfvJuldVo5hAfiobzgdwDbziPbdYpdZBbwhmEtpdY83hcwYzEVXADnSq7s9N1P9tjiHhq5g+Y797EXvXuLQmfIRdU8ua/e4BRyXANmn56qO3MS+tsSmGjr4t4v3GYoPclsf6n0sujcJYZPJnvJMGUUu+NJrabnrD04rjg5vl+8lFBmsomoApq+6F750pbsKCA8E1vrwWYr6t6qgOGz1kg6mTUt8evYgSeWgrfXjsAg/LoFbFHop1qvQxUcHEJxUAqZ8lzZb49dqYXoybZ8uWc8ZR1ryLez3XN5zCZwnGX/TNbeITZAM3guzWOrCor2fBDVS1XXps819LZp6w2mshhZlToPCQYa7uGKcs4ajLSKDufaqc19nPgoo/wHzhyomPvLNJXxeOLoftWzaMb34AxvYkx9I3XzUHUb8MtTL8+ShdAYIwXA0uxGLEc/8ZtbQhE87v/MCt4Fo9LQYZ7SQ4pVOJ+lijPbIrTy6O4QY/+8+NaN2S6Am9Y7yu4zql5KOCsEHGqZ8au4PX+R8MYtuHOGtfr7Jw/Bfdbg9lGCeLvFGR6wUmsUT/qDyiE873rClzWcSZ9DMyxknAXRb4g1LIwsuv5ybJkZV+g+j1DnSZYe4j++O3TrUxH3FpK05Dta9/O+pAirzj4NXLol7unbNkjUqWK7mdu22t2wvCp2WZYnP04EZfzapXYbUsAr04eLxc5ziwg5znsDDIAHQVn3PmAOeoDCtNKx4wwHWgAsbqWRb9rCFf3uJv+RO1PSkbKOL9i9b8TDjTT48ab1+2/0vHt/7N21+KRwOwKrNYz+AHzqi/A7kSz14De/5x5KErhah9/7Ejf7tzkAkpzOZk6jpO7PSoGntwFKpPrXGhXWdS64H6sisNtC7NcM/j/S/I4nKo44DkGL/7kYaIIJaq1tb8Z2Gg4mO4ws6kE7vnSRfsL9fIBqlvKfK+OQP9uSD0U5m2dKoJ2c3TV55o3vrkha3rJCtAh+mOX2Ydr53e7K+f1quS3AP0YwqdhWfST6snVOsUAzAFv274WopBMGcqkmzUKL+5q/Yrpa1nuz/9J2+RWPTDP5el2rJ/ocG1tyCL7i5YfMThSCk/slMLevm/a4SDYm49dKo63EkrIAmbF1W0TsJzY15zyUHoGhjCi0fLQYCCqPL5t4X1AzCrCyMUjggHTKEUaFePYgv5hKOypUnLIG0UVcxPtQ4ehap0oDalKYEpxDIANSzjF2ciT7HdEqihbRH6n6tZkhiXzZaYiF8wV3bJVQUO7gAKjcuo10Pw3KaMuw/BL/4ovuRoZZKyzxQLwY0pYgfLiHI6N2dOyHuFtjusVp0GP5nvC7mLXMTYFvF8mOOFaIa0+SE5cetYTKCCV5bsxwCj0PPKqmKVohJcr+Rz4HJ4egfU4rQQftLRG+m88z9dzcFHQu550I6FldS81CRP5ilTpeKs8eKa7Plu36wFIQvexfan3VlnvVd1MTblKTSMz0tS5MINyod0U8dOxBWunPBX9qiAxPXFmHCKj5Zry9/H5FfLt5xNAE5DgpzxOfQDsDCs03mQ/+CrvyMUo4pJC54ItkG3Rp+Jmd7J+vMclhioiBZTFnbTEqdWuUrMvWLJGzoDEyD/wG+E/ER8LDUptckAgzzRMFWuiS0hqcmjMrWSe8hQFnLqIg3PEFexkLNSKcf+OM2zmpDqtJqdfH50sZ9xkd5niFf/iUOubIBX+bcpr5tanpbBKn+7rgA2qWgaIl7E7A9RWdoCZq/w/0MzsOM9cJcmmaEPJJf/pygsLWR/2uTYwWHAJr4lrKCb+3kFVeIqDxPnzQfYijJv3m8sPmDNYGNZ2yn5LePFsqZpW5g7hgSkU/I1cBtB5tga+5QqsWdxisHmI8CS7VCa01uZsQD1NzGzmTbKyKifXa+taFxDKxBxj86pTkEU9JaBDebKORdC1ap50pQX96MUO74GQtTQ+4/xeYR6k25HVW6lAfmnyJs28ke+WBDt736+mBIXhH2KyMZBT2wcKOP8K3o9UgP8A9mhiSEdyZwbEqQJ32ndJFqOqbE5UtT0jUadIt/xw1jg2l1IoYDUsdqzHBg3CVLFpqw50crfYE8XVGjB7LpagvKValgPQmCkc+INXhdbGMfH9XlkbZ2gjzRvnfmY9do1qzPaUFcBb62IHOBfy1wZc8tlrpBxdiCnyw9PP9fZzrpO9l89zFHe3J82U1rHQrCtnR9gsOAWFnI5QCjkT2VJWwd6qNPaeM3J6uoz+qBBRFXUGSqnN1ZPrY13FMEZoQzHdocDyxSbQjcjux7eiIUscson+M+YeIX/27iAlkD2nMkyEEdwkcDQAPmcaougPgCDJC4Of+vg1UXR7aBOrHnmVNlTO/oznaHMC18V8re5RItBfJ5TZEFIP6ZLsIDB3QOJYTou+esZWkAp9A0JOWQqe5GKp3Nb268oMVgCYbHfzc/E0F6aCwgAiY/PKA5NJvWUgmuGiU6ovVhZlQ2LDhc7+InzDjlI9QNZalrwNWsKXiU0Oav+v6vdqRwrQAheSxJGSRLJKj4i5JsaLTSxT64J2b3mt0+FusRHh5WFb6tQDPnst0Vm7bL3FOUhbKqfSnaBSzhSNEL/GtTA0dQDv5CuwOV9jQ1fHdJjsrMv5KzEatJAY2G6Ta/PQK0Yf3eZD2FXfc6TGkh2J4emlK79jN7q70tt1PHqQn1CX9vhiOD96Qp7uX5KGmoNRlIKcgoOomp8idQKAC2aFQ0ZDBHuft9b3EniO4bgGvJn0rXOiO+mATzizUhSS4q5L9tOR/ar+Op3bv4soctC6y36rfa9bO2rkA5QLZsNbp0LDvluh4lhAI0mwf+UqOUP3FrEAeVasAtrnB3c7YZnthrE7B08Y+EnVfLel2QRg7lvKNI3Z6x9hSDEElD1BSrGTPbrNnzNa72c2qvBWOQ2Ht+wt/AUyH6mWfHBMczDJVBXkF1myNhURM+jF7KPXB69RUGduSG3UtIEgW6deA9ptrz+hXLFEd8pJCSWjs/SKGoZ+pVq1jhBgGd1gfxReGBWnBSp6AnJ82JBhZiS2zPBxY2tLagkWRPCPKvYq2RzwkDKx0FxiHIljfJg9km6DFrAYKgmGKeBVfFtZEhScdl/BoJwUad8mbvbOUM60ezJKuvoV+L7RV1d98z7InyH5LIcoqsSc4rXKMPL9EdZSokHWIoq3hn41DvnMO+GQ1U5tOb6vWN577BnnswyGOtwKAxTajJQzPKW9ZQ/zoK/JpQXB2D2V1Is2hmlBPOAaFHyGghlNaRFHv5CgP3z9F6U1pX5MuBm9aglMrojGdOTi8koPWQG5hXa81kb4sgfDTvw0d+prpIiqM4maFP0i/ZxzEcDgnlxlg+1BI1NsD7CV3jJZPZPK91cbyK7hi/fXtjqK/z30oIJn4Ri/W6K4BXVJ9efSkOGkcT87R4iHWEAk31z4AVBrnMinDinOBCC2v4FgrJ3XwLWQf6W1aBDvZP6kGunuPaxDUMMDIOGMqKEVJ64OpEl2e4u5FfNgEnjAHibHIQPWW5LkP0IIYWgeZ89nluLPARO8QSY4L84n4XdYIzaL3L9VXoGAFY9nAIWJF88ewJQ/ctO1mgIoy/W95rB56T/qeTtkOHDDgnMmkZOHsy5BYmP3A7UQZUQlQb6GNFXEHsgPjJ6SxaI7WjaPEfn/EsU2KvLnb9FjAijWmjs4ZTVcuCbTtOoZdkot2Hp00UO0EDgmp1pHAt1mRkKonCDvejt9zfjUm5wRh6SdSTjZxtBqEJZehB9JjOyrRtVKxAWzsUCp14apm+zYGDV7TtO1na9lVq9dGDGm61vk2J0ZmFzyRQ5kae7nYEfHCpiTdiLIw4g78n99IfVkdyq3/wQu92/Z26r5XpExTtuuK7Yy4eqzEt9i2RRp7wrmlUfaKdCGtf1s/wmmZGuaKQap8V4Wo5KfjZewugG9oCrUuTxghalosnZQWvjUt7uWzexW4BEJP+SX1I0wSMhPuhemHK1DcmujqbW3mWbhwW3MVfUm5A6bT5JpLxKI8aZ6OqULbVd9Zu6FojtT2NL4J1dwosenzko1HG2c8Kj/gxKcWkeu05+qEZMx+Vq5JliBgm37ynUcQal1uccOLg5dNt+ZsFGfkHgcaqV+x0Bs+eN2FiWzZLg2kh1Y9TeyVlUeahZ4aSxqkirCb4vj0QkKQFGDUsG201PXmZt0n58gIkD9d62PkvLX8nFOAb8GPznYDO0Dl959BJZVAniGPRySYhXNwwaGYAVNtxCYRX/gQCc2rXXNH27NF2nGCMKyfq0eA63RC7rWXlguxdYkzoGCIYfW1be1aQENDqS7F7dPyoLhADWoWYnKqQWPnDFteAvasl6t/deolzx+xvcIW1INBA0KFMreLYwnbRh5J/PaWlz2SLf5UIZ46bXisYACUkCNGNKbhIYi+X1Eht9xegztc3RsmhPEc5HD+Gbqzt5ELgUXScc+iUzBJQNlGtPqUnblkZoZ9j8QsN8KLTiv49jqaTcflVfK9s1qPsJaYKz3gHnHD2SZyM+JIOmHnMtjreBUlOoOrai8SvTR89QLczoCvWpRJ4ZydU2aIVkxJhiw2ykQerLhtWToeg+BfzWLMs0uI/YaGJ6WmfQ/AcOGcEHIwfCL4ULfFKAF8ZNeDOusZdDGQM1CdHHDmnG2dZOZ9aoQETXAxQodX8+vjL0lN2jgqdN4DU1xIV0ZvbNHDoP11MHLaTC7dKdWWgoXxdaDGHhGlUD0wgZ0WI7/nWeUjGzIYYLWKQZ9SDvx/mw+RxfoAjz5VRW8TH9sG6qEgvmwo+6B2fCUo8oX4K0Zgz8QREuqQCm31DesnjtVjodF2a8lYQS/jN8vXseyK1PgmYBNxiuo6yBxMSaiW/6fr6Fyvt6GHYJgucwkpckQCDi+2shPgWdlsgGRVshNPzoLzuwgDYVrLgJ2Wk6vigIjRM6wttWsoqRJN7YiSd5/D+d5TMngBLsawl41bFlrtVQ0CItu/B8yKlO3Ivpt1JP3yttKUyYB36zoNq5dvHXixmjd3B76l/ImaJR0c8da7TWMRWV8HfnqZe6OE1HlLQbC1e2P39se6pq4DyCBj05O2T/tfT/j0AGhC6vZeT2rJraGhoC9q7p5AxXzU5v52XJ1GErp9OFH4sryQ+nRwLjoo+xgs9ySm0MgRIUzXapOulcIyHZcFs46nuQ+WBbDMJW7GCsAsYZzt/d2j4qp7cwo9X5vKQuJ17LMgIOvJtUaWTBw9qGlpU3sJjweRAVpGc8VIdh/baJ6sC5Vnj9cv4hInD2RUfSKUTfdLPiyQbZ1pO0mL2i8CJjcbHY56VIZWcDqzATGTuy13g6hn0LSJYJID0LT4FdWGbDjJ0muFMbgefvEpJpk03DGM6JpJ8AApYPep6ZjV/AATWXT/YCcsAQIrcToUxZqiVKT/mmaxA8J9sZI9jACAIOOFNcquOjqbFshj/E/4ZmsldsLeTC53jqt2r2B5I4jrmWwXixDn5WSODdYAouX8WcA2k40I8zJ/BK2//7csMm2adv8eStP0u1wcOrA3y9hEUPR8nWQqtdZbM4//Hrmi5eTY94Q+ozaOR3dvt+6aR/MfQlYI2snPy8N6LWZy4NJMIycKu5ASFBnYn7Cszgi35YI0b4wM1jOW53Ifpir6DEI3kxxitvtdoJgj+fPT5TTOTDP2RIBoI/vykl8163xstmhD299dL3224fmgmuwZLp9Qd6HbuxHMQftqdjs9rSYUKyzR11ZtJPzd9I2jQ+JlSJpuJPdI+DAgi46lNt0IK05AOcsNaCKDYW1zNiIZfZN1ZJaczTqTS3fqH6420l2E+7HQM7gqhz0AdXqYBPwtKxSzERk/XSIZSbNGRsdQUj8mTm1qGYi7FRVV/CSoIF41ZMt0SoXrJ6Z2s2hPWIxejCNwgMg0M0pbwAUrdzwvojysYRciI8qtlDrgBFzNNiZVLkMslS5pCJA1k3HdGnNdSkhATqv7UORXxwzmo4jkvEUIz3aB1iOoh2bOHTfBZovXSbYi9IqimVhvDIkxoRM+TmffNuJeDhXgU2BziQXIHNAgSzWt4slZmYG+elWdBH3Ty8qX9IX0l4PbRtA1yCfEClloThBzPZcaFkeIqTNfNQdmzaKN2pra9eF9lvYsI7LngD/b7sT6mjcWC80hYHMOr8qIkASOZfHVlrZPghCj8+qO4J1NT8hiSAVEZC4kPyBti5FcYQVUWOtMf8h7fNqmy5gmpU8EK0Nd2xf+m9Kpflak6s9e9kttYPEHp2n1Mu66T95jn+aAlxwusxOZ80H5buxbywQT9fLJLarhcRYuFOY64gnCX8Y2lmrSzx7p43L5G7/pwtArG+otWJu6ND01b8M9itGu9P21xS3Xx15aDLUMAyB3iaM5ipgqzeLr7ZQMa5d8BeR13HZzyCXMZ27wzxh1PL27/0eXG/nSPOj0wBFbN/x5ZXSZeWMxDD+/yErCgZkXTKZ3popIXaMJdR490DrhBI62kjx0sCcE0tnOZQ2PGm6nUfCR9DGJiJF5o0R2sV/KtkZ2rzl61OyfTJA6/FxJElqCTTghrRV2BOeBZfxeAqd4X2iMpytHMCfmmiseJ95PcrJ0Dmpxula9YyyWqjnutrC/TlOSoRTV1rCs8BVU3vG5Bbv/bdjFxyLV9/HdfsyYs1Z9kXx8Ttg62LgmrH5dqtnGQDqpMSB+RN0MmBrRjJo7A/xXJ4bgCUBkEvOhLl/c0tkPA/c50hCkCyAgStavUNoRNGQeZx3fwoWb6PRYYf8ukcm5YkI1sBUo8hUFBlzMlwn9ixMvcxdQIuM00u0pFjFsqxCEDTqZb77QBqeJs6EDakzmEkmnBMbDF4H6bKLLsYqK7RqfUsM/qynujN9CDaEjpz8jZ6N60/2k7IOMBwXL/ZqiBt97lq/o2dbFIaQ/CAsZS3rm3g5Aq68azm47D6CjFeXs/Ezjt4YxE466afRiZW6Cw8B3BqzFinzqL6r8yYCsolq8VBzmu9aJ/J0Y+/zbbjqlxTzb/BTdj2BdHTSf/izBq/w/x3DQJu9sAauQLkkBR/F18CIEVFhbZBRZUGn2NiaHiHyscaD1Fhxdk7UV16GNILQEmuaWnRjlnrI97/bcwbSFRwKwnF3VRMTIVGtlMB5nyvpe2IrSVmaV/8fHgjdzhghp21mzRomrx4HoVL4rbhF35i3q2HhRZbvg34JlHodsyEou4HdzrgdaC7eJd7OsIc1GFc7eKjA4qUdVXmYksDkVJXDNmO1FLYjsRIj/fBPsqNMnqsQWcxaIiL5uFxc+awv1r/LfhfR7B6JESNEJnfARJtjAj4WorHuGj0R4dnTVMgm3BuoGLbsKtyPoqeY60FCR89pnCas9nETPuzueb/jjVYqeEXt1X/trIxRYkkn41xh+cLc+wEa+A00UU0q/hnrp2Fm3TGnH1hn4R6dqMfnZanME9yocwyaZxcDAyB/x0iyWV2d0hsA2SZmQLneVM2gDwuedxcM54MsP/kax7cZ7/vG745ghC3Z00I4Sbc0ArvXJ1ME+tackw019Aw6Aw2zy4NbjEVQIIVt+TjpwtwefqwH4gNN7cbgK5+diFztwkyX76Gi0Rv/m3bxtSLdGjVUxNTwpXgGilRC6qWrk4MH4yKvfBcUYXEt6n5WmilOaGnwJ340rGHQeh/ytogh7UBMjpmgKh6y0cDWWVNPQYg/KEB4qzFtuHMDYBZuaMMPeOOY0klWqe8H0bOblc1mBeeNXzLvN4FsvOuMh7NNOVSB8MYjwe0dOAdxjwA9bDhNQVxcXG0XDdtb3n98+7vTu/A0YaTtlwPmYwZEsX46+kO/wAvTBJSMW30+g4KM3FCbaUuH6RQncs/z1sNwETx3ycnIpU0uPw78erEa5SmArxJ/1JxBj78WAxMEIoAhVPRh9kvRnIVo7dJv9n+XAE4rjxC8/r8xE7NhlaSVRghfe7402E2vuc0p4pSfATQvq743bIsN7D44Wa8NYPA5y8ljlNgA1GWDOHhGRCuwik+PDCzWHonX8XtwKnEaq2XdW3ZAHv66OKmESs90Z48P1FiDXBf2K6wugNflPXX9htNy6kTHOAu8ERUhriyoUAysks7WUu8u9B1Winv/HRtb52wxqGCgTUoSLDijoImjmAuQb3tKNn9f8nEj6jghYubwp5eSYbqtLxMLklB5Lftbx+YJvbQuz93LWytedzMR1pLXWvO7dIfLqNZBQ447KphOTK9ZaZWIeuudTHKMm4tWoIO9loh9SfvFpF02lqStRytDnF0rp/BJHTz/sZCefurHUhqck3xwq8zkboLanhvjhtyZ70Tu+4aY0dfNygioHoMDH2JL1NffFBwIl9RPGnH9K8boFSUxjGR095SMyBAgOLlnV/XDEys0R81VEKCrmI3untMnYTBc4/yUqaEDNzcKdDqeXF3h5vAL8WDbzuvN4Jg2fiNEs1Pc4fSOvHbyJlPuZMHK/5/dlEm+XxdG4RBUePSEpHFAUIL2n8k7nvoRGmNL1BILcRZDmNa/YhgGu8Ss1uylUi57Elw7+ADT/3PZkPLVfyu4+5ODbOGShaJUXD4YTUUYvg5r0GDulVYALj3ALchgbLJ9vzwrX5ISawHrNoY+hIO4dA0nDzAIzQe3Ao8ivIBTJ+PoGGhtkuOdoZUfPpCdPtQhh7n/NG8/6KVoVevavLhihWHBfdqVw49r/G2ZVxL4bYeljzI1biHzj9m3/Pkg+0fpuXFyhFqm2J7Ra9SiSEZfyx/aMNYzuQqss2RZGD103gXt0QGPLig5Jaw2aez98imo7QrhPZ6Z4jq9FoR2UGKqfnOMPVsI8+977QOCgNDQ/w8Kp+7LYuR1buYOEOD2aRkmoCGatYvuBnTIguJsW2hqjn8KIUjhGW2xnALjddbE4fmqxSgmKAz/eJggV0L9r0zZbyyIOGSCD2riPpj3BLib9iA5eDhC85CbUMpb60cXWMymIq0nQXOJWSSYIFD3TEUqVT5V2eJg+FvqfMoZKCWZn/YEqBbJ+OntQKOOFa6+Y/x8bFneBloNRERD1swjuJRGc4WX3cusgVEZKqxXiYYRYfOYYqtDQDRPyOixc0kRvca7W0cWgwlEVar+W7BFlGb/hWpNLDlHMlFzLM+xwlrYavHzhKm2iFz0MtKkler7J0Qf4YmeDTytq1yHaZSgOUbVZIg5pscQXJzLAmMbt6iCNzCbzr/S7fhEIT/Wxn8oWM7lNNKvHdX1GvMj/4rBKg6lkruMYbPCrBkc5erFNe1ci6XSyjQGwJFYu/ARR4MxHSPomsZ4xVHSO/cPkeQrlTPRWgnQ94XTzvovSuUT1Q3oadSaJ+jU0Xwc42naEG7N6sBDfI1MPzpErAmzPyKKZEzNS/PYiQAMJFMASYqOeP3l381Irn/z+W5figVCtngqo0U0nFyAuq177q/coLff7hJ8n8Ob6URNqCHTwnPzKMY6Y8sqQvMyVQ1bjnO0mb+6j8kusZjPyt19TYUBI1vHtd8N/Qvk+StN/090OjQy8eGu1lYK4ft06xF1Wbgzd2zbTv8EMbLK4fby3RtRDbToMqAFUu5TM63osZMvxynbAa9ybw6OWfphJx52N92KTTorugzY/krUEt0DlLjhE6P09UtCoJYaQqGUak8aHNloWKzkMUa5EA8OeZj7cXzZ5NvTrLSr3na2NKMwyy7k9n3Q0HIh1KcT05DHWH8CoPi5IOUZpYEx44KFC9i8UNL8uJYJcH5/iZiOtgnzVes6eAkZnr558e1JNRO7BZ/eJZIQ7y5fxyFos0olFsh92f3yYalCWx7ufe8Fi6T/UHMXjdYAjAgtc+PEK1gspO7nPblOGVgmdt8Seb03ZGA8hnaf5QvBlz74jmDFak4IdSMCMFTzJMUIk/BF5PPpH6c+ggSeg+vfIeVRGXBfG7y3vLVgasmGEXbD2P8oG+QEPH/CZkVQWjqEef1TVh9iv7QIGPOP4afv7Y9qU+a3W1l0PCuUTw7IsA2CCHCJFVWsYLUCohdqbmfHF8MPo5Ci15PnGTl4uCjthuqMVsOv2QESrp8Ovc9p8pxnA30iUv9IjHYyQUWFbMrWysXCOgFykQoeGkYPK6uBUkCsV4OLcaFsQ4QPzXv4I5ZEqKal2vyohGllJlc6GaKGAyaqii0zOTN3fDtgzgXGEI7Zpkc7ftIHh8nYw7rZ++SW/Xu9g+rY3ByW0ktlH7GBqzlAzgXuk0kj41b5xA/oy9sB9M+rFlsNOgZ6+LDIPMQczB7PgNlUSXax9XmMUQqUPp0Ir9kQmI+lM/XD24v9CQfhru96ZGIYxFCYttWuG+Vs7w5nAjblVtyNar+Rl/Qy2oBCxf/x2W8qXRJyY/Ra+ENaWXbSay51A2A+RQRKWyorWdln34kZ4da3tFs9qMe+PyQSCdxzFtO3dqTnfogZ9ZenZGidkD9+vmT5eGvaMyblPDzFAFY90bMwYk0YunMajJi2T+CIm2WcJru8Wm0jCyKTosJLSieknIXhXcqanAL1rKzswztvc/1YUhKiiAx1LyApxc4j+e3RjnDaxSo5zYjkb7/Y0xfS+a+OWFwH+oe04fEUX7oeQDMri9Irfq+iTCT+Xuus3rhakPHsCyVnAiKY7r+moMFvqXiOiQzE/afvlqb4q1LNbDHAFoiDvNW00HRr6xsDuFjiDhAC3UC0cPhYBZcJmMeBQb7lUCuVt5Mf2istAazXFeO/ZF1JMEwiOlV/BQNLmlyLVHXixHmH9Lhg1WrgGmlcvzy09dxunHbR+wRmOJ/f6J5KTr9HhN6p5+veK5gdeeHfVN3WbOLpgMHJcPPXUuOJh3sVz2PH8HWhEFJQASIGikbSdeho4/1prnrGBo9MX/4kKVaJeKUCI8C4QksA3c+OjulB9DDSVZfXx10pPuMieMscGei+hi0KuF+PEMtTR3bSKjPnLBPD/L04Lerq0BTFIct4eK19z8wVXJvYmOEWWd8vAPZ3r1RwO2NMDz56h6Pf5nQO/9r9XObr8fZjvzbR41Hfhyxz0wARES43RWASdCO13cx+EicMqvHOC66H2i5hT99UiLWkC5OpVHrlaO+c5YVKjd9okn2d6PZX1ftyM5A+Mdct54R3fTlPMPSGPTxthOPK87q8yVMMQKFDd6DsuKF8HU+RRvbSqjC4ZypWQZrVYc72QUrTWpI0ninH4CafgteBVooLxCGdzXy/pv7RxTi3Zq1n8RQeuFYJchPPfnU51YBtpgGle/H8dGGqxZ+yNaADzQP9OAkIke8QkG9IHJmGP1wlzZROXFbMj8/lzKdpvGKxolUdIqXxwCLuGFNrxtl3Kfc2s6AFTDHTgYdBooHpDJ81zFmVkqvXtyr2wOUvE5/RzXQlaCfGTmsOnJ3RIaaOLD2r+yZNY8XtiNcJVjlILWaG0JOncLMqOjhiL5SV0QDLTGCJbe7AHuQ99fzxYH1/9G/qAUF0FTKzKMOhtB1R49DUU3Odm04d4VVKJxK+WNVQ2nh4qeMPV60/T/9LQwaw4+K4Vrd7cdb8U7rKtaJhBbaG4AtAc0FFEmfTHi3sVjrQHjdW/rO5FNI4rR/9GW/ap82xBqL25HpTeLHPaqFQ6BCCv7eeHfbCbFJtXjevknAcuFgVv6mnPQHcroUz7binMhJRF+kTwbLTMiubKqVTnHh3bYK9kk/kL9YEj5RvM7oJ647Kg2rsWcAwhNS0OISByHrSJjEQq9Y0wRryqEsROULX2murMpwJpPYTZ2IQgd91An83NaeQbafdsetfByi9vjujcW8c0Iu7WlYIWAnj+pzsCnkkSW+jbxIP2BGIkfZmWcwnlNx/q7vfTEl7h5uh9Bztdq+3aqXG6UcYBJP/XXeonzxxqZmoKJxXONWCZiONG3+EI+jYveOIl0+1NvSCa1h7xirhWlPkcq9OIh4KdP/TaeTpLEA4zvfIdWD9enOgrd39xvAeo06LIfwdbui9qeqjLqtFe7klG6GhlzhGrkvD7G/xOJ5MleJRYOoM3jQUJF9q+Qw8BWmE0ssmO7LSGzU/+hcJvdHJbGDecfP+kXcNETxSxi+UXTdgtjnx/+WsPit0qwyHSq0qLbYQOMYNEOCerhsd/X/YKfssXLfrgH7rBf33FU8XHL3m02CYAwDSWJD3VUjfON+5B/x+bQT+x8ZbyTaEUP5WPoY7t+Qw9VnVI3q9v1pXr0OfrdxortJcS7xtnsZr0/hAFS64cEAFJnV4c0xYTBvP37JDGt/DNQu1GFgBVTRU51/bsptLgmha3RfWYTquoMtHTo7OqiJAbUiEI3f7OL2iliQKIdiR+zLW/TIu8rAswy6Vm4OTMTBc2yzR5/N0uLMRX589Y6trEG4TrOslz9LD56RdsCa52E6zNRo6r2pO7aRnlavbaIVwijIqjZLoUkILaNaslRxioNzU/A4Z0XZIomsp/hDCqO+i2f1lxleVX311qdVDoBdF8VumUymHM6UV7nBSXrEbihfl7gMx9lPeShewnSVOZqh3EqyOD+8iFLTgUSg+8FPkpYXtZIaFmzx0oh0KuHyoUZ5Ul9nGmR/TwKE/KL1GjoDIgxhwUD+TbtVeN+8m46hxaaPdydM+HD6d3MpbGG0l+aihdPBtzD7VVieZwmlzv1P0jxxzm8RyclkI5dYup9IwvhcgvO0oKdnMnLrGRR1BUJ/w0as1U7sz2nr0emVE9pPjP7Hqu3y5bieiOLQI6oRc3KxNogOhSK5CvxDI8vH9ColI+nPmgv94XbL8u+3Jm+ymgK6JtBhv09IzHflLxKPaloABzNG8btf1C96tBRIoJlsgW+qd20zrYDeSfa+yp5nefTIWGXD9hNJMp6AkWrzdJfuxO/23+yixU+Q9Hj8JodG44Nyp53T4qNOIg39JLO/n9N7jJPRnM4quCMxv3Erci40oQhMgzoeYVLC+vrSneiy/1v9zHh61bMGEKZ9HKKhzxarrotPaeJ1VYJILlsbaPyQgapJiem89xa7YGWVqZtRRwcPhULZvnvMycvAYrgTJUvCbgBm+9bNSd3YVNj52Ck7UmoMhUcF0dBfNKUOHIvArZcDuPDhHlEDVno0EyRxkWmdtGUXGbqP1faeruzGOqGSw2x8N/FFVguclvcnhhdoj4h3VoRtnwauiV/YeDZJdr6IThsCqro9Ap4o28L2DeROv2Al2LCAePKgPdFWm2UM/c5jEUrTp3sTUCYTznmFReB3Q0RZ82RInzUzIx2t1RDE608TejUzAedGoMGksxpmm7QDfG0ktAzdfkEH0s9U4X4q3kXFiSOXXTK2jZDfBIfIrQHpqxeTEU2i0Czh9zg+j5mz668KmYtQo0XURVnj+sEjAKUr5QvqSM0Kx9c189XhGyxjA0zHwDyrhuDsB7sHelb5zlAc53AhRP2wATQB3HqFftkPCRlCsIpPGO7n7/uyO8pWnWXyh6H2uZQKwLoP7Pj3GC8NmF5lHBR4r335lyNdb2f8/b2zq59lSH7PPgQfR9OJFJGIs0nbofCmaimY+aVz3vYA/srMnrWO5jdghPh5WPYkg7mdJBuMvkmswjm/TzPHMei44b3xbtBKNFhIPY0eo8+s37n9EmhHht1E3yOBEZ6oAoba/++IS0MGF8UIgUZ/rcKYb7Zazs59g1ju1alIf/Jb0oyy075swL6PqtU3GYw/Re3RcRvtpnH27YobFo1w5rATnge6BB6aTuJ9afOG2q8LLMlBiDFTlbR1HkPLPtvqd0arPvOS1dmG4PRCcx7UQXDMUuU7XnWbT6pNFe1m0RjY8zfP3lVjPjqrgyqcoWKk60+2s18xkFQw7WcsyL7IPn9TErVkJGkwEiSIYm8GR3mP+09gWotrj0hU7U57VYI/X4qnZ5IvSqd718Qk/YqQkT5DeZs1/o0URmNGgprwYM5S9BnpcnWwb7k9NKkxWCyyj9VTh7W7QPH28oHdF5EkP90lOBxiVhvHnfVhmZxYZcaYHoj84hIpsELWcB4NnzChFchwezt+P7yx5l6s6aS83RNDKdzivcIPIcm3npcdeUpPtsFLCOyHYdZo1LFza607Ls1vqfTlv4ONmPr29NItuIYq4FF6naBzxJPYrCPt1Bb+TBsyy9qizDzBNzuDn44K1mHFE233Mq8wI/aHmgMlgxn4Ga56HsQy75EpROGTJbFMDqbdtQgkjajS0SiS5jPNskybo1lla82Hw19Y9F8ds11ZZjRLy4s/YEk212dypnlZotDml7Il8yDFEFB2sP2TYUb+M8VulU6em5odrOdKZCwFC8xEv4hCPN+QgS3HR6MdOs3OrGQToqRmZmLE5mpJZJ7/62pVNb/wVKAwe65agw+ICb80Y8jfxSj3r0sGW/weZW6awucnVtrkK8O8kLdqs+sPpmx6/bHuYYeghF4RzK0IfIPSRAllfhIBNbb0ObYR1cRUIjn+/ZGGXunTMwqMzOEVnGdFt0FoloQvls0GWKk8Sb9+MHswtJGWlc0l7R/+/2BHzM+OoSTCL8sFJicde5GItflXBpNWtp6pf2YYArLT8/MVOBxUDCKXHJSrLf9gmShDk0hMZN7+7BZ+/Re8GKjgNzZpAw+hdhIax9Y7deDIR3Lv+uwVnV8b5cMkjsnIN7tZJuNBwn6Y6Wjq0VrtiWV1nEbbwG038PKoZKp9LdU3nTFkf36dwfMY6yzpxkYRCtmxQYb6cmW9KiLG8dYH3YY37mikljT2zlLakJKKCKxmniagiOB2mDD2BTAURRQOr44lH1H7IY/s9Y5vHfOz2eNzijdfaBCPYItamM7irtdkP7wPhakG+Gcut5uEUUY1qeFO/Y3/ejTwhJavNBy+DJy/cUFFTGOq54irC+wGuVcZT1vdr8tHtbrLuH16tDLObCEQMnCrMJuntCue0OpWUwP79UyQsEB+agLqtnF3wCntF4Nt3mnUgcnYPklGGq+y3f3ZlEGc3BtoDDor8VxbU0Gs2jSULdl2orpfKmSF2k7GUutX/rm/gqabYnah5cdHs/J2IKDDnAEYxUg8yWq8L/yX3UNGiB2+0LiwDeaPByUzfJ6Em1zw9d1nx1MkZnyuPiOft8cSEv39J/WUiLiiZK9HXYFtuj31hFwY6tU7944cVWUpiJMfx2xEfF+BfqCuyJzbGRYgsGnTdyxfeebkP8w6rDPR7s60GWjlOrYG9xUZ0mq6nFB2XTIIJ1Q33HebmOtcTLBwt50j3b5t2oPsN0XgNQ5SCOJmo41f1dK95Pb2eWUrnI40LjrN1/4MbfQonWSWjFTBhe0RdG8x+8clLCs772nJIbLFQn6tntxPaXXN9YW9hrbhsHr4+7vfwAVZ2JIiM69LrHR5o8rK3ttjnvaIJvaNmbexaZkaOkdy7b7j4w7yUom5vMKjG/P/zs43jmVZPKoPpFf1twHYoDwxQLexLvg5kAn/yutfr+Z4L9rpWMlrDWuV/sZePe1y7pzNv5YtvLs+g88KRFAQR2bHajuJ3WIxfw1alHXAOo2/T5/fPlAbh3O4jTWE0MpFUSwUwiKZKxa37RXXSDd4QnvgmrbEE01kC2DhRfMY0cp2sr0/sg39NbTQygH05qFrS5I4OWcV92c6Gtj9TBw2RkwISMKRfLw25bJRASzISLeVtd7GiO0/O1AjCyRJ1UfV10CbrHqeHVdRWd7ybQexK9q19LsbTyJajUbkswxLTzqUxylzIAtsKl0M0iHPXoNdsCHniGjgv0V/+DwunneHcX1LBLpWg97ys2H1ZKcn/cB5VLfZYC8Kn7+AwjMxf86CYjlxCAyHxAtJ8Gkp7RrmG14TqLFKEXzRB0MFuzUg7wCnluRXCTz9OR0ARzEcBD8Rlb4sLZestP/NoYl7Wha83Mt3BH9GuNrDQVlmhx1ZwfRgtuX/qtT5LDlJFGsnMDN1vNcvNsloj7La065Fqlh+gpvgizgtx1cYxpH3qtnIGqy2Q1AogkWL6PQ8ddLCDipp7ST8HvwYb6Jdw6qZxrJ/4V9kZ8CxgnOWdLfk7pf/25H9tMPCbeP+eWoIUJ7B5nVsQd7Z7EhbUCSo8rDu2UQOpPvte3RZ66rourEl3m/Rrg6Dle6GWq9ocKlFrFadyjWr3o8zpW8OEtJu0hzeqJoZ4rMM0aX/q+MAQglecNxZS5KvBKXfbYKyjKHNfzvz5V/F/y2FpD3xexHhhQzGuBhHE6yWDD86IuIFq7zya+3sFg2e2r+axnnCfuDkAxnx0WNgZIzLb3Pw+p5D2JRJ0x15dzdk9BqKEGPXHbqz8/VhG/9G9iYTvBGVQFRYO9rDQ8NQq/dwXs+Nl3TrVro2+7OERiOeXWV/yPdd4cdEvtwVcFqp0Hc57uadQU6pjPO63MZdaQFwde6inBPQnHyUzOmLDbui+07/nwF0tlrSvAHnNuQ3wxX42yH6EEUlXAK+U7p6Y9vHW9wFvkA3HWC+Qwgr41266s1X3peedMbmWf+c9B3JTq4rvdQU9ETYIhZK7TE5aRV/59feL1rdmMDrkydW839R3SYoUaVhrEDzQpRjJCV/zE6s9Vi8zkiVye/Z/5DuKyaS62dxS7SNcNaLbrWb8i9XgkuphhD0f8eVP881wSuP3Ja4974PywMIpe93GYZiCy/eVfP6ZDabPvBJH1jWaJn4KOUO3J/aIBZYaIk3B1K/7XBzrhCT9jkLfwEQ3B/sbxRXC0A4huCroOqddch9k4odNFeaBSOtnA9Ak+T0w8VxdAcPJ4Gp/pPFkgZMy5GTBvs43TdhmxuC0FDUDWek6b3YyGRlBJmfj2L/UzZTwA2RRg0kxN6tQI+yfo26lxxBKoEHDBu+tZMxZ88g80DcbtMWAAb9Bk2kn8ZA4GystwyFexK1OyHbmfOs/XY6NbiPU1BEod8U2xin9g2D+jnwH+SeZbd/k2zWirXVWTfBzw+6lrP1opysDMyREZKCxnuVCZSjiJ7pdHRdOzIu5YN83jU1+yZDlxbkYuifI8rbVASQP8mGOEeNBcaXrvJkdPcZXw7dTxNAWLPa+Rs1UBbeJbFNhFAl5VEa53mJBUwN2dYbQnnpGR8iQPS77uRspR/Ox78mx1HKzLuYYqcc2fY0YGapT42Dsfyw4EnpAC39PnNTAJ2zlHglv8CIFrIaHiX/UDSDktpWtNFJolxViLPimRxgk6s5hL9hoqDl2QFIFPnrWPSbSdUnppAp54IuqCFHDT7Ot3WD7+UaAbWvyQOzbrOubCvfMO+hl3VCBZdv68U3u4QpLqt25txEnGa95LXDn/jZSc5nh5e1c9PQPx5BxiPkrXwub8D/xaTqqrFTdW/hctRRWHC5h0sQbisUUuvRdcvasBzEUc05SoUR200OtUZJ5EyK5LxcFE/99/jpA7odYkHX1ecoTD4da5HFgAZ+7Lv81gHBrKHv/QibG8IFmiRE/YmInbPiiavH+6e1cEbAIPcum7E6KKscRMsuH4JB1yJK+Js/RzDLOtH5HG4ZTLw5KXx2e+pswz7KgUHPYODtloVeUeBEHVvVFoRMjzP4ZiDasxiZtCBFZzDT6x3XoVyWUBsr5cyXHuce8RBvrRfNi/offc2nvZe2tJ2XindYZd/4Y0hvE7N0RfGGXUoHPYrWzMHhwSQFUZzx+BdbRTbH9YjT76RiWIwB6cefWiPEA7wBcTxWIhC9DTt3vj9HN0U2oJhubV1HVHY6d9BoF3F6lPqmqGBLfsyZncJYeSc9a8VzUjXyu9+h5iTDfDpSDO8vX0oVnCBGo/QNLbuk+0kke5KEVbGcDl1Ql5w60ttNA/Jr4WEIJjscivYBw7ZM5gHRiPNW2ZBGpDic/RfWNDSV64cyiDDKXOFt63JrG41w2hELT+osqkdpxxp9Hux7aHkia3pQlgd0ZVUQib70vmx0cRd+V1o4kaSI2P97c1D9cv+SP7K/dHvqx3a75iOtFuu6oWBAQK9n/oD+bR2JlBmPI5a2XAbZefYxb9Ze1b3mb6aUiOo7enu1RbBiW38ZKaRuwSaxqvO7faBfvZljsrrwgJ7s1pbErghFPq6YSmklnEyX1niIbsAWL7tnp5kys2daDnVOtmqCIUjxQCIuugh/43uGRSILln9NklPtPV0qmB+X9+CHlKB72+Gb/dx68nHUU2XwZT2TZW3Z40joHTdfeKuZ1KTuD3t0LrIESfX+UNL3BzcMcaR3WsQnHJuFUJPbs9ePYxUUDmsM9R77Zu4kba5hf67javrYgdFZunyjYGwnBHx/96t58Updwrduf6uBDsL9TarX2de05SquuOdReIhQIzsMD/eg+btWvdMaEvagu13ga6Qe/hQBz3/+iFsnuFIbyzA8QQUsHMIvlRH8dCWznB++aYx3XPN6L1h87OJcTo/XPo0znrcwDYAES4P+G5CV+snpM02La3Sl/CG8a9+UadmPYdZr3Z6/Il5uCzetdBFbemKNLhwDIV1lno8prWlx4UkiKS2+6JcUUJkcDzECUtp4cYpoLb0mxOJgsEYrzu1Yg7dYEULXQlNbyuOOTQe8ATRmlya8I0FKDZ6+AUY7w9Xfzk6QAS/HBTfl2RI6n20waLZtlwS3Ji3QsVSooQ9IVnnJZl4heGrgOYqXm+rwqurXyiUP4Rklp0fWFos16u+CuUuW7FwMDF7cETcSAkCDX//PfR6PzOG8Z7FxBAIp9Lc/JrImXPegBQQS6+FemFiAjQIunZJzHM2tuHTao25hoR2I+JOshUb+uiVvVju/RldyrM3PSPhfnlaDt3I+uxoQGuu6udRVSbhu3/kOMhk7w31fGMW7cMQAWQqJe8MCXtvQUxcNetqitPuUtlZshFHq0U77zMebDiFY2j/LM4XWT5JSN4lUHDgYX9p66vxGhs/NzKt29T5VAtHgrJuriGP1r+mnW2FfS4aBf7aHAypQEM0q/m/+/gI7oxCAKLtaPmsPi/nxOGLgONl16BCd98E3R5RqYOY7tQodOx4QFRkGUFsxiFyyl+fSs9YB9/ftgkbJeimVkKwTAd4LCgnejMEgRAwT8drDriwK88YppUX1UJ3zUHC+nisXnlGd1+xWb6unISfC1QSXQd6X9yHLFNpwWmf04KdHeVDUEQdo/pyaVum2EkMvZaNlDE/FkAOKsh88ufoS13C0Mdn6DS9pd1b0scfrMlXAtwT6ZrcWVOmAdzjD4R3uYWRjZAq10ZXPDmy4b6hxZrSMgMhjChyQdI+VP7oWJHQyWMk/GqZhWm9+GOlu9Cx3v4rMQjXpnyE8MMZzmnvkhR3g/6xobqgFotmcDu9mE2CQ+sgs/60496zrdfYhOm2GTC3Bp11xbBnHnHP2BRGyQaCQmmnJNblwy0CIfNVRk5Yg8HtJsmNVOEtzQjAkmVyMPU7puzhbIKBso4Fdy7r3AruAq2dbsgGbqIRbPO2fMJuoEBmBwyrd6o7ZBqDXp1AmrZD/roixd7kdM9ZWaghwGqGzmJ432DT8J5rZ0CmPO8xkZ77pvZHntA5NyCuMGQA3HePVFTRCH8cCj+f58IODCTNWk8kpHYBlsG8By86LimFOqmGpzu12JSo34u/+GCPrtO7j4i+hsjSSw1D4Cl5jJBjHifNBbzWLbcgMIPY0PrOcqSyxVwJH9MUW63bPB9QByFVOC4cErFG7XIP324DGCWF9zXSW6WdkVPQdSqUXXJcpXdJ54PG4WzrY5q4fD7VZNb84uY/RLpR0VcnzrJ6IC0QM/2TAUpOCM1dgYH6QsvNDvItH5N4Raj6mUj+FFFUFwDYCuiNo1XfOsrvNiQ/GxCoUOoZLHqJsebiyy65OfQm5BP4qRsi5Ch5/ZeF54apIvWrvjJ769MdQBMbJFPvwDIv6I1awumDhT5EKikuN5nJoJXfBdRlA26b1+7AUnMB8V6cm1S54FrY+ccUkFbHO7aRUd0UCI+vuTmKgu/yrLlF4elat6YP9yLCQeh+ITGbkut4REZ/BAq3KA6zedQKrhoTGOsSCHR/kgRx2Am743tjBusRdTTgPqL5Osl/Uw+U909yLhADLKg1+qnHdX7npk8JtFx++GNAEMsgK1R9DRMg0/SJPP/zM65uYYn0Ha0UM3QCQh9CCoY6UmZ9+ThxUo1GNlDyR9eaw45z+JAOwCqw6zQ654bXBkkL2iDlHztR6oL8laofAuFq3P1BlTzVtbKxxtSNY/OjTNaHO8QzZp3G0pDylc0McnonbUTavmqrZYdqftgvtkUqqfZSXLMPMfC2VYX+6WZUl/KzR3EIcMpCNUrzp8fAMb6hcvwubZ7O7tGfksKMPJrgM3PTDg/AwCt9/paDLMty3IskcOaXyV9qscSs0ELrxeJ9GjnoDGpubaWChu4J5aA5eWtBKDKYll94vz+FxBYpL1+KSXSnsm4fCzAKrBk+jBdWqAT6l1fSmYp9Aw/2+hLGrZfgnlbs5UqQTwe685k1tlxVazX2ipJtmAv8WjDmRfiyUka9kcraZimMcMPPcu/TXo0+MwmfN8uKzpqosIExVtV/S7wWJ36BZ4XFjVr52QWgCzi8/HlXqi7MWhTBjQbsQ8GfNN5U8qH5saJMVZQtKFcGD69gqowLiVxT/hBbBwY3iFM8/26dFxuRpaTpWfUwGlfmlUcZwpmshX0R3DFAf3RiMw9Sy0ocMjAz2UoeaCi1M8l5jYSc9+vvcyTyYELZlIvAqiQ2l3mXej5I6rxKrCNsgrOS/bF3Toq/adfl+M3mTlToXBGKdIQ8xiPE/CuGFnSXrQ+Sq1ahnIOe4ucMqOe2DACdlas1DYaI6m/9W3lLt3B7p+TOPysRRWQh9yI4Awc2C7WA6tTznrpjgr4FUqWZg1py9Un0bpLXC1sOViUNTsrER9JjcjlRKzW3JwVNOSYiKlRf/tHUQmWgl3ky1Bi+9I6SDlHQoz0cm9dVj0SzjCU5LIQJVzk7iTdOskHRHLDnUshcIr9djX0bxkps0YIH2sAFvforJg8kav6FElx4Z1PEnGpEaPyKTusGbd3x1SYYmJ9rwLT2/iNgmzxc8N6RHn26GRR4yuKT/DgoYPbRHeWdXPxNAKhbV25cZ/z7wXL/C3rBPcQbGQGCoklxap5jJZ3bnGDxeNOP/MFGTVeZ7B6u8WGfKgWk6lIpPZsUHRNJbeh5DyhCPvVCn+g5sf8JMbkfa2aEcQSWKwE1bQIFvaNCJ0zxRyjzjiIt7+K5EcTevtbxcjh+i8UvAgbKXsYgVv3TG/as7oOPFWgepVNxKpWPxCPxKeyiepMwni+Ypqm4eP/dGpWBsYM9oLNPbRzjirLl+5Kwda9X+UwE9xqimr1N47P9mm8KxpIf3kfISf7oNAEA236ZzixybNvA7TtPCWHbAvgeYE5t/GA7eKlSQWzrO+utOaZB7gF54Ri9z/1yCsakAeqtOuPbbe+e25IdYMBxPsUX0yBy7PMAkxGXlM9cyUXvErSSQmaQfJOqXsJjHBxSgI+gDKHJXtFazLnaZU2tE4cB5+6olKLJeWJd+U6/pUVEZ6OBpdrstnd+34rGAfhFzyXOZuW7EbdCG32bYBOMqtpLUtKe/tmtVvkPjgIou5wwUQ9xcl5xG1JGRzHheXiBEaqNMl1ePKXx86dNijtm32NAz9rtXqjdoCHJPWruVzMpGFBEjZhIMcJFqiAw/7G2jtokJpmat4w7+Dfc5KwVG5yf5nCEAVSZcUymyw26XATEgD+WSH4CshtjCcP1Y7c7cb8T9rgMRJabvKXCfDsJDsLjfuyRA/7xTf5buS4/KATlxDEPBAMOlPeNz1Tr/TOMrCofRb2JL6R8dbM3u2a4Il+HqUs48AS+jrJzRKhXbuM/WdwODt0GArpWOCZ4YcGZCZ0GbfP/4O053FzuWClC9ScVV6Wb0zyRz5kkJgbOc2iI8w8bpkalKhB5se3cWnz777Nh93T/jqffIJvrBMmm5s2dcDvf0iHwLS336SuY96yBK2RDFiUQiv9YmlMFwAddYc10OKdlpZYOgsIXoyEneHGITXi11r9kzSWq1+Pxpp+4+eCK9u7klg6kEHpFEL5657tmaic8dadURi7NcZxoqsO+WnK7+RENGl9OEpSjMlEE13aYzBardM0Aca0v9pIWn+qX8aUSEh93bwm6wn3UGoEHEvfes02hi0nwoALyOuZswa7p7LBv25k7ns7XYXFME1+snqT55wfg7gRLXxEnyMZKTd4lMMxeAc1HUra+xTcvTegbMJhvso3PPEZGxXLFnHcVy+J/JSOs+oYJeZMuX5JoNzT4BEOH3d5uQorelvyfK8rnp8AHSTpdGWq7rJuK6mmEeXQO5jzScEaWZ2/gtV8KDgJS9scVGQq0EnTXxC8Eb4cqxQeQilI9x/rIsPtsdHJm8qyDhRoWMV35AaY/iyvUi1r3MKOOxTlBfdqDCtp/oRyPtwqDRLQsMMZ1ICy37YDQrID4dBE0xhEtYavqYjb1XsPGXPh78ZWS2+Iu2/ge7zLc7P+L0TUURwv6nR6EuyS54nrVA9K4undoR9kate5lz9R6X7E+UtxjZfG6slDhLXupEy/hC80YQPlESZbN4L3SqsF5vBtRJ/UgUo49RBHFWeeLE75VB0Ly77mnaZLDVX97DbHujxDwsDcGSDRknZ7hWpXJ+KyYdC8Rv/hgVFSADXszTlI18eUUk2iESnZ4IiDPg5XswFjECaA0RKer4Tj6KpW3k+m79F/skkgG5YrLCwDuVtzhroxf3g563C5oA4xURoevn1zxJ5h3o9iSJYb0WAriG6cP9l4WVtVku4fTGoXhc11YMWxPlvHu7Vgi4rtOL75rGXFE+EVvsaLuWWUdbWwGt5on4RDB2WpszBYmr3+3HyzphZRp005MfIruBbkTSL2kd3GYYK7TIQ1AZhUvc8IaUl3Xsz3K7LLQvrNeya24t6XBXipjnQvh+Lg2lBj/ghlsO/clQ/aA6D5F1EcPF2ePIh+FfiQx1jrfY5GRHoiWD4aldZ1YQm0iMs4o4zo9CVFFbnlLrDvrENsNBR/YZN0dpaw8XwBCP30mV31C8hDMHcj6c1Wmj8yv7shYBo8gbWJ1h6GXY92SAyCeGP/u1k7TKR/001EyKGEOsAK7sxMvwQnD7YJuw9fBrKiqnSBSvaPmEyg4oqWwcugey/2L4+gh+MDtR9pDRzAwuy/s8sTCEV0l6YS+p+6N/Y7NUWcf3Jw80xsB/eWbBQrQw9/JZOKt08xuNW04AEbGt5eFfy3ToRwqerN0jO54IEDq4xjR2r8Z8nRpP5Lm2zurvWyPZQrQQsYNQNKfm5xE9sV+nKvDuT90arckdcWwF9iQT4R2RyxLDqyYVYA3Lg6iMzdCUXNTAwn3W63TSucupVDJF2djxqDjM18Lq65S3UjVyhlGu9f3fvJ4TvhsCdu61rsTKOrRh8Z81rUWdloxOr4FpqiC5uzqKEstrVxKMcYoJCn6lOeV9SV6q/XDzrHQlHB5qPB7vA6bz7I7R+SRNRds2jovyKohzTaGxoABsVuqHl8JprAcdRWC5a0mXWWreSZZjerZsomiL6fX97b4NUYxH2nRErR/w/83W7Sn9ixvlyB8qtVBfJqynBz8ZQwcdN6d5/JeUkaSGvZgYwre+qxhwjafM8c9znnFCoMTQ0VMfAxev3J17kaOvNSnEQNu9tHm/5z2HONOJw/S0hrmTHROnN2oLMmS/E6M5GUtQsGOEeZpIUDu+W/M97iWXnZTncnJXdVYTfUs6YmOuU1HDJJ/+JqxuimjKva9TsnY32SJZEo891n6BzXiOlvIG9IzXL2u0KpCfLh2OJNPDj0N4QGuLe1joBbLzTWpbcJNIlRIcQi6WZER68d9/Memsjwv+MsZEdJJaZHCOxc6KQr1cyDywXIbcKeGwK6ZEoi1RgeZlyiJvfkYOvL2fMGsPWtLZLQ6MMDcfPd7u1lEBipahkL1c2y0sQk5Gp8jbGox5/TN126M1XqrYqyr9OHo3ljxsOg0jC7itu5FO8lpPQ217+eZivcEhj3f9D4fqz5ggVyMcrco4etaSSDUYm5Zi0RS2K4EtCyjcL9lQEoZMlCgPSN38QQdl43Fxim/a7U4Bode/LTu28cD+azHeG+/93UsxSGMNPjRH5Jynh4HY8jmHPWxE/VR9wt+3/5qQOsTu0oRpRFJW+nABn+KT5nrLrQTw/HJ7i4TUz0TG3oDlJ863bEsDk7xXkriIek0pP1J/2SJPtjPBDWdTmktURLpNS8miZYcyYkx8qtLik0UqsHZPWeFU5fruxKDLtX7wqnN0AW0HAIncqd/AueuXlI9l/Zuyeu605uZ1Kboe1X8y5z5e44mdutXK23GpPQ8x0vMKxBACWm5FD/aNwVpKgT52kdvhcBznPo4jC9eYyscy36cogNffD6K7V/gs75a4S/Z9x5LC7cfKrPZeBay2SjluLBAXne3nc1Y5w5mDL6dRBLVWJYlbYIdZf6AIqzeax91dMbPiXkFBRrDdnrddTZmAtBvamVJcS/mWf2fWgLRL2eQApGXAoeWM1/I4qqE/nmLEEb2bGfVRBcm7Vv9rPPoDlwEs5t7TZ1iwE87E+sb+5wFkebloR/kUIqKU6bgY/13rehle6RCcJbrwKx/unL8dUSKcRGL8yvju6xJkBmgPAACdApNw41fDrkdOTkCoGcZVBLVH4mSJkdZiDLlY2tPA+uFIWdJBEr/ZaSHYqwiAAtNRyEWxeYbTey57tQ3YAXnMiR5cxL1FpJzrIqwe1In5QwpQIjv7SR+ocuJizr8w6bwyH0pxamjWKO4PfORpzh1NdTVec985GzUq+ycdjcwAkt66rhgYDrXSvOWYT+4yDnwvVQxFiBaamt8AfKtimrRsV7CKkfSMRh9os39kkQ1P3WL43Ik/zwqEoP0NODtKdbViaAqdXz8v3nqCZvV25CJuOqPiNhAlQz6Ci9aQvvHdtYYI6zPAvXVOpc0i/iHImaLx40Clzh6te8TF+ZL5dYU5hXWWx6RjphevjeArWM5QLOa1hkMZ8Y9AKCh9Hn3vc0/DET34twXLIh+mFMj4lkxAzpHIwiw4JbydsjPm3DGfDZuah9X89NQTlk5Lom027iNjNNNwd7cwDpAkWU7/l95dWtVMaAlB5H+36u3nXb4lu9ScWWAPmRzvuHaZKZSceWQVrMBhKz0uwZTHuBBi0G7HyTx3xhR0PyN1uDWZ6AuHSEjh4qn88j65Hj9Oppxn9Jnf77ZYCInbJqjTTtp4heLpVHTiv4C6d5c3gQRcy/2lQcGGcTajWDuaCpuydc9+IIEeY1W+DfYEfVhLNTYeTXHAEu8AElPZ8lrjisWE2Yeq4atwB5hfxxHmwptlZWIesSiWl7Lct+mTo7L2D9K46EiRU3ZrSBc0kjljRhpAwt8woVlEFOjB45AZFX9n7xyj/EpQ/ieLJRnvlpPqkvyOXX6XpRMEMogB2oIvNF4g5E2capB9xqxREGax7PCAZ8HcIMzklgc2GrD2TJSf6Oza3aS/gNmqMip4DJvN71VTudWMWctKJJkPCdop2/r+DbSORX7f0pdX6y0gMfVOiKQeeHxFe6XG8h9sSNVhA/pp+IiNpKAaHBY6agtkZh7/MibE6xNVm8F9Z1FXItIhdMfncpvQxESX+6GrOMvNJuWcsznj4IUWg6p1OjaLRURaNUNMtoQ8JYZNV/FhanlZj/ILgb95l2sYWopmLHViVFspf90e2NTWXmg32246HZ/CG3XzkYKDBK53Cbt0th8/zsuD10KAcuUTr7XENvil9nZdl90PSK707lDTvI24zS4JgnpFGMkCvAfNFcKljza2o0MGBUSIux1jwjiM60lrCMA4QVOKD5SUtmwHnDkfgW+gtsWJTxYJXNhapdvea5Yjac+cpEUHhONdKwJzzI5kNHul+zC8Oc85VZCcFynoNxH5RUVeVcTLdV4bRV729y4kVr4YvHEnM3Q9SX5XcwzZdiK95Vyo9yLppc4DrNBLPA/qew0F7Pt27UdNuYTGIW2TxtX2yMoB6IaXvIThTwp8g6El5xr4DI/yMdLPE17MG70weVG+L04H0SQqxWocKjKSfMYukbG9ws044U2KT6G8D68GcA8uheXjSKnPRzzNCQcKOoJdVWacazPSKaa8OwB4v8m+EQ4dOkQr1DEfJcF1+JMWFJKG69fkKuFw+SnYSIyMZomwZv7V1pPtFCODCny3rLHCVxgUcBlUIGw+F7EMUEMwZwvMZu9v5lDAUYR7ibIYcppApbXLwktnTPT0EqZdQek1+jCOWd6vXlEt/TnqeoecRpCUMceC72gOE4Z6SnL/Y4D54AV2i483SgD2MuYBWVqqjXYTqXwCFl/F214f63S1ttDR19SvWbo2fdLabBhxflNzwZKBS8KX7KJATNyo50k94kaV8go+LcgRD/b9usoALEHeWEtFsWbFDT5KVpZhNka1poc6GMLTVAS9apdHJ2+8bgEOm5aHeneuTsbN+rbI2Mbe3CqsDEEwtQlDfZwbWQ/tjiYoHqw4M6XkopB8YI0dnp831Qo9fEsUmJ4/QQ7Tex+CtnsmE2uV025nD6A7SY+KVEs2Za6xZYydBwjFecCAiaCCG3y1IfpOLSx+AAvODI2FIgVht+RhrLTkRLS7tplH95tjYo1NMZ3rfg/tps8o2T+cOXRWDcvMFHZv8W/qjbAI3V6pxunPoLzMiO9Oj++fsFiqXYtDfPv2wz9sVEu0e2kybVq5TCGD3zRG5a4F23e2zxOm+/v7OghICzBuQFuzTXXNoHRxsguXgEyHTOu2rypxD+siAxq7vDiB+0GID2g=="}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":null}}}}},"/v1/cckm/ekm/session/endsession":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"End Session","description":"Destroys an EKM UDE session","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"EndSession parameters","schema":{"type":"object","title":"EndSession request","required":["sessionContext","tlsRecords"],"properties":{"sessionContext":{"type":"string","description":"Session context identifier"},"tlsRecords":{"type":"string","description":"TLS records, base64 encoded"}},"example":{"sessionContext":"rBfiBbcZQVat8ignllftgw==","tlsRecords":"FwMDADJQfHIph+lN29M6lgAUintbis1Z+rrDr23iGcxGkDm2KFxaIqxz7rOPslajQFBaiZAOCw=="}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":null}}}}},"/v1/cckm/ekm/endpoints/{id}:confidentialwrap":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Confidential Wrap","description":"Performs a confidential wrap, i.e. an EKM wrap but requiring the use of a secure session and involving a policy enforcement check against the requirements for the endpoint (i.e. the level of attestation required)","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"ConfidentialWrap parameters","schema":{"type":"object","title":"ConfidentialWrap request","required":["sessionContext","tlsRecords"],"properties":{"sessionContext":{"type":"string","description":"Session context identifier"},"tlsRecords":{"type":"string","description":"TLS records, base64 encoded"}},"example":{"sessionContext":"EgCATJGSQNuoMaL/OBHpyw==","tlsRecords":"FwMDALj9lOQZxxikEPb0PZBulPaZdfN8i1+l5unt+CPQpvr0ihEEoGkt+M/RiwE4aMcks8J3BkfXsz5HgdnaksyOkvxVxQvWGglt49Ilx5GSRKkKKxIlpOs4PpZEX4Kav3gmiUXyIp+pJWK6iGeZc1ls/akAs6q4Do1I3J7EGVKxNRZPAY3rg1fPAHJUGkt6wm5KJ14TvAu+TBp16uksAxug1nrNfXix7mD/pe91BNQi7oSzFBYS9CcIl/Jz"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"tlsRecords":"FwMDATz0RbhObY+kcrbxxQSlHWWhXjh+rSQYrX3PEkhIvH4SdtWVIqj6jnYSMjEEivtjoLe5/IyXIolOSr9HNGwbZWu/aJ+s9F1IjTsZME2L2ihwAl3/P1sQzmLWI0MwdhWAGA9xO6zXB84EZJgQTfLxzvFw6DKIrlwmF3Psk/B4jMwSbvb5jIivSjsxIg6XqVp2CrkbauONWbR+IWu8oCQljJnAE8VD/3g6auKgcA2kmHo6E4ShnGu3cdN8dg8jg0lbBnMz9czs+NIhMgHftmATUCo55gJtZeJGlBPj+IC+S+Vtw/qtsMy6+SgA1P8H5lBZ2D5eTbB87ozK0lmDRH9HOiqEoYbHnQ0LmaYNi9SvnEbhpt+IVQlJPLBIwZB6OrR3QyiyX76kIdy9jOz2ICvTHL7LrgFxDME0QHkOmfij"}}}}}},"/v1/cckm/ekm/endpoints/{id}:confidentialunwrap":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Confidential Unwrap","description":"Performs a confidential unwrap, i.e. an EKM unwrap but requiring the use of a secure session and involving a policy enforcement check against the requirements for the endpoint (i.e. the level of attestation required)","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"ConfidentialUnwrap parameters","schema":{"type":"object","title":"ConfidentialUnwrap request","required":["sessionContext","tlsRecords"],"properties":{"sessionContext":{"type":"string","description":"Session context identifier"},"tlsRecords":{"type":"string","description":"TLS records, base64 encoded"}},"example":{"sessionContext":"4Yw2BIrWRy2Q7UsdF6fZTg==","tlsRecords":"FwMDAdY1DQzI/Fl/A1/FVqYOhWXAE7R0jq1u+7Rr8IVBPil8JJe3fNgWnm7KT+ljm9Vg/PpilRlXs4G9BeK7C/XoaBYHMWFYkjRHIoeASG9ArG1ZLAVHhDGFfp98Qf18HGCU2WQHGiZkU1xs4cS+nboBADdswJR+JA+7N0ofwfLHYQwzaEYSKuSwaFRTA827AWx1ZUdcqY3LwX51zr9G7WLi7Q/koS7NRNhRCSAwnuH4AcWfrS3yj2ayKzzrE8enLXNGbb76B64Cvhelm2F8TSSuvQ9u1rqhnlxkoKccJLjXWXwuh4g9fcB/MH0H36YaVkSUZX8NNAdqQ9wTS5aBomkvJ9mI0QuDConNZpGAIsyMPdw3jw0fKYZgHjLruePl98GKMbOc19fiA3hU3I1HaFGMCcpYfl3CTUyULf99wmoseXe4f7npfqgpgXyDsPg0pjA7Oh8gu0K7l3gVAZ87VsQw5sBibWyvm61sJxkYYCWtKbyTMv8D04MubnMkc8xCxDvrBPfnZ+wBwD3rhc247SuQcUHLck8hFFRoiZlQmFDuJq5mYxp0IBY1JCa2KwSSDK9sp7eP1wm6hWOXlgcEwC2TpAhTBK7KdvwL8pxaH854hZE9YIKHNJ9IyQ=="}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"tlsRecords":"FwMDAB4YqPC3z+9Ae49bNI7IO4hC4SaM7iuj5wtCcLuQW40="}}}}}},"/v1/cckm/ekm/endpoints/{id}:asymmetricVerify":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"AsymmetricVerify","description":"Google Cloud EKM asymmetricVerify endpoint.\n- A JWT asserting that the asymmetricVerify operation is done by a legitimate user.\n- The base64 signature that requires verification.\n- Additional Context containing Key Access Justification details.\n","tags":["CCKM/Google Cloud EKM (Data Plane)","Test Only"],"parameters":[{"name":"body","in":"body","required":true,"description":"Google Cloud EKM AsymmetricVerify parameters","schema":{"type":"object","required":["data","signature"],"properties":{"data":{"type":"string","format":"byte","description":"Required. The data to be signed (base64 encoded). Must be no larger than 64KiB."},"signature":{"type":"string","format":"byte","description":"Required. The data signature (base64 encoded)."},"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"key_uri_prefix":{"type":"string","description":"Optional data that, if specified, defines the full key URI."}},"description":"Verify data with the asymmetric key named in the Request."}}],"responses":{"200":{"description":"Success!","schema":{"type":"object","properties":{"status":{"type":"boolean","format":"boolean","description":"Verification status."}},"description":"Response message for [GCPExternalKeyManagementService.AsymmetricVerify][]."},"examples":{"application/json":{"status":true}}},"default":{"description":"An unexpected error response","schema":{"type":"object","properties":{"error":{"type":"string"},"code":{"type":"integer","format":"int32"},"message":{"type":"string"},"details":{"type":"array","items":{"type":"object","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized potocol buffer message. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\nNote: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics."},"value":{"type":"string","format":"byte","description":"Must be a valid serialized protocol buffer of the above specified type."}},"description":"`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++.\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(&foo)) {\n ...\n }\nExample 2: Pack and unpack a message in Java.\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n Example 3: Pack and unpack a message in Python.\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n Example 4: Pack and unpack a message in Go\n foo := &pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := &pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\nThe pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example:\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": ,\n \"lastName\": \n }\nIf the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]):\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"}}}}}}}},"/v1/cckm/ekm/cryptospaces":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"A cryptospace is a logical workspace on CCKM in which a group of keys resides and in which new \nco-ordinated keys can be created/rotated/destroyed thru Cloud KMS EKM management mode using a VPC connection. \n\nA cryptospace is a resource that only exists in CM and not in Cloud KMS.\n\nCreate an EKM cryptospace for Google EKM supported services. You can map EKM endpoints to a cryptospace. \nCryptospace policy would be inherited by all EKM endpoints associated with this Cryptospace.\n\nSpecify the following required details:\n- Cryptospace type (ekm by default) \n- GCP Project\n- Policy attributes in rego or basic format, including allowed service accounts.\n- Attestation parameter for encrypt (applicable only if type is ekm-ude)\n- Attestation parameter for decrypt (applicable only if type is ekm-ude)\n- Location\n","tags":["CCKM/Google Cloud EKM CryptoSpaces","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"Cryptospace parameters","schema":{"type":"object","title":"Create Cryptospace","required":["name","type","project_id","meta","blocked","raw_policy_enabled","policy","hostname","location"],"properties":{"name":{"type":"string","description":"Name of the cryptospace. This name must be unique in a domain."},"type":{"type":"string","description":"Cryptospaces are separate for EKM and EKM UDE endpoints. Default is ekm.","enum":["ekm","ekm-ude"]},"project_id":{"type":"string","description":"Project id of the Google Cloud project to be associated with a cryptospace."},"meta":{"type":"object","description":"Additional information associated with this cryptospace."},"blocked":{"type":"boolean","description":"This field indicates whether the cryptospace is blocked. Default is false.\n"},"raw_policy_enabled":{"type":"boolean","description":"Flag to denote whether the sent policy is in raw format. Default is false.\nCryptospace policy in basic format is required, if raw_policy_enabled=false.\n"},"policy":{"type":"object","description":"Cryptospace Key Access Justification (KAJ) Policy attributes. Endpoints in a cryptospace are to inherit the cryptospace's policy.\nEKM endpoint in a cryptospace can have its own policy as well. \n","title":"Cryptospace policy","properties":{"basic":{"type":"object","description":"Cryptospace KAJ Policy in basic format. Required field if raw_policy_enabled=false.","title":"Cryptospace KAJ Policy in basic format","required":["clients"],"properties":{"clients":{"description":"Allowed Service Accounts. It is a mandatory field.","type":"array"},"justification_required":{"type":"boolean","description":"Flag to denote whether key access justification should be enforced. Default is false."},"justification_reason":{"description":"Justification reason can't be empty when `justification_required` is set to true.\nAllowed Key Access justification reasons.\n","type":"array","enum":["REASON_UNSPECIFIED,","CUSTOMER_INITIATED_SUPPORT,","GOOGLE_INITIATED_SERVICE,","THIRD_PARTY_DATA_REQUEST,","GOOGLE_INITIATED_REVIEW,","CUSTOMER_INITIATED_ACCESS,","GOOGLE_INITIATED_SYSTEM_OPERATION,","REASON_NOT_EXPECTED,","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","GOOGLE_INITIATED_REVIEW"]},"attestation_zones":{"description":"Allowed zones. Applicable only if type is ekm-ude.","type":"array"},"attestation_project_ids":{"description":"Allowed project IDs. Applicable only if type is ekm-ude.","type":"array"},"attestation_instance_names":{"description":"Allowed instance names. Applicable only if type is ekm-ude.","type":"array"}}},"rego":{"description":"Cryptospace KAJ Policy in rego format. Required field if raw_policy_enabled=true.","type":"string"}}},"cvm_required_for_encrypt":{"type":"boolean","description":"Is a confidential VM (and valid attestation) required for encryption. Applicable only if type is ekm-ude."},"cvm_required_for_decrypt":{"type":"boolean","description":"Is a confidential VM (and valid attestation) required for decryption. Applicable only if type is ekm-ude."},"hostname":{"type":"string","description":"Base url hostname for Ciphertrust Manager."},"location":{"type":"string","description":"Location of a cryptospace."},"description":{"type":"string","description":"Description of a cryptospace."},"permissions":{"type":"array","description":"List of service accounts and permissions.\n","items":{"type":"object","required":["service_account","permissions"],"properties":{"service_account":{"type":"string","description":"Service account used to call control/data plane API."},"permissions":{"description":"List of permissions assigned to service account.","type":"array","enum":["CREATE_KEY,","DESTROY_KEY,","WRAP,","UNWRAP,","GET_PUBLIC_KEY,","ASYMMETRIC_SIGN,","GET_INFO"]}}}}},"example":{"name":"cryptospace_1","hostname":"test.com","type":"ekm","project_id":"thales-test-proj","meta":{"color":"blue","size":"big"},"blocked":false,"raw_policy_enabled":false,"policy":{"basic":{"justification_required":true,"clients":["richard-roe@google.com","john-doe@thales-test-proj.iam.gserviceaccount.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"]}},"location":"us-east1","description":"cryptospace for testing Google Co-ordinated Keys","permissions":[{"service_account":"test-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["CREATE_KEY","DESTROY_KEY","WRAP","UNWRAP","GET_PUBLIC_KEY","ASYMMETRIC_SIGN","GET_INFO"]},{"service_account":"test2-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["WRAP","UNWRAP"]}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"e94093c5-f9a0-4bd6-84ea-c44ff8cb1c88","uri":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:cckm:ekm-cryptospace:e94093c5-f9a0-4bd6-84ea-c44ff8cb1c88","account":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:admin:accounts:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963","createdAt":"2022-09-26T05:52:31.721974Z","updatedAt":"2022-09-26T05:52:31.721974Z","type":"ekm","project_id":"thales-test-proj","meta":{"color":"red","size":"xsmall"},"blocked":false,"raw_policy_enabled":false,"policy":{"basic":{"justification_required":true,"clients":["richard-roe@google.com","john-doe@thales-test-proj.iam.gserviceaccount.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"]},"rego":"\npackage example\ndefault allow = false\n\ndefault allowedClient = false\nallowedClient {\n\t\tinput.clients = {\"richard-roe@google.com\",\"john-doe@thales-test-proj.iam.gserviceaccount.com\"}[_]\n}\n\ndefault allowedJustification = false\nallowedJustification {\n\t\tinput.justificationReason = {\"CUSTOMER_INITIATED_SUPPORT\"}[_]\n}\n\nallow {\n allowedClient\n allowedJustification\n}\n"},"hostname":"test.com","name":"cryptospace_1","location":"us-east1","description":"cryptospace for testing Google Co-ordinated Keys","cryptospace_path":"api/v1/cckm/ekm/cryptospaces/f84149ea-d8b3-465a-907d-f2724c635798","permissions":[{"service_account":"test-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["CREATE_KEY","DESTROY_KEY","WRAP","UNWRAP","GET_PUBLIC_KEY","ASYMMETRIC_SIGN","GET_INFO"]},{"service_account":"test2-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["WRAP","UNWRAP"]}]}}}}},"get":{"summary":"List","description":"Returns a list of EKM cryptospaces. The results can be filtered using the query parameters.","tags":["CCKM/Google Cloud EKM CryptoSpaces","Tech Preview"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results based on the EKM cryptospace ID."},{"name":"name","in":"query","type":"string","description":"Filter the results based on the EKM cryptospace name."},{"name":"project_id","in":"query","type":"string","description":"Filter the results by the Google project id.","collectionFormat":"multi"},{"name":"type","in":"query","type":"string","description":"Filter the results by the EKM cryptospace type."},{"name":"location","in":"query","type":"string","description":"Filter the results by the Google location.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"EKM Endpoint name.","type":"string"},"kekURI":{"description":"URI of KEK created by EKM Endpoint.","type":"string"},"kekURIHostname":{"description":"URI Hostname of KEK created by EKM Endpoint.","type":"string"},"kekName":{"description":"Name of KEK created by EKM Endpoint.","type":"string"},"kekID":{"description":"ID of KEK created by EKM Endpoint.","type":"string"},"meta":{"description":"Additional information associated with EKM Endpoint.","type":"object"},"enabled":{"description":"Status to allow wrap or unwrap operation using this EKM Endpoint.","type":"boolean"}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":3,"resources":[{"id":"e94093c5-f9a0-4bd6-84ea-c44ff8cb1c88","uri":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:cckm:ekm-cryptospace:e94093c5-f9a0-4bd6-84ea-c44ff8cb1c88","account":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:admin:accounts:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963","createdAt":"2022-09-26T05:52:31.721974Z","updatedAt":"2022-09-26T05:52:31.721974Z","type":"ekm","project_id":"thales-test-proj","meta":{"size":"xsmall","color":"red"},"blocked":false,"raw_policy_enabled":false,"policy":{"basic":{"justification_required":true,"clients":["richard-roe@google.com","john-doe@thales-test-proj.iam.gserviceaccount.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"]},"rego":"\npackage example\ndefault allow = false\n\ndefault allowedClient = false\nallowedClient {\n\t\tinput.clients = {\"richard-roe@google.com\",\"john-doe@thales-test-proj.iam.gserviceaccount.com\"}[_]\n}\n\ndefault allowedJustification = false\nallowedJustification {\n\t\tinput.justificationReason = {\"CUSTOMER_INITIATED_SUPPORT\"}[_]\n}\n\nallow {\n allowedClient\n allowedJustification\n}\n"},"hostname":"test.com","name":"cryptospace_1","permissions":[{"service_account":"test-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["CREATE_KEY","DESTROY_KEY","WRAP","UNWRAP","GET_PUBLIC_KEY","ASYMMETRIC_SIGN","GET_INFO"]},{"service_account":"test2-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["WRAP","UNWRAP"]}]},{"id":"7d8249ca-4dbf-48d7-b14d-bc6535249dcd","uri":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:cckm:ekm-cryptospace:7d8249ca-4dbf-48d7-b14d-bc6535249dcd","account":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:admin:accounts:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963","createdAt":"2022-09-26T05:38:12.870872Z","updatedAt":"2022-09-26T05:38:12.870872Z","type":"ekm-ude","project_id":"thales-test-proj","meta":{"size":"large","color":"red"},"blocked":true,"raw_policy_enabled":false,"policy":{"basic":{"justification_required":true,"clients":["richard-roe@google.com","john-doe@thales-test-proj.iam.gserviceaccount.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"]},"rego":"\npackage example\ndefault allow = false\n\ndefault allowedClient = false\nallowedClient {\n\t\tinput.clients = {\"richard-roe@google.com\",\"john-doe@thales-test-proj.iam.gserviceaccount.com\"}[_]\n}\n\ndefault allowedJustification = false\nallowedJustification {\n\t\tinput.justificationReason = {\"CUSTOMER_INITIATED_SUPPORT\"}[_]\n}\n\ndefault allowAttestation = true\n\nallow {\n allowedClient\n allowedJustification\n allowAttestation\n}\n"},"hostname":"test.com","cvm_required_for_encrypt":true,"cvm_required_for_decrypt":false,"name":"cryptospace_2"},{"id":"d47cd045-616a-4b13-88c4-03cfa8817318","uri":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:cckm:ekm-cryptospace:d47cd045-616a-4b13-88c4-03cfa8817318","account":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:admin:accounts:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963","createdAt":"2022-09-26T05:34:52.14094Z","updatedAt":"2022-09-26T05:34:52.14094Z","type":"ekm","project_id":"thales-test-proj","meta":{"size":"xsmall","color":"red"},"blocked":false,"raw_policy_enabled":false,"policy":{"basic":{"justification_required":true,"clients":["richard-roe@google.com","john-doe@thales-test-proj.iam.gserviceaccount.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"]},"rego":"\npackage example\ndefault allow = false\n\ndefault allowedClient = false\nallowedClient {\n\t\tinput.clients = {\"richard-roe@google.com\",\"john-doe@thales-test-proj.iam.gserviceaccount.com\"}[_]\n}\n\ndefault allowedJustification = false\nallowedJustification {\n\t\tinput.justificationReason = {\"CUSTOMER_INITIATED_SUPPORT\"}[_]\n}\n\nallow {\n allowedClient\n allowedJustification\n}\n"},"hostname":"test.com","name":"cryptospace_3"}]}}}}}},"/v1/cckm/ekm/cryptospaces/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an EKM cryptospace with the given `id`.","tags":["CCKM/Google Cloud EKM CryptoSpaces","Tech Preview"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"e94093c5-f9a0-4bd6-84ea-c44ff8cb1c88","uri":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:cckm:ekm-cryptospace:e94093c5-f9a0-4bd6-84ea-c44ff8cb1c88","account":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:admin:accounts:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963","createdAt":"2022-09-26T05:52:31.721974Z","updatedAt":"2022-09-26T05:52:31.721974Z","type":"ekm","project_id":"thales-test-proj","meta":{"size":"xsmall","color":"red"},"blocked":false,"raw_policy_enabled":false,"policy":{"basic":{"justification_required":true,"clients":["richard-roe@google.com","john-doe@thales-test-proj.iam.gserviceaccount.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"]},"rego":"\npackage example\ndefault allow = false\n\ndefault allowedClient = false\nallowedClient {\n\t\tinput.clients = {\"richard-roe@google.com\",\"john-doe@thales-test-proj.iam.gserviceaccount.com\"}[_]\n}\n\ndefault allowedJustification = false\nallowedJustification {\n\t\tinput.justificationReason = {\"CUSTOMER_INITIATED_SUPPORT\"}[_]\n}\n\nallow {\n allowedClient\n allowedJustification\n}\n"},"hostname":"test.com","name":"cryptospace_1","cryptospace_path":"api/v1/cckm/ekm/cryptospaces/f84149ea-d8b3-465a-907d-f2724c635798"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update an EKM cryptospace.\n","tags":["CCKM/Google Cloud EKM CryptoSpaces","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"Update EKM cryptospace parameters.","schema":{"type":"object","title":"Update EKM cryptospace parameters.","properties":{"meta":{"type":"object","description":"Additional information associated with this cryptospace."},"blocked":{"type":"boolean","description":"This field indicates whether the cryptospace is blocked. Default is false.\n"},"raw_policy_enabled":{"type":"boolean","description":"Flag to denote whether the sent policy is in raw format. Default is false.\nCryptospace policy in basic format is required if raw_policy_enabled=false.\n"},"policy":{"type":"object","description":"Cryptospace Key Access Justification (KAJ) Policy attributes. Endpoints in a cryptospace are to inherit the cryptospace's policy.\nEKM endpoint in a cryptospace can have its own policy as well.\n","title":"Cryptospace policy","properties":{"basic":{"type":"object","description":"Cryptospace KAJ Policy in basic format. Required field if raw_policy_enabled=false.","title":"Cryptospace KAJ Policy in basic format","required":["clients"],"properties":{"clients":{"description":"Allowed Service Accounts. It is a mandatory field.","type":"array"},"justification_required":{"type":"boolean","description":"Flag to denote whether key access justification should be enforced. Default is false."},"justification_reason":{"description":"Justification reason can't be empty when `justification_required` is set to true.\nAllowed Key Access justification reasons.\n","type":"array","enum":["REASON_UNSPECIFIED,","CUSTOMER_INITIATED_SUPPORT,","GOOGLE_INITIATED_SERVICE,","THIRD_PARTY_DATA_REQUEST,","GOOGLE_INITIATED_REVIEW,","CUSTOMER_INITIATED_ACCESS,","GOOGLE_INITIATED_SYSTEM_OPERATION,","REASON_NOT_EXPECTED,","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION","GOOGLE_INITIATED_REVIEW"]},"attestation_zones":{"description":"Allowed zones. Applicable only if type is ekm-ude.","type":"array"},"attestation_project_ids":{"description":"Allowed Project IDs. Applicable only if type is ekm-ude.","type":"array"},"attestation_instance_names":{"description":"Allowed Instance Names. Applicable only if type is ekm-ude.","type":"array"}}},"rego":{"description":"Cryptospace KAJ Policy in rego format. Required field if raw_policy_enabled=true.","type":"string"}}},"cvm_required_for_encrypt":{"type":"boolean","description":"Is a confidential VM (and valid attestation) required for encryption. Applicable only if type is ekm-ude."},"cvm_required_for_decrypt":{"type":"boolean","description":"Is a confidential VM (and valid attestation) required for decryption. Applicable only if type is ekm-ude."},"hostname":{"type":"string","description":"Base url hostname for Ciphertrust Manager."},"description":{"type":"string","description":"Description of a cryptospace."},"permissions":{"type":"object","description":"List of service accounts and permissions.\n","required":["service_account","permissions"],"properties":{"service_account":{"type":"string","description":"Service account used to call control/data plane API."},"permissions":{"description":"List of permissions assigned to a service account.","type":"array","enum":["CREATE_KEY,","DESTROY_KEY,","WRAP,","UNWRAP,","GET_PUBLIC_KEY,","ASYMMETRIC_SIGN,","GET_INFO"]}}}},"example":{"hostname":"updated-host.com","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"raw_policy_enabled":false,"policy":{"basic":{"clients":["john-doe@google.com"]}},"description":"Updated description of cryptospace","permissions":[{"service_account":"test-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["CREATE_KEY","DESTROY_KEY","WRAP","UNWRAP","GET_PUBLIC_KEY","ASYMMETRIC_SIGN","GET_INFO"]},{"service_account":"test2-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["WRAP","UNWRAP"]}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"7d8249ca-4dbf-48d7-b14d-bc6535249dcd","uri":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:cckm:ekm-cryptospace:7d8249ca-4dbf-48d7-b14d-bc6535249dcd","account":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:admin:accounts:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963","createdAt":"2022-09-26T05:38:12.870872Z","updatedAt":"2022-09-26T05:38:12.870872Z","type":"ekm-ude","project_id":"thales-test-proj","meta":{"size":"large","color":"red"},"blocked":true,"raw_policy_enabled":false,"policy":{"basic":{"justification_required":true,"clients":["john-doe@google.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"]},"rego":"\npackage example\ndefault allow = false\n\ndefault allowedClient = false\nallowedClient {\n\t\tinput.clients = {\"john-doe@google.com\"}[_]\n}\n\ndefault allowedJustification = false\nallowedJustification {\n\t\tinput.justificationReason = {\"CUSTOMER_INITIATED_SUPPORT\"}[_]\n}\n\ndefault allowAttestation = true\n\nallow {\n allowedClient\n allowedJustification\n allowAttestation\n}\n"},"hostname":"updated-host.com","description":"Updated description of a cryptospace","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"name":"cryptospace_1","cryptospace_path":"api/v1/cckm/ekm/cryptospaces/f84149ea-d8b3-465a-907d-f2724c635798","permissions":[{"service_account":"test-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["CREATE_KEY","DESTROY_KEY","WRAP","UNWRAP","GET_PUBLIC_KEY","ASYMMETRIC_SIGN","GET_INFO"]},{"service_account":"test2-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["WRAP","UNWRAP"]}]}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"An EKM Endpoint KEK for wrapping and unwrapping operation will be deleted. Delete EKM Cryptospace. If the EKM Cryptospace has all its EKM endpoints in DESTROYED state, these endpoints will be deleted from DB first before deleting the cryptospace.","tags":["CCKM/Google Cloud EKM CryptoSpaces","Tech Preview"],"responses":{"204":{"description":"EKM Endpoint is deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/ekm/cryptospaces/{id}/block":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Block access to EKM Cryptospace.","description":"Block access to data plane APIs for a given cryptospace (wrap, unwrap, create key, destroy key).","tags":["CCKM/Google Cloud EKM CryptoSpaces","Tech Preview"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"7d8249ca-4dbf-48d7-b14d-bc6535249dcd","uri":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:cckm:ekm-cryptospace:7d8249ca-4dbf-48d7-b14d-bc6535249dcd","account":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:admin:accounts:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963","createdAt":"2022-09-26T05:38:12.870872Z","updatedAt":"2022-09-26T05:38:12.870872Z","type":"ekm-ude","project_id":"thales-test-proj","meta":{"size":"large","color":"red"},"blocked":true,"raw_policy_enabled":false,"policy":{"basic":{"justification_required":true,"clients":["john-doe@google.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"]},"rego":"\npackage example\ndefault allow = false\n\ndefault allowedClient = false\nallowedClient {\n\t\tinput.clients = {\"john-doe@google.com\"}[_]\n}\n\ndefault allowedJustification = false\nallowedJustification {\n\t\tinput.justificationReason = {\"CUSTOMER_INITIATED_SUPPORT\"}[_]\n}\n\ndefault allowAttestation = true\n\nallow {\n allowedClient\n allowedJustification\n allowAttestation\n}\n"},"hostname":"test.com","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"name":"cryptospace_1","cryptospace_path":"api/v1/cckm/ekm/cryptospaces/f84149ea-d8b3-465a-907d-f2724c635798","permissions":[{"service_account":"test-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["CREATE_KEY","DESTROY_KEY","WRAP","UNWRAP","GET_PUBLIC_KEY","ASYMMETRIC_SIGN","GET_INFO"]},{"service_account":"test2-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["WRAP","UNWRAP"]}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/ekm/cryptospaces/{id}/unblock":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Unblock access to EKM Cryptospace.","description":"Unblock access to data plane APIs for a given cryptospace (wrap, unwrap, create key, destroy key).","tags":["CCKM/Google Cloud EKM CryptoSpaces","Tech Preview"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"7d8249ca-4dbf-48d7-b14d-bc6535249dcd","uri":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:cckm:ekm-cryptospace:7d8249ca-4dbf-48d7-b14d-bc6535249dcd","account":"kylo:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963:admin:accounts:kylo-36db9ba8-816a-41ba-a6f0-1fc2bea70963","createdAt":"2022-09-26T05:38:12.870872Z","updatedAt":"2022-09-26T05:38:12.870872Z","type":"ekm-ude","project_id":"thales-test-proj","meta":{"size":"large","color":"red"},"blocked":false,"raw_policy_enabled":false,"policy":{"basic":{"justification_required":true,"clients":["john-doe@google.com"],"justification_reason":["CUSTOMER_INITIATED_SUPPORT"]},"rego":"\npackage example\ndefault allow = false\n\ndefault allowedClient = false\nallowedClient {\n\t\tinput.clients = {\"john-doe@google.com\"}[_]\n}\n\ndefault allowedJustification = false\nallowedJustification {\n\t\tinput.justificationReason = {\"CUSTOMER_INITIATED_SUPPORT\"}[_]\n}\n\ndefault allowAttestation = true\n\nallow {\n allowedClient\n allowedJustification\n allowAttestation\n}\n"},"hostname":"test.com","cvm_required_for_encrypt":false,"cvm_required_for_decrypt":false,"name":"cryptospace_1","cryptospace_path":"api/v1/cckm/ekm/cryptospaces/f84149ea-d8b3-465a-907d-f2724c635798","permissions":[{"service_account":"test-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["CREATE_KEY","DESTROY_KEY","WRAP","UNWRAP","GET_PUBLIC_KEY","ASYMMETRIC_SIGN","GET_INFO"]},{"service_account":"test2-ekm@testgcp-prj.iam.gserviceaccount.com","permissions":["WRAP","UNWRAP"]}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/ekm/endpoints/{id}:asymmetricSign":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"AsymmetricSign","description":"Google Cloud EKM asymmetricSign endpoint.\n- A JWT asserting that the asymmetricSign operation is done by a legitimate user.\n- The base64 data that requires to be signed.\n- Additional Context containing Key Access Justification details.\n","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","required":true,"description":"Google Cloud EKM AsymmetricSign parameters","schema":{"type":"object","required":["data"],"properties":{"data":{"type":"string","format":"byte","description":"Required. The data to be signed (base64 encoded). Must be no larger than 64KiB."},"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"key_uri_prefix":{"type":"string","description":"Optional data that, if specified, defines the full key URI."}},"description":"Signs data with the asymmetric key named in the Request."}}],"responses":{"200":{"description":"Success!","schema":{"type":"object","properties":{"signature":{"type":"string","format":"byte","description":"The signed data."}},"description":"Response message for [GCPExternalKeyManagementService.AsymmetricSign][]."},"examples":{"application/json":{"signature":"ZXlKM2NtRndjR1ZrWDJKc2IySWlPaUpCZW5Cc1RIQXlPRTh2WkdWd1QzZE1ZVk5zY1hwS1pWWlFTR3R4YVcxMlJXYzVTWFFyY0ZOTlMzWjROaUlzSW10bGExOXBaQ0k2SWpNNVkyWmhaR1EyTnpWa05EUmhPV1k0T0Raa09XSTBNalV3TjJSaU1UUXlZekZrWmpjeU5tTmhPR0ZrTkRGaVltSXhPRGs0T1RJek1UY3pNMlZsTmpnaWZRPT0="}}},"default":{"description":"An unexpected error response","schema":{"type":"object","properties":{"error":{"type":"string"},"code":{"type":"integer","format":"int32"},"message":{"type":"string"},"details":{"type":"array","items":{"type":"object","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized potocol buffer message. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\nNote: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics."},"value":{"type":"string","format":"byte","description":"Must be a valid serialized protocol buffer of the above specified type."}},"description":"`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++.\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(&foo)) {\n ...\n }\nExample 2: Pack and unpack a message in Java.\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n Example 3: Pack and unpack a message in Python.\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n Example 4: Pack and unpack a message in Go\n foo := &pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := &pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\nThe pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example:\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": ,\n \"lastName\": \n }\nIf the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]):\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"}}}}}}}},"/v1/cckm/ekm/endpoints/{id}:getPublicKey":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"GetPublicKey","description":"Google Cloud EKM GetPublicKey endpoint.\n- A JWT asserting that the asymmetricsign operation is done by a legitimate user.\n- The base64 data that requires to be signed.\n- Additional Context containing Key Access Justification details.\n","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","required":true,"description":"Google Cloud EKM GetPublicKey parameters","schema":{"type":"object","properties":{"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"key_uri_prefix":{"type":"string","description":"Optional data that, if specified, defines the full key URI."}},"description":"Gets the public key of the asymmetric key named in the Request.."}}],"responses":{"200":{"description":"Success!","schema":{"type":"object","properties":{"pem":{"type":"string","description":"The public key, SubjectPublicKeyInfo encoded in PEM format."},"key_algorithm":{"description":"The key algorithm associated with the Asymmetric Key.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["ALGORITHM_UNSPECIFIED","ALGORITHM_RSA_SIGN_PSS_2048_SHA256","ALGORITHM_RSA_SIGN_PSS_3072_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA256","ALGORITHM_RSA_SIGN_PSS_4096_SHA512","ALGORITHM_RSA_SIGN_PKCS1_2048_SHA256","ALGORITHM_RSA_SIGN_PKCS1_3072_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA256","ALGORITHM_RSA_SIGN_PKCS1_4096_SHA512","ALGORITHM_EC_SIGN_P256_SHA256","ALGORITHM_EC_SIGN_P384_SHA384"],"default":"ALGORITHM_UNSPECIFIED"}}}},"description":"Response message for [GCPExternalKeyManagementService.GetPublicKey][]."},"examples":{"pem":"-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/fapXb3aFvU8DljEi0t EYsi34aEKPStH9G2GbG2/yirRpjkgET9LlggFxXqLsVtOMRYL68L5Lx5KH1GOXaI H4nuHuMsOeXL/pzjqw6DwLIFmPxO8WIOY7/zNJt5pIXRLtbI08+7dujQM/CP7s6b G6+CG6kUpYhroapqlSvwBalcVh7Ne574r38VCG0ISPdgkDzHX5gizRu0qQLWI6yw Yfon5CZE3k1lz9MvfLIujbcPTH8ss/05ujOCZl8rkt+dq6pH5QOufF9vDSAhQlbf qdkf3UQlFX34IgPCU12xo0lDYamofZLkcEL/0EWUfBVtlLfADT4h4iFJweppQe9y CQIDAQAB -----END PUBLIC KEY-----","key_algorithm":"RSA_SIGN_PSS_2048_SHA256"}},"default":{"description":"An unexpected error response","schema":{"type":"object","properties":{"error":{"type":"string"},"code":{"type":"integer","format":"int32"},"message":{"type":"string"},"details":{"type":"array","items":{"type":"object","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized potocol buffer message. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\nNote: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics."},"value":{"type":"string","format":"byte","description":"Must be a valid serialized protocol buffer of the above specified type."}},"description":"`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++.\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(&foo)) {\n ...\n }\nExample 2: Pack and unpack a message in Java.\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n Example 3: Pack and unpack a message in Python.\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n Example 4: Pack and unpack a message in Go\n foo := &pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := &pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\nThe pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example:\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": ,\n \"lastName\": \n }\nIf the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]):\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"}}}}}}}},"/v1/cckm/ekm/endpoints/{id}:wrap":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Wrap","description":"Google Cloud EKM wrap endpoint - used only for health checks. Specify the following details.\n- A JWT asserting that the unwrap operation is done by a legitimate user.\n- The base64 blob that requires to be wrapped.\n- Additional Context containing Key Access Justification details.\n","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","required":true,"description":"Google Cloud EKM Wrap parameters","schema":{"type":"object","required":["plaintext"],"properties":{"plaintext":{"type":"string","format":"byte","description":"Required. The data to be wrapped (base64 encoded). Must be no larger than 64KiB."},"additionalContext":{"type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}},"description":"More context provided during EKM operation.\nRequired if Key Access Justification is enabled for GCP project."},"additionalAuthenticatedData":{"type":"string","format":"byte","description":"Optional data that, if specified, must also be provided during\ndecryption through [UnwrapRequest.additional_authenticated_data][].\nThe AAD must be no larger than 64KiB."}},"description":"Wrap a key with an External-KMS-defined AEAD scheme."}}],"responses":{"200":{"description":"Success!","schema":{"type":"object","properties":{"wrappedBlob":{"type":"string","format":"byte","description":"The wrapped blob."}},"description":"Response message for [GCPExternalKeyManagementService.Wrap][]."},"examples":{"application/json":{"wrappedBlob":"ZXlKM2NtRndjR1ZrWDJKc2IySWlPaUpCZW5Cc1RIQXlPRTh2WkdWd1QzZE1ZVk5zY1hwS1pWWlFTR3R4YVcxMlJXYzVTWFFyY0ZOTlMzWjROaUlzSW10bGExOXBaQ0k2SWpNNVkyWmhaR1EyTnpWa05EUmhPV1k0T0Raa09XSTBNalV3TjJSaU1UUXlZekZrWmpjeU5tTmhPR0ZrTkRGaVltSXhPRGs0T1RJek1UY3pNMlZsTmpnaWZRPT0="}}},"default":{"description":"An unexpected error response","schema":{"type":"object","properties":{"error":{"type":"string"},"code":{"type":"integer","format":"int32"},"message":{"type":"string"},"details":{"type":"array","items":{"type":"object","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized potocol buffer message. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\nNote: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics."},"value":{"type":"string","format":"byte","description":"Must be a valid serialized protocol buffer of the above specified type."}},"description":"`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++.\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(&foo)) {\n ...\n }\nExample 2: Pack and unpack a message in Java.\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n Example 3: Pack and unpack a message in Python.\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n Example 4: Pack and unpack a message in Go\n foo := &pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := &pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\nThe pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example:\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": ,\n \"lastName\": \n }\nIf the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]):\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"}}}}}}}},"/v1/cckm/ekm/endpoints/{id}:unwrap":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"UnWrap","description":"Google Cloud EKM unwrap endpoint - used only for health checks. Specify the following details.\n- A JWT asserting that the unwrap operation is done by a legitimate user.\n- The base64 ciphertext that requires to be unwrapped.\n- Additional Context containing Key Access Justification details.\n","tags":["CCKM/Google Cloud EKM (Data Plane)"],"parameters":[{"name":"body","in":"body","required":true,"description":"Google Cloud EKM Unwrap parameters","schema":{"type":"object","properties":{"wrappedBlob":{"type":"string","format":"byte","description":"Required. The wrapped data originally returned in\n[WrapResponse.wrapped_blob][]."},"additionalContext":{"description":"More context provided during Unwrap operation.\nRequired if Key Access Justification is enabled for GCP project.","type":"object","properties":{"fullResourceName":{"type":"string","description":"The full resource name for the GCP resource being directly wrapped by\nthe EKEK (i.e. the Cloud KMS CryptoKey resource)\nSee cloud.google.com/apis/design/resource_names#full_resource_name\nFor a Cloud KMS CryptoKey resource, this includes the Cloud KMS\nLocation associated with the resource."},"relativeResourceName":{"type":"string","description":"Required. The relative resource name for the GCP resource being directly wrapped by the EKEK (i.e. the Cloud KMS CryptoKey resource) See cloud.google.com/apis/design/resource_names#relative_resource_name This is a substring of the RequestContext's full_resource_name."},"accessReasonContext":{"description":"Optional. Request that has an empty AccessReasonContext is a valid request. This can happen: * If you do not enable key access justification on your key\n or the partner endpoint is not whitelisted to receive justification.\n* If you enable key access justification, then this may have been due\n to a Google transient error or a bug into which Google may have to investigate.","type":"object","properties":{"reason":{"description":"required.","type":"string","enum":["REASON_UNSPECIFIED","CUSTOMER_INITIATED_SUPPORT","GOOGLE_INITIATED_SERVICE","THIRD_PARTY_DATA_REQUEST","GOOGLE_INITIATED_REVIEW","CUSTOMER_INITIATED_ACCESS","GOOGLE_INITIATED_SYSTEM_OPERATION","REASON_NOT_EXPECTED","MODIFIED_CUSTOMER_INITIATED_ACCESS","GOOGLE_RESPONSE_TO_PRODUCTION_ALERT","MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION"],"default":"REASON_UNSPECIFIED"}}},"isKeyHealthCheck":{"type":"boolean","format":"boolean","description":"Whether the request is a key health check that contains a\ncanonical plaintext or its encryption instead of customer data."}}},"additionalAuthenticatedData":{"type":"string","format":"byte","description":"Optional data that must match the data originally supplied in\n[WrapRequest.additional_authenticated_data][]."}},"description":"Unwrap a blob that was previously returned in the WrapResponse."}}],"responses":{"200":{"description":"Success!","schema":{"type":"object","required":["plaintext"],"properties":{"plaintext":{"type":"string","format":"byte","description":"The decrypted data originally supplied in [WrapRequest.plaintext][]."},"allowedCacheDuration":{"type":"string","description":"A maximum duration the unwrapped key is allowed to be cached by the\nA maximum duration the unwrapped key is allowed to be cached by the\ncaller.\nMust be positive."}},"description":"Response message for [GCPExternalKeyManagementService.Unwrap][]."},"examples":{"application/json":{"plaintext":"dG9tbXk="}}},"default":{"description":"An unexpected error response","schema":{"type":"object","properties":{"error":{"type":"string"},"code":{"type":"integer","format":"int32"},"message":{"type":"string"},"details":{"type":"array","items":{"type":"object","properties":{"type_url":{"type":"string","description":"A URL/resource name that uniquely identifies the type of the serialized potocol buffer message. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\nNote: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics."},"value":{"type":"string","format":"byte","description":"Must be a valid serialized protocol buffer of the above specified type."}},"description":"`Any` contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message. Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type. Example 1: Pack and unpack a message in C++.\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(&foo)) {\n ...\n }\nExample 2: Pack and unpack a message in Java.\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n Example 3: Pack and unpack a message in Python.\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n Example 4: Pack and unpack a message in Go\n foo := &pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := &pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\nThe pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example \"foo.bar.com/x/y.z\" will yield type name \"y.z\". JSON ==== The JSON representation of an `Any` value uses the regular representation of the deserialized, embedded message, with an additional field `@type` which contains the type URL. Example:\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": ,\n \"lastName\": \n }\nIf the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field `value` which holds the custom JSON in addition to the `@type` field. Example (for message [google.protobuf.Duration][]):\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"}}}}}}}},"/v1/cckm/GoogleWorkspaceCSE/issuers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a valid JWT issuer (third-party IDP). It validates authentication JWT created for wrap and unwrap APIs.\nWhen creating the issuer, you must specify a unique name for the issuer and any of the following combinations:\n- issuer and jwksURL\n- issuer: openidConfigurationURL will be derived from the issuer, and used to fetch jwksURL.\n- openidConfigurationURL: Will be used to fetch the issuer and jwksURL. If openidConfigurationURL is provided or derived, it will be used to confirm the issuer and jwksURL. They both must match.\n","tags":["CCKM/Google Workspace CSE"],"parameters":[{"name":"body","in":"body","description":"Issuer parameters","schema":{"type":"object","title":"Add issuer for Google Workspace authentication.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name for the KACLS issuer."},"iss":{"type":"string","description":"Issuer claim of IDP JWT, e.g. https://dev-abc.auth.com ."},"jwksURL":{"type":"string","description":"JWKS url for IDP, e.g. https://dev-abc.auth.com/.well-known/jwks.json."},"openidConfigurationURL":{"type":"string","description":"IDP configuration URL, e.g. https://dev-abc.auth.com/.well-known/openid-configuration."},"dryRun":{"type":"boolean","description":"Set true to skip persisting the issuer. All the same validation checks, auto-discovery, and connectivity checks will be performed, and the server will return the same status codes and response body. It can be used to test creating the issuer without modifying the server state. Default value is set to False."},"meta":{"type":"object","description":"Additional information associated with the issuer."}},"example":{"name":"Demo","iss":"https://dev-abc.auth.com","openidConfigurationURL":"https://dev-abc.auth.com/.well-known/openid-configuration","jwksURL":"https://dev-abc.auth.com/.well-known/jwks.json","dryRun":false}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.713500049Z","name":"Demo","iss":"https://dev-abc.auth.com","openidConfigurationURL":"https://dev-abc.auth.com/.well-known/openid-configuration","jwksURL":"https://dev-abc.auth.com/.well-known/jwks.json"}}}}},"get":{"summary":"List","description":"Returns a list of issuers.","tags":["CCKM/Google Workspace CSE"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results based on the KACLS issuer ID."},{"name":"name","in":"query","type":"string","description":"Filter the results based on the KACLS issuer name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated."},"name":{"description":"Issuer name.","type":"string"},"iss":{"description":"Issuer claim in IDP JWT.","type":"string"},"openidConfigurationURL":{"description":"Open Id configuration URL.","type":"string"},"jwksURL":{"description":"Open Id JWKS URL.","type":"string"},"meta":{"description":"Additional information associated with issuer.","type":"object"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.7135Z","name":"Demo","iss":"https://dev-abc.auth.com","openidConfigurationURL":"https://dev-abc.auth.com/.well-known/openid-configuration","jwksURL":"https://dev-abc.auth.com/.well-known/jwks.json"}]}}}}}},"/v1/cckm/GoogleWorkspaceCSE/issuers/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an issuer with the given `id`.","tags":["CCKM/Google Workspace CSE"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.713500049Z","name":"Demo","iss":"https://dev-abc.auth.com","openidConfigurationURL":"https://dev-abc.auth.com/.well-known/openid-configuration","jwksURL":"https://dev-abc.auth.com/.well-known/jwks.json"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes an issuer with the given `id`.","tags":["CCKM/Google Workspace CSE"],"responses":{"204":{"description":"No Content | Issuer was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates or updates KACLS endpoints for Google Workspace CSE. The API also creates a KEK for wrapping and unwrapping DEK.\nWhen creating an endpoint, specify the following details:\n- Unique name for the endpoint.\n- Authentication audience (ID of the third-party IdP client) for the endpoint.\n- Hostname of the endpoint URL.\n- Identity provider (issuer):\n - Select from the providers list. If not selected, by default, all providers are added to the endpoint.\n - Provide the issuer ID in endpoint creation parameters to select an issuer.\n","tags":["CCKM/Google Workspace CSE"],"parameters":[{"name":"body","in":"body","description":"Endpoints parameters","schema":{"type":"object","title":"Create KACLS endpoint URL for Google Workspace.","required":["name","endpoint_url_hostname","authenticationAud"],"properties":{"name":{"type":"string","description":"Unique name for the KACLS endpoint."},"issuer":{"type":"array","items":{"type":"string"},"description":"List of trusted issuer IDs to use with this endpoint. These are managed through the /GoogleWorkspaceCSE/issuers URL. If not specified, all the issuers will be trusted."},"cors":{"type":"array","items":{"type":"string"},"description":"List of CORS (Cross-Origin Resource Sharing) to support."},"authorizationAud":{"type":"array","items":{"type":"string"},"description":"List of supported audience for authorization JWT."},"endpoint_url_hostname":{"type":"string","description":"Endpoint base url hostname for KACLS endpoint."},"authenticationAud":{"type":"array","items":{"type":"string"},"description":"List of supported audience for authentication JWT."},"meta":{"type":"object","description":"Additional information about the endpoint."}},"example":{"name":"endpoint_1","endpoint_url_hostname":"localhost","issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"authenticationAud":["122334a33qr31038dekfhfl"],"cors":["https://foo.example","https://bar.example"]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.713500049Z","name":"endpoint_1","updatedAt":"2019-12-24T08:06:28.692717446Z","endpoint_url_hostname":"","endpoint_url":"https:///cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekName":"GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekID":"39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c","kekVersion":"0","issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"cors":["https://foo.example","https://bar.example"],"authorizationAud":null,"authenticationAud":["122334a33qr31038dekfhfl"],"status":"active"}}}}},"get":{"summary":"List","description":"Returns the list of KACLS endpoints. The results can be filtered using the query parameters.","tags":["CCKM/Google Workspace CSE"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results based on the KACLS endpoint ID."},{"name":"name","in":"query","type":"string","description":"Filter the results based on the KACLS endpoint name."},{"name":"status","in":"query","type":"string","description":"Filter the results based on the KACLS endpoint status. An endpoint can have any one of the three possible states {\"active\", \"disabled\", \"archived\"}."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"Endpoint name.","type":"string"},"endpoint_url_hostname":{"description":"KACLS baseURL hostname for endpoint Url.","type":"string"},"endpoint_url":{"description":"KACLS endpoint Url.","type":"string"},"kekName":{"description":"Name of KEK created by endpoint.","type":"string"},"kekID":{"description":"ID of KEK created by endpoint.","type":"string"},"kekVersion":{"description":"Version of KEK created by endpoint.","type":"string"},"status":{"description":"An endpoint can have any one of the three possible status {\"active\", \"disabled\", \"archived\"}.","type":"string"},"issuer":{"description":"List of valid issuers for endpoint.","type":"array","items":{"type":"string"}},"cors":{"description":"List of Cross-Origin Resource Sharing.","type":"array","items":{"type":"string"}},"authorizationAud":{"description":"List of audience valid for authorization jwt.","type":"array","items":{"type":"string"}},"authenticationAud":{"description":"List of audience valid for authentication jwt.","type":"array","items":{"type":"string"}},"meta":{"description":"Additional information associated with endpoint.","type":"object"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.7135Z","name":"endpoint_1","updatedAt":"2019-12-24T08:06:28.692717Z","cors":["https://foo.example","https://bar.example"],"authorizationAud":null,"authenticationAud":["122334a33qr31038dekfhfl"],"endpoint_url_hostname":"","endpoint_url":"https:///cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekName":"GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekID":"39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c","kekVersion":"0","meta":null,"status":"active"}]}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a KACLS endpoint with the given `id`.","tags":["CCKM/Google Workspace CSE"],"responses":{"200":{"description":"OK","examples":{"application/json":{"issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.7135Z","name":"endpoint_1","updatedAt":"2019-12-24T08:06:28.692717Z","cors":["https://foo.example","https://bar.example"],"authorizationAud":null,"authenticationAud":["122334a33qr31038dekfhfl"],"endpoint_url_hostname":"","endpoint_url":"https:///cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekName":"GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekID":"39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c","kekVersion":"0","meta":null,"status":"active"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update a KACLS endpoint for Google Workspace CSE.\n","tags":["CCKM/Google Workspace CSE"],"parameters":[{"name":"body","in":"body","description":"Endpoints parameters","schema":{"type":"object","title":"Update KACLS endpoint for Google Workspace.","properties":{"issuer":{"type":"array","items":{"type":"string"},"description":"List of trusted issuers names to use with this endpoint, managed via /GoogleWorkspaceCSE/issuers url."},"cors":{"type":"array","items":{"type":"string"},"description":"List of CORS ( Cross-Origin Resource Sharing ) to support."},"authorizationAud":{"type":"array","items":{"type":"string"},"description":"List of supported audience for authorization JWT."},"authenticationAud":{"type":"array","items":{"type":"string"},"description":"List of supported audience for authentication JWT."},"endpoint_url_hostname":{"type":"string","description":"Endpoint base url hostname for KACLS endpoint."}},"example":{"cors":["https://foo.example"," https://bar.example"],"issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"authenticationAud":["122334a33qr31038dekfhfl"],"endpoint_url_hostname":"localhost"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.7135Z","name":"endpoint_1","updatedAt":"2019-12-24T08:06:28.692717Z","cors":["https://foo.example","https://bar.example"],"authorizationAud":null,"authenticationAud":["122334a33qr31038dekfhfl"],"endpoint_url_hostname":"","endpoint_url":"https:///cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekName":"GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekID":"39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c","kekVersion":"0","meta":null,"status":"active"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a KACLS endpoint.","tags":["CCKM/Google Workspace CSE"],"responses":{"204":{"description":"No Content | Endpoint was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/rotate-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Rotate Key","description":"Rotate encryption key for endpoint.","tags":["CCKM/Google Workspace CSE"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.7135Z","name":"endpoint_1","updatedAt":"2019-12-24T08:06:28.692717Z","cors":["https://foo.example","https://bar.example"],"authorizationAud":null,"authenticationAud":["122334a33qr31038dekfhfl"],"endpoint_url_hostname":"","endpoint_url":"https:///cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekName":"GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekID":"39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c","kekVersion":"0","meta":null,"status":"active"}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable Endpoint","description":"Disable the Google workspace endpoint.","tags":["CCKM/Google Workspace CSE"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.7135Z","name":"endpoint_1","updatedAt":"2019-12-24T08:06:28.692717Z","cors":["https://foo.example","https://bar.example"],"authorizationAud":null,"authenticationAud":["122334a33qr31038dekfhfl"],"endpoint_url_hostname":"","endpoint_url":"https:///cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekName":"GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekID":"39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c","kekVersion":"0","meta":null,"status":"disabled"}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable Endpoint","description":"Enable the Google workspace endpoint.","tags":["CCKM/Google Workspace CSE"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.7135Z","name":"endpoint_1","updatedAt":"2019-12-24T08:06:28.692717Z","cors":["https://foo.example","https://bar.example"],"authorizationAud":null,"authenticationAud":["122334a33qr31038dekfhfl"],"endpoint_url_hostname":"","endpoint_url":"https:///cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekName":"GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekID":"39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c","kekVersion":"0","meta":null,"status":"active"}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/archive":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Archive Endpoint","description":"Archive the Google workspace endpoint.","tags":["CCKM/Google Workspace CSE"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.7135Z","name":"endpoint_1","updatedAt":"2019-12-24T08:06:28.692717Z","cors":["https://foo.example","https://bar.example"],"authorizationAud":null,"authenticationAud":["122334a33qr31038dekfhfl"],"endpoint_url_hostname":"","endpoint_url":"https:///cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekName":"GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekID":"39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c","kekVersion":"0","meta":null,"status":"archived"}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/recover":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Recover Endpoint","description":"Recover the Google workspace endpoint.","tags":["CCKM/Google Workspace CSE"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"issuer":["39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"],"id":"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","uri":"kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-12-24T08:06:28.7135Z","name":"endpoint_1","updatedAt":"2019-12-24T08:06:28.692717Z","cors":["https://foo.example","https://bar.example"],"authorizationAud":null,"authenticationAud":["122334a33qr31038dekfhfl"],"endpoint_url_hostname":"","endpoint_url":"https:///cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekName":"GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c","kekID":"39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c","kekVersion":"0","meta":null,"status":"active"}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/perimeters":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"View the perimeters of a KACLS endpoint. Until a custom policy is attached, the API returns the following default policy:\npackage example\ndefault allow = false\nallow {\n input.authentication.email == input.authorization.email\n}\nallow {\n input.perimeter_id == \"takeout\"\n}\n","consumes":["text/plain"],"tags":["CCKM/Google Workspace CSE"],"responses":{"200":{"description":"Success!","examples":{"text/plain":"package example default allow = false allow {\n input.authentication.email == \"Demo@thalesgroup.com\"\n input.perimeter_id == \"takeout\"\n}\n"}},"404":{"description":"Resource not found."}}},"put":{"summary":"Update","description":"Updates a KACLS perimeter. KACLS perimeters are the policies that allow or disallow the wrap, unwrap, and privileged_unwrap operations.\nUpdating a perimeter requires understanding of Open Policy Agent (https://www.openpolicyagent.org). Perimeters are optional. For example:\npackage example\ndefault allow = false\nallow {\n input.authorization.email == \"abc@foo.com\"\n input.authentication.email == \"abc@foo.com\"\n input.authentication.ExtraClaims.location == \"Noida\"\n input.perimeter_id == \"takeout\"\n}\nDescription:\n-\tpackage is the name of the rego policy package.\n-\tdefault allow = is mandatory. The can be set to true or false. The variable allow must be declared.\n-\tRemaining are lines of Opa programming. Input can have following (optional) members:\n -\tauthentication\n -\tauthorization\n -\tperimeter_id\n -\toperation\nHere,\n - authentication:\n Points to the `authentication` JWT and all its submembers point to fields in the `authentication` JWT.\n For extra claims, use `authentication.ExtraClaims.`.\n For example, if your JWT has location in extra claims, then use: `input.authentication.ExtraClaims.location`\n\n - authorization:\n Points to the `authorization` JWT and all its submembers point to fields in the `authorization` JWT.\n For extra claims, use `authorization.ExtraClaims.`.\n For example, if your JWT has location in extra claims, then use: `input.authorization.ExtraClaims.location`\n\n - perimeter_id:\n Maps the allow condition to specific perimeter_id in Google authorization JWT.\n When performing the `privileged_unwrap` operation, use `takeout` as perimeter_id.\n\n - operation:\n Valid values are `wrap`, `unwrap`, and `PrivilegedUnwrap`.\nNote: Swagger might show errors while entering parameters, but a correct perimeter code will work.\n","consumes":["text/plain"],"tags":["CCKM/Google Workspace CSE"],"parameters":[{"name":"body","in":"body","required":true,"description":"Open policy for this endpoint.","schema":{"type":"object","title":"Update the perimeters."}}],"responses":{"200":{"description":"Success!","examples":{"text/plain":"package example default allow = false allow {\n input.authentication.email == \"Demo@thalesgroup.com\"\n input.perimeter_id == \"takeout\"\n}\n"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/wrap":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Wrap","description":"Wraps DEK. This API returns an opaque binary object (wrapped DEK) that is stored by Google Workspace with the encrypted object and sent as is in any subsequent key unwrapping operations.\n- Base64 encoded DEK.\n- A JWT asserting that the user is allowed to wrap DEK.\n- A JWT issued by a third party asserting who the user is.\n- A passthrough json string providing additional context about the operation.\n","tags":["CCKM/Google Workspace CSE (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Wrap parameters","schema":{"type":"object","title":"wraps the DEK for KACLS endpoint.","required":["key","authorization","authentication","reason"],"properties":{"key":{"type":"string","description":"Base64 encoded DEK."},"authorization":{"type":"string","description":"A JWT asserting that the user is allowed to wrap DEK."},"authentication":{"type":"object","description":"A JWT issued by a third party asserting who the user is."},"reason":{"type":"string","description":"A passthrough json string providing additional context about the operation."}},"example":{"key":"wHrlNOTI9mU6PBdqiq7EQA==","authorization":"eyJhbGciOi…","authentication":"eyJhbGciOi…","reason":"{client:’drive’ op:’update’}"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"wrapped_key":"3qTh6Mp+svPwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg=="}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/unwrap":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Unwrap","description":"Unwraps the wrapped DEK. Specify the following details.\n- The base64 binary object returned by the unwrap call.\n- A JWT asserting that the user is allowed to unwrap DEK.\n- A JWT issued by a third party asserting who the user is.\n- A passthrough json string providing additional context about the operation.\n","tags":["CCKM/Google Workspace CSE (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Unwrap parameters","schema":{"type":"object","title":"Unwraps the DEK for KACLS endpoint.","required":["wrapped_key","authorization","authentication","reason"],"properties":{"wrapped_key":{"type":"string","description":"The base64 binary object returned by the unwrap call."},"authorization":{"type":"string","description":"A JWT asserting that the user is allowed to unwrap DEK."},"authentication":{"type":"object","description":"A JWT issued by a third party asserting who the user is."},"reason":{"type":"string","description":"A passthrough json string providing additional context about the operation."}},"example":{"wrapped_key":"3qTh6Mp+svPwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==","authorization":"eyJhbGciOi…","authentication":"eyJhbGciOi…","reason":"{client:’drive’ op:’update’}"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"key":"0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ="}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privileged_unwrap":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Privileged Unwrap","description":"Unwraps the wrapped DEK. The decrypted document can now be downloaded.\n- The base64 binary object returned by the unwrap call.\n- The unique identifier for the object, it must match the resource_name that was used to wrap the key.\n- A JWT issued by a third party asserting who the user is.\n- A passthrough json string providing additional context about the operation.\n","tags":["CCKM/Google Workspace CSE (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"unwrap parameters","schema":{"type":"object","title":"Unwraps the DEK for KACLS endpoint.","required":["wrapped_key","resource_name","authentication","reason"],"properties":{"wrapped_key":{"type":"string","description":"The base64 binary object returned by the unwrap call."},"resource_name":{"type":"string","description":"The unique identifier for the object, it must match the resource_name that was used to wrap the key."},"authentication":{"type":"object","description":"A JWT issued by a third party asserting who the user is."},"reason":{"type":"string","description":"A passthrough json string providing additional context about the operation."}},"example":{"wrapped_key":"3qTh6Mp+svPwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==","resource_name":"item123","authentication":"eyJhbGciOi…","reason":"{client:’drive’ op:’update’}"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"key":"0saNxttLMQULfXuTbRFJzi/QJokN1jW16u0yaNvvLdQ=","perimeter_id":"takeout"}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/wrapprivatekey":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Wrap Private Key","description":"Wraps a user’s private key. This API returns an opaque binary object (wrapped Private Key) that is sent as is in any subsequent Private key unwrapping operations.\nThis is a privileged operation, and will only be performed by authorized CCKM admins.\n- PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA Private Key.\n- The perimeter ID to encrypt with the key. (optional field)\n","tags":["CCKM/Google Workspace CSE"],"parameters":[{"name":"body","in":"body","description":"Wrap Private Key parameters","schema":{"type":"object","title":"wraps a user’s private key using KACLS endpoint.","required":["private_key"],"properties":{"private_key":{"type":"string","description":"PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA Private Key."},"perimeter_id":{"type":"string","description":"The perimeter ID to encrypt with the key. (optional field)"}},"example":{"private_key":"-----BEGIN RSA PRIVATE KEY-----\nMIIJ......\n-----END RSA PRIVATE KEY-----","perimeter_id":""}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"wrapped_private_key":"LpyCSy5ddy82PIp/87JKaMF4Jmt1KdrbfT1iqpB7uhVd3OwZiu+oq8kxIzB7Lr0iX4aOcxM6HiUyMrGP2PG8x0HkpykbUKQxBVcfm6SLdsqigT9ho5RYw20M6ZXNWVRetFSleKex4SRilTRny38e2ju/lUy0KDaCt1hDUT89nLZ1wsO3D1F3xk8J7clXv5fe7GPRd1ojo82Ny0iyVO7y7h1lh2PACHUFXOMzsdURYFCnxhKAsadccCxpCxKh5x8p78PdoenwY1tnT3/X4O/4LAGfT4fo98Frxy/xtI49WDRNZi6fsL6BQT4vS/WFkybBX9tXaenCqlRBDyZSFhatPQ=="}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized."},"500":{"description":"Internal server error."}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/status":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the status of a KACLS endpoint.","tags":["CCKM/Google Workspace CSE"],"responses":{"200":{"description":"OK","examples":{"application/json":{"server_type":"CipherTrust Manager","vendor_id":"Thales","version":"1.11","name":"Instance North","operations_supported":["wrap","unwrap","privileged_unwrap","privatekeydecrypt","privatekeysign","privilegedprivatekeydecrypt"]}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privatekeydecrypt":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Unwrap the content encryption key","description":"It first unwraps a wrapped private key, then decrypts the data encryption key that is encrypted to the public key. Specify the following details.\n- The base64 encoded wrapped private key.\n- The base64 encoded encrypted data encryption key.\n- A JWT asserting that the user is allowed to unwrap DEK.\n- A JWT issued by a third party asserting who the user is.\n- The algorithm that was used to encrypt the DEK in envelope encryption.\n- The base64 encoded label L, if the algorithm is RSAES-OAEP.\n- A passthrough json string providing additional context about the operation.\n","tags":["CCKM/Google Workspace CSE (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Unwrap private key parameters","schema":{"type":"object","title":"Unwraps the DEK for KACLS endpoint.","required":["wrapped_private_key","encrypted_data_encryption_key","authorization","authentication","algorithm","reason"],"properties":{"wrapped_private_key":{"type":"string","description":"The base64 encoded wrapped private key."},"encrypted_data_encryption_key":{"type":"string","description":"The base64 encoded encrypted data encryption key."},"authorization":{"type":"string","description":"A JWT asserting that the user is allowed to unwrap DEK."},"authentication":{"type":"object","description":"A JWT issued by a third party asserting who the user is."},"algorithm":{"type":"string","description":"The algorithm that was used to encrypt the DEK in envelope encryption."},"rsa_oaep_label":{"type":"string","description":"The base64 encoded label L, if the algorithm is RSAES-OAEP."},"reason":{"type":"string","description":"A passthrough json string providing additional context about the operation."}},"example":{"wrapped_private_key":"3qTh6Mp+svPwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==","encrypted_data_encryption_key":"dGVzdCB3cmFwcGVkIGRlaw...","authorization":"eyJhbGciOi…","authentication":"eyJhbGciOi…","algorithm":"RSA/ECB/PKCS1Padding","reason":"decrypt"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"data_encryption_key":"akRQtv3nr+jUhcFL6JmKzB+WzUxbkkMyW5kQsqGUAFc="}}}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privilegedprivatekeydecrypt":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Unwraps the data exported (takeout) from Google.","description":"Unwraps without checking the wrapped private key ACL. It will be used to decrypt the data exported (takeout) from Google. Specify the following details.\n- The base64 encoded wrapped private key.\n- The base64 encoded encrypted data encryption key.\n- A JWT issued by a third party asserting who the user is.\n- The algorithm that was used to encrypt the DEK in envelope encryption.\n- A passthrough json string providing additional context about the operation.\n","tags":["CCKM/Google Workspace CSE (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Unwrap exported data parameters (takeout)","schema":{"type":"object","title":"Unwraps the DEK for KACLS endpoint.","required":["wrapped_private_key","encrypted_data_encryption_key","authentication","algorithm","reason"],"properties":{"wrapped_private_key":{"type":"string","description":"The base64 encoded wrapped private key."},"encrypted_data_encryption_key":{"type":"string","description":"The base64 encoded encrypted data encryption key."},"authentication":{"type":"string","description":"A JWT issued by a third party asserting who the user is."},"algorithm":{"type":"string","description":"The algorithm that was used to encrypt the DEK in envelope encryption."},"reason":{"type":"string","description":"A passthrough json string providing additional context about the operation."}},"example":{"wrapped_private_key":"3qTh6Mp+svPwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==","encrypted_data_encryption_key":"dGVzdCB3cmFwcGVkIGRlaw...","authentication":"eyJhbGciOi…","algorithm":"RSA/ECB/PKCS1Padding","reason":"admin decrypt"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"data_encryption_key":"akRQtv3nr+jUhcFL6JmKzB+WzUxbkkMyW5kQsqGUAFc="}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized."},"500":{"description":"Internal server error."}}}},"/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/privatekeysign":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Signs the digest provided by the client.","description":"It first unwraps a wrapped private key, then signs the digest provided by the client. Specify the following details.\n- The base64 encoded wrapped private key.\n- The base64 encoded message digest.\n- A JWT asserting that the user is allowed to unwrap DEK.\n- A JWT issued by a third party asserting who the user is.\n- The signing algorithm requested to produce a signature.\n- The salt length to use, if the signature algorithm is RSASSA-PSS.\n- A passthrough json string providing additional context about the operation.\n","tags":["CCKM/Google Workspace CSE (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Sign private key parameters","schema":{"type":"object","title":"Sign the digest for KACLS endpoint.","required":["wrapped_private_key","digest","authorization","authentication","algorithm","reason"],"properties":{"wrapped_private_key":{"type":"string","description":"The base64 encoded wrapped private key."},"digest":{"type":"string","description":"The base64 encoded message digest."},"authorization":{"type":"string","description":"A JWT asserting that the user is allowed to unwrap DEK."},"authentication":{"type":"string","description":"A JWT issued by a third party asserting who the user is."},"algorithm":{"type":"string","description":"The signing algorithm requested to produce a signature."},"reason":{"type":"string","description":"A passthrough json string providing additional context about the operation."}},"example":{"wrapped_private_key":"3qTh6Mp+svPwYPlnZMyuj8WHTrM59wl/UI50jo61Qt/QubZ9tfsUc1sD62xdg3zgxC9quV4r+y7AkbfIDhbmxGqP64pWbZgFzOkP0JcSn+1xm/CB2E5IknKsAbwbYREGpiHM3nzZu+eLnvlfbzvTnJuJwBpLoPYQcnPvcgm+5gU1j1BjUaNKS/uDn7VbVm7hjbKA3wkniORC2TU2MiHElutnfrEVZ8wQfrCEpuWkOXs98H8QxUK4pBM2ea1xxGj7vREAZZg1x/Ci/E77gHxymnZ/ekhUIih6Pwu75jf+dvKcMnpmdLpwAVlE1G4dNginhFVyV/199llf9jmHasQQuaMFzQ9UMWGjA1Hg2KsaD9e3EL74A5fLkKc2EEmBD5v/aP+1RRZ3ISbTOXvxqYIFCdSFSCfPbUhkc9I2nHS0obEH7Q7KiuagoDqV0cTNXWfCGJ1DtIlGQ9IA6mPDAjX8Lg==","digest":"EOBc7nc+7JdIDeb0DVTHriBAbo/dfHFZJgeUhOyo67o=","authorization":"eyJhbGciOi…","authentication":"eyJhbGciOi…","algorithm":"SHA256withRSA","reason":"sign"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"signature":"LpyCSy5ddy82PIp/87JKaMF4Jmt1KdrbfT1iqpB7uhVd3OwZiu+oq8kxIzB7Lr0iX4aOcxM6HiUyMrGP2PG8x0HkpykbUKQxBVcfm6SLdsqigT9ho5RYw20M6ZXNWVRetFSleKex4SRilTRny38e2ju/lUy0KDaCt1hDUT89nLZ1wsO3D1F3xk8J7clXv5fe7GPRd1ojo82Ny0iyVO7y7h1lh2PACHUFXOMzsdURYFCnxhKAsadccCxpCxKh5x8p78PdoenwY1tnT3/X4O/4LAGfT4fo98Frxy/xtI49WDRNZi6fsL6BQT4vS/WFkybBX9tXaenCqlRBDyZSFhatPQ=="}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized."},"500":{"description":"Internal server error."}}}},"/v1/cckm/aws/reports":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate a report","description":"Generate a report. Specify the following details.\n- Start time\n- End time\n- Cloud Watch Params\n- Name\n","tags":["CCKM/AWSReports"],"parameters":[{"name":"body","in":"body","description":"Generate a report.","schema":{"type":"object","title":"Get Key Service Usage Report.","required":["cloud_watch_params","name"],"properties":{"name":{"type":"string","description":"Name of your report."},"start_time":{"type":"string","description":"Start time from where report to be generated. If end time and start time are not given, then the last 24-hour report will be generated."},"end_time":{"type":"string","description":"End time for reports. If end time and start time are not given, then the last 24-hour report will be generated."},"report_type":{"type":"string","description":"Type of report to be generated. Default value is key-report.","enum":["service-report","key-report","key-aging"]},"cloud_watch_params":{"type":"array","items":{"type":"object","description":"Cloud Watch Parameters.","required":["kms"],"properties":{"kms":{"type":"string","description":"Name or ID of the KMS.."},"log_group_region":{"type":"string","description":"Region name.(Required for all report_type except key-aging report.)"},"log_group_name":{"type":"string","description":"Log group name.(Required for all report_type except key-aging report.)"}}}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"eecde78c-1b53-4552-acd9-a19beb2ea72e","uri":"kylo:kylo:cckm:reports:eecde78c-1b53-4552-acd9-a19beb2ea72e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:20:48.421754909Z","name":"report-name","updatedAt":"2020-08-06T09:20:48.432763082Z","overall_status":"in_progress","abort":false,"kms":["cckm-kms"],"log_groups":["cckm-log-group"],"regions":["us-east-1"],"report_type":"service-report","start_time":"2020-08-05T09:20:48Z","end_time":"2020-08-06T09:20:48Z"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List Reports","description":"Returns a list of updated report status. The results can be filtered using the query parameters.\n","tags":["CCKM/AWSReports"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of reports."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by reports overall status."},{"name":"name","in":"query","type":"string","description":"Filter the result by report name.","collectionFormat":"multi"},{"name":"report_type","in":"query","type":"string","description":"Filter the results by reports type.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"eecde78c-1b53-4552-acd9-a19beb2ea72e","uri":"kylo:kylo:cckm:reports:eecde78c-1b53-4552-acd9-a19beb2ea72e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:20:48.421755Z","name":"report-name","updatedAt":"2020-08-06T09:20:48.578416Z","overall_status":"completed","detailed_status":{"cckm-kms/cckm-log-group":"completed"},"abort":false,"kms":["cckm-kms"],"log_groups":["cckm-log-group"],"regions":["us-east-1"],"report_type":"service-report","start_time":"2020-08-05T09:20:48Z","end_time":"2020-08-06T09:20:48Z"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Report","description":"Get Report\n","tags":["CCKM/AWSReports"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"eecde78c-1b53-4552-acd9-a19beb2ea72e","uri":"kylo:kylo:cckm:reports:eecde78c-1b53-4552-acd9-a19beb2ea72e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:20:48.421755Z","name":"report-name","updatedAt":"2020-08-06T09:20:48.578416Z","overall_status":"completed","detailed_status":{"cckm-kms/cckm-log-group":"completed"},"abort":false,"kms":["cckm-kms"],"log_groups":["cckm-log-group"],"regions":["us-east-1"],"report_type":"service-report","start_time":"2020-08-05T09:20:48Z","end_time":"2020-08-06T09:20:48Z"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes job and its AWS reports from the CCKM.","tags":["CCKM/AWSReports"],"responses":{"204":{"description":"No Content | AWS report was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/reports/{id}/contents":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Contents","description":"Get Contents\n","tags":["CCKM/AWSReports"],"parameters":[{"name":"key_arn","in":"query","type":"string","description":"Filter the results by key_arn."},{"name":"region","in":"query","type":"string","description":"Filter the results by region.","collectionFormat":"multi"},{"name":"aws_account_id","in":"query","type":"string","description":"Filter the results by aws accountID.","collectionFormat":"multi"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud_name.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":1,"total":1,"resources":[{"id":"8c1fcb97-a61e-41c3-ae14-72888e775444","uri":"kylo:kylo:cckm:aws-reports:8c1fcb97-a61e-41c3-ae14-72888e775444","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-12-04T04:13:05.970626Z","updatedAt":"2020-12-04T04:13:05.96853Z","key_arn":"arn:aws:kms:ap-northeast-1:123456789012:key/e7f24017-1ee3-420e-9e7e-6f1a531f61a4","event_name":"DescribeKey","event_time":"2020-12-03T04:39:31Z","requesting_service":"aws-sdk-go/1.29.28 (go1.14.12; linux; amd64)","region":"ap-northeast-1","kms":"kms","aws_account_id":"123456789012","cloud_name":"aws"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/reports/{id}/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get CSV Contents","description":"Get CSV Contents\n","tags":["CCKM/AWSReports"],"produces":["text/csv"],"responses":{"200":{"description":"OK","schema":{"type":"file"},"examples":{"text/csv":"Key ARN,Cloud User Name,Event Name,Event Time,Region,Kms,Account ID arn:aws:kms:ap-northeast-1:123456789012:key/224676cc-e00b-49de-aee6-d00765d4b4bc,jmccullough,2020-10-14T23:59:22Z,ap-northeast-1,aws-kms,123456789012\n"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/get-log-groups":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Log Groups","description":"Log Groups","tags":["CCKM/AWSReports"],"parameters":[{"name":"body","in":"body","description":"Log Groups parameters","schema":{"type":"object","title":"Log Groups","required":["region","kms"],"properties":{"region":{"type":"string","description":"AWS region."},"kms":{"type":"string","description":"Name or ID of the KMS."},"cloud_watch_params":{"type":"object","description":"Cloud watch parameters.","properties":{"limit":{"type":"integer","description":"Number of the items in the view. Default value is 50."},"logGroupNamePrefix":{"type":"string","description":"The prefix to match."},"nextToken":{"type":"string","description":"The token for the next set of items to return. (You received this token from a previous call.)"}}}},"example":{"kms":"kms_name","region":"us-east-1","cloud_watch_params":{"limit":10,"logGroupNamePrefix":"Test","nextToken":"/aws/cloud/Testnext"}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"LogGroups":[{"Arn":"arn:aws:logs:us-east-1:123456789012:log-group:/aws/Test/Test-123456789:*","CreationTime":1534942775555,"KmsKeyId":null,"LogGroupName":"/aws/Test/Test-123456789","MetricFilterCount":0,"RetentionInDays":null,"StoredBytes":15594930}],"NextToken":"/aws/Test/Test-12345678912"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/xks-proxy-endpoints/{keystore_id}/kms/xks/v1/keys/{xks_key_id}/encrypt":{"parameters":[{"name":"keystore_id","in":"path","description":"AWS HYOK keystore ID","type":"string","required":true},{"name":"xks_key_id","in":"path","description":"XKS Key ID","type":"string","required":true}],"post":{"summary":"Encrypt data","description":"Used by AWS KMS to encrypt data using a key which resides in an external key store. Requires KMS-specific authorization.\n","tags":["CCKM/AWS Custom Key Stores (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Encrypt","schema":{"type":"object","title":"Encrypt request","required":["plaintext","encryptionAlgorithm","requestMetadata"],"properties":{"plaintext":{"type":"string"},"encryptionAlgorithm":{"type":"string"},"additionalAuthenticatedData":{"type":"string"},"ciphertextDataIntegrityValueAlgorithm":{"type":"string"},"requestMetadata":{"allOf":[{"type":"object","properties":{"awsPrincipalArn":{"description":"AWS Principal ARN","type":"string"},"awsSourceVpc":{"description":"AWS Source VPC","type":"string"},"awsSourceVpce":{"description":"AWS Source VPCE","type":"string"},"kmsKeyArn":{"description":"KMS Key ARN","type":"string"},"kmsOperation":{"description":"KMS Operation","type":"string"},"kmsRequestId":{"description":"KMS Request ID","type":"string"},"kmsViaService":{"description":"KMS via Service","type":"string"}},"required":["kmsRequestId"]}]}},"example":{"requestMetadata":{"awsPrincipalArn":"arn:aws:iam::123456789012:user/Alice","kmsKeyArn":"arn:aws:kms:us-east-2:111122223333:key/2f048fe4-e1f8-4cdb-9b3c-d0543ef1f385","kmsOperation":"Encrypt","kmsRequestId":"65e7b29c-f312-4611-ac5c-ff2174f5568c","kmsViaService":"ebs"},"plaintext":"ZW5jcnlwdA==","encryptionAlgorithm":"AES_GCM_256","additionalAuthenticatedData":"VY2D+Q9UyPRj2tIlHP/yVQ==","ciphertextDataIntegrityValueAlgorithm":"SHA_256"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"ciphertext":"VY2D+Q9UyPRj2tIlHP/yVQ==","initializationVector":"GB1yLYeNIljclAc38x6ow==","authenticationTag":"ws/1krVDXQKA1JlThx6Ejg==","ciphertextDataIntegrityValue":"ONo476AWUhjTmvJ8PYN9DxUhKT7mxQVJu/P+nv7GIm0="}}}}}},"/v1/cckm/aws/xks-proxy-endpoints/{keystore_id}/kms/xks/v1/keys/{xks_key_id}/decrypt":{"parameters":[{"name":"keystore_id","in":"path","description":"AWS HYOK keystore ID","type":"string","required":true},{"name":"xks_key_id","in":"path","description":"XKS Key ID","type":"string","required":true}],"post":{"summary":"Decrypt data","description":"Used by AWS KMS to decrypt data using a key which resides in an external key store. Requires KMS-specific authorization.\n","tags":["CCKM/AWS Custom Key Stores (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Decrypt","schema":{"type":"object","title":"Decrypt request","required":["requestMetadata","encryptionAlgorithm","ciphertext","initializationVector","authenticationTag"],"properties":{"ciphertext":{"type":"string"},"encryptionAlgorithm":{"type":"string"},"additionalAuthenticatedData":{"type":"string"},"initializationVector":{"type":"string"},"authenticationTag":{"type":"string"},"requestMetadata":{"allOf":[{"type":"object","properties":{"awsPrincipalArn":{"description":"AWS Principal ARN","type":"string"},"awsSourceVpc":{"description":"AWS Source VPC","type":"string"},"awsSourceVpce":{"description":"AWS Source VPCE","type":"string"},"kmsKeyArn":{"description":"KMS Key ARN","type":"string"},"kmsOperation":{"description":"KMS Operation","type":"string"},"kmsRequestId":{"description":"KMS Request ID","type":"string"},"kmsViaService":{"description":"KMS via Service","type":"string"}},"required":["kmsRequestId"]}]}},"example":{"requestMetadata":{"awsPrincipalArn":"arn:aws:iam::123456789012:user/Alice","kmsKeyArn":"arn:aws:kms:us-east-2:111122223333:key/2f048fe4-e1f8-4cdb-9b3c-d0543ef1f385","kmsOperation":"Decrypt","kmsRequestId":"65e7b29c-f312-4611-ac5c-ff2174f5568c","kmsViaService":"ebs"},"ciphertext":"VY2D+Q9UyPRj2tIlHP/yVQ==","encryptionAlgorithm":"AES_GCM_256","additionalAuthenticatedData":"VY2D+Q9UyPRj2tIlHP/yVQ==","initializationVector":"GB1yLYeNIljclAc38x6ow==","authenticationTag":"ws/1krVDXQKA1JlThx6Ejg=="}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"plaintext":"ZW5jcnlwdA=="}}}}}},"/v1/cckm/aws/xks-proxy-endpoints/{keystore_id}/kms/xks/v1/health":{"parameters":[{"name":"keystore_id","in":"path","description":"AWS HYOK keystore ID","type":"string","required":true}],"post":{"summary":"Get health status","description":"Used by AWS KMS to ensure that the key store is available, working, and ready to handle other KMS requests. Requires KMS-specific authorization.\n","tags":["CCKM/AWS Custom Key Stores (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Get health status","schema":{"type":"object","title":"Get health status request","required":["requestMetadata"],"properties":{"requestMetadata":{"allOf":[{"type":"object","properties":{"awsPrincipalArn":{"description":"AWS Principal ARN","type":"string"},"awsSourceVpc":{"description":"AWS Source VPC","type":"string"},"awsSourceVpce":{"description":"AWS Source VPCE","type":"string"},"kmsKeyArn":{"description":"KMS Key ARN","type":"string"},"kmsOperation":{"description":"KMS Operation","type":"string"},"kmsRequestId":{"description":"KMS Request ID","type":"string"},"kmsViaService":{"description":"KMS via Service","type":"string"}},"required":["kmsRequestId"]}]}},"example":{"requestMetadata":{"kmsRequestId":"65e7b29c-f312-4611-ac5c-ff2174f5568c","kmsOperation":"CreateCustomKeyStore"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"xksProxyFleetSize":2,"xksProxyVendor":"Thales Group","xksProxyModel":"CCKM 2.8","ekmVendor":"Thales Group","ekmFleetDetails":[{"id":"hsm-id-1","model":"Luna 5.0","healthStatus":"DEGRADED"},{"id":"hsm-id-2","model":"Luna 5.1","healthStatus":"ACTIVE"}]}}}}}},"/v1/cckm/aws/xks-proxy-endpoints/{keystore_id}/kms/xks/v1/keys/{xks_key_id}/metadata":{"parameters":[{"name":"keystore_id","in":"path","description":"AWS HYOK keystore ID","type":"string","required":true},{"name":"xks_key_id","in":"path","description":"XKS Key ID","type":"string","required":true}],"post":{"summary":"Get key metadata","description":"Used by AWS KMS to fetch metadata associated with the XKS key, including its type, supported cryptographic operations, and status. Requires KMS-specific authorization.\n","tags":["CCKM/AWS Custom Key Stores (Data Plane)"],"parameters":[{"name":"body","in":"body","description":"Get key metadata","schema":{"type":"object","title":"Get key metadata request","required":["requestMetadata"],"properties":{"requestMetadata":{"allOf":[{"type":"object","properties":{"awsPrincipalArn":{"description":"AWS Principal ARN","type":"string"},"awsSourceVpc":{"description":"AWS Source VPC","type":"string"},"awsSourceVpce":{"description":"AWS Source VPCE","type":"string"},"kmsKeyArn":{"description":"KMS Key ARN","type":"string"},"kmsOperation":{"description":"KMS Operation","type":"string"},"kmsRequestId":{"description":"KMS Request ID","type":"string"},"kmsViaService":{"description":"KMS via Service","type":"string"}},"required":["kmsRequestId"]}]}},"example":{"requestMetadata":{"awsPrincipalArn":"arn:aws:iam::123456789012:user/Alice","kmsKeyArn":"arn:aws:kms:us-east-2:111122223333:key/2f048fe4-e1f8-4cdb-9b3c-d0543ef1f385","kmsOperation":"DescribeKey","kmsRequestId":"65e7b29c-f312-4611-ac5c-ff2174f5568c","kmsViaService":"ebs"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"keySpec":"AES_256","keyUsage":"ENCRYPT_DECRYPT","keyState":"ENABLED"}}}}}},"/v1/cckm/aws/get-iam-users":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"List","description":"Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the AWS account. If there are none, the operation returns an empty list.\n","tags":["CCKM/AWS IAM"],"parameters":[{"name":"body","in":"body","description":"Lists the IAM users.","schema":{"type":"object","title":"Lists the IAM users.","required":["kms"],"properties":{"kms":{"type":"string","description":"Name or ID of the KMS."},"path_prefix":{"type":"string","default":null,"description":"The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names."},"max_items":{"type":"integer","default":null,"description":"Use this only when paginating results to indicate the maximum number of items you want in the response. If you do not include this parameter, the number of items defaults to 100."},"marker":{"type":"string","default":null,"description":"Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start."}},"example":{"kms":"aws-kms","path_prefix":"/division_abc/subdivision_xyz/","max_items":10,"marker":"AAxPs9ysue2N2QHIT/Jagat14nwaQotssM8xBbTe46sEqdo4DRcsPm4pBWATYhGpRxPhZhflm/GmMevcTjl0OaXn"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"IsTruncated":true,"Marker":"AAxPs9ysue2N2QHIT/Jagat14nwaQotssM8xBbTe46sEqdo4DRcsPm4pBWATYhGpRxPhZhflm/GmMevcTjl0temp","Users":[{"Arn":"arn:aws:iam::986700317248:user/testuserdval","CreateDate":"2021-04-20 09:06:47 +0000 UTC","Path":"/division_abc/subdivision_xyz/","UserId":"ZSDAYDIWP52TXXQTD25IW","UserName":"testuserdval"},{"Arn":"arn:aws:iam::986700317248:user/nopekushwah","CreateDate":"2021-05-10 08:09:30 +0000 UTC","Path":"/division_abc/subdivision_xyz/","UserId":"DESAYDIWP52TZGQIZMVPM","UserName":"nopekushwah"},{"Arn":"arn:aws:iam::986700317248:user/zxstan","CreateDate":"2015-09-16 03:46:29 +0000 UTC","PasswordLastUsed":"2020-09-29 04:03:12 +0000 UTC","Path":"/division_abc/subdivision_xyz/","UserId":"AISACXNSHSTWQOL2RB6J4","UserName":"zxstan"},{"Arn":"arn:aws:iam::986700317248:user/docs-build-user","CreateDate":"2020-07-08 23:18:54 +0000 UTC","Path":"/division_abc/subdivision_xyz/","UserId":"AIDAYASWP52TX6NLLTC2J","UserName":"docs-build-user"},{"Arn":"arn:aws:iam::986700317248:user/hellopitard","CreateDate":"2014-11-12 14:30:25 +0000 UTC","PasswordLastUsed":"2022-06-08 21:12:25 +0000 UTC","Path":"/division_abc/subdivision_xyz/","UserId":"AIDAIUWSAU4Y4QFPVUBIC","UserName":"hellopitard"},{"Arn":"arn:aws:iam::986700317248:user/lowlevel","CreateDate":"2021-08-26 07:30:47 +0000 UTC","Path":"/division_abc/subdivision_xyz/","UserId":"JAGATDIWP52TY76GAMOFN","UserName":"lowlevel"},{"Arn":"arn:aws:iam::986700317248:user/hello.world","CreateDate":"2022-01-25 16:26:44 +0000 UTC","Path":"/division_abc/subdivision_xyz/","UserId":"QAZAYDIWP52TRMQ6YQOPM","UserName":"hello.world"}]}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized."},"500":{"description":"The request processing has failed because of an unknown error, exception or failure."}}}},"/v1/cckm/aws/get-iam-roles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"List","description":"Lists the IAM Roles that have the specified path prefix. If no path prefix is specified, the operation returns all Roles in the AWS account. If there are none, the operation returns an empty list.\n","tags":["CCKM/AWS IAM"],"parameters":[{"name":"body","in":"body","description":"Lists the IAM Roles.","schema":{"type":"object","title":"Lists the IAM Roles.","required":["kms"],"properties":{"kms":{"type":"string","description":"Name or ID of the KMS."},"path_prefix":{"type":"string","default":null,"description":"The path prefix for filtering the results. For example: /division_abc/subdivision_xyz/. This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles."},"max_items":{"type":"integer","default":null,"description":"Use this only when paginating results to indicate the maximum number of items you want in the response. If you do not include this parameter, the number of items defaults to 100."},"marker":{"type":"string","default":null,"description":"Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start."}},"example":{"kms":"aws-kms","path_prefix":"/division_abc/subdivision_xyz/","max_items":3,"marker":"AAxPs9ysue2N2QHIT/Jagat14nwaQotssM8xBbTe46sEqdo4DRcsPm4pBWATYhGpRxPhZhflm/GmMevcTjl0OaXn"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"IsTruncated":true,"Marker":"AAxPs9ysue2N2QHIT/Jagat14nwaQotssM8xBbTe46sEqdo4DRcsPm4pBWATYhGpRxPhZhflm/GmMevcTjl0temp","Roles":[{"Arn":"arn:aws:iam::116782317287:role/AccessKeyTestRole","AssumeRolePolicyDocument":"%7B%22Version%22%3A%2%2C%22Statement%22%3A%5B%7B%22Effect%22%3A%22D","CreateDate":"2021-04-07T03:55:46Z","Description":"Testing Allows Lambda functions to call AWS services on your behalf.","MaxSessionDuration":3600,"Path":"/division_abc/subdivision_xyz/","RoleId":"AROAYDIWP52TT6EO1234","RoleName":"AccessKeyTestRole"},{"Arn":"arn:aws:iam::116782317287:role/ADFSJHGT","AssumeRolePolicyDocument":"%7B%22Version%2217%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%%2C3A%22","CreateDate":"2015-08-28T07:19:46Z","MaxSessionDuration":3600,"Path":"/division_abc/subdivision_xyz/","RoleId":"AROAITQ5P2U6WDMOFDF5AOIC","RoleName":"ADFSJHGT"},{"Arn":"arn:aws:iam::116782317287:role/AdministratorTemp","AssumeRolePolicyDocument":"%7B%22Version%%222012-10-17%22%2C%22Statem7B%22Effect%22%3A%22A","CreateDate":"2020-02-04T15:57:01Z","Description":"Testing purpose","MaxSessionDuration":3600,"Path":"/division_abc/subdivision_xyz/","RoleId":"AROAYDDSDSIWP52T2RT7HTd6Y5","RoleName":"AdministratorTemp"}]}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized."},"500":{"description":"The request processing has failed because of an unknown error, exception or failure."}}}},"/v1/cckm/google/reports":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate a report","description":"Generate a report. Specify the following details.\n- Start time\n- End time\n- Connection\n- Google Cloud Params\n- Name\n","tags":["CCKM/Google Cloud Reports"],"parameters":[{"name":"body","in":"body","description":"Generate a report.","schema":{"type":"object","title":"Get Key Service Usage Report.","required":["gcp_cloud_params","name","report_type"],"properties":{"name":{"type":"string","description":"Name of your report."},"start_time":{"type":"string","description":"Start time from where report to be generated. (Default start_time is end_time-24hrs)."},"end_time":{"type":"string","description":"End time for reports. (Default end_time is the time when you initiate the call)."},"report_type":{"type":"string","description":"Type of report to be generated.","enum":["key-report","key-aging"]},"gcp_cloud_params":{"type":"array","items":{"type":"object","description":"Google Cloud parameters.","required":["key_ring"],"properties":{"key_ring":{"type":"string","description":"Name of the Google Cloud key ring"}}}}},"example":{"start_time":"2021-01-15T06:37:07+00:00","end_time":"2021-03-15T06:37:07+00:00","name":"report-name","report_type":"key-report","gcp_cloud_params":[{"key_ring":"projects/cckm/locations/us-central1/keyRings/ring"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a67b9ef0-9b47-4fbd-b30f-1646af4b4259","uri":"kylo:kylo:cckm:reports:report-name","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-04-01T11:02:29.914913Z","name":"report-name","updatedAt":"2021-04-01T11:02:29.955818Z","overall_status":"in_progress","detailed_status":{"projects/cckm/locations/us-central1/keyRings/ring":"in_progress"},"abort":false,"report_type":"key-report","key_rings":["projects/cckm/locations/us-central1/keyRings/ring"],"start_time":"2021-01-15T06:37:07Z","end_time":"2021-03-15T06:37:07Z"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List Reports","description":"Returns a list of updated report status. The results can be filtered using the query parameters.\n","tags":["CCKM/Google Cloud Reports"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of reports."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by reports overall status."},{"name":"name","in":"query","type":"string","description":"Filter the result by report name.","collectionFormat":"multi"},{"name":"report_type","in":"query","type":"string","description":"Filter the results by reports type.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"a67b9ef0-9b47-4fbd-b30f-1646af4b4259","uri":"kylo:kylo:cckm:reports:report-name","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-04-01T11:02:29.914913Z","name":"report-name","updatedAt":"2021-04-01T11:02:29.955818Z","overall_status":"in_progress","detailed_status":{"projects/cckm/locations/us-central1/keyRings/ring":"in_progress"},"abort":false,"report_type":"key-report","key_rings":["projects/cckm/locations/us-central1/keyRings/ring"],"start_time":"2021-01-15T06:37:07Z","end_time":"2021-03-15T06:37:07Z"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Report","description":"Get Report\n","tags":["CCKM/Google Cloud Reports"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a67b9ef0-9b47-4fbd-b30f-1646af4b4259","uri":"kylo:kylo:cckm:reports:report-name","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-04-01T11:02:29.914913Z","name":"report-name","updatedAt":"2021-04-01T11:05:53.617901Z","completed_at":"2021-04-01T11:05:53.617656Z","overall_status":"completed","detailed_status":{"projects/cckm/locations/us-central1/keyRings/ring":"completed"},"abort":false,"report_type":"key-report","key_rings":["projects/cckm/locations/us-central1/keyRings/ring"],"start_time":"2021-01-15T06:37:07Z","end_time":"2021-03-15T06:37:07Z"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes job and its Google Cloud reports from the CCKM.","tags":["CCKM/Google Cloud Reports"],"responses":{"204":{"description":"No Content | Google Cloud report was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/reports/{id}/contents":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Contents","description":"Get Contents\n","tags":["CCKM/Google Cloud Reports"],"parameters":[{"name":"key_name","in":"query","type":"string","description":"Filter the results by key_name."},{"name":"key_ring","in":"query","type":"string","description":"Filter the results by key_ring.","collectionFormat":"multi"},{"name":"project","in":"query","type":"string","description":"Filter the results by project."},{"name":"region","in":"query","type":"string","description":"Filter the results by region.","collectionFormat":"multi"},{"name":"organization","in":"query","type":"string","description":"Filter the results by organization.","collectionFormat":"multi"},{"name":"key_activity","in":"query","type":"string","description":"Filter the results by key_activity.","collectionFormat":"multi"},{"name":"cckm_operation","in":"query","type":"string","description":"Filter the results by CCKM operation.","collectionFormat":"multi"},{"name":"user_name","in":"query","type":"string","description":"Filter the results by user_name."},{"name":"origin","in":"query","type":"string","description":"Filter the results by origin.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":1,"total":55,"resources":[{"id":"de1b27ce-b9c3-49f8-8112-3a895a20b401","uri":"kylo:kylo:cckm:gcp-reports:de1b27ce-b9c3-49f8-8112-3a895a20b401","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-05T08:04:15.912455Z","updatedAt":"2021-07-05T08:04:15.908966Z","key_name":"key_name","key_ring":"ring","project":"cckm","region":"us-central1","organization":"organizations/no-organization","key_activity":"CreateCryptoKey","modified_time":"2021-07-05T07:25:25.443139Z","origin":"Native","cckm_operation":"Create_GCP_Key","user_name":"user@cckm.iam.gserviceaccount.com"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/reports/{id}/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get CSV Contents","description":"Get CSV Contents\n","tags":["CCKM/Google Cloud Reports"],"produces":["text/csv"],"responses":{"200":{"description":"OK","schema":{"type":"file"},"examples":{"text/csv":"Key Name,Key Ring,Project,Location,Organization,Key Activity,Modified Date,Origin,CCKM Operation,Google User TestKey,ring,cckm,us-central1,organizations/no-organization,CreateCryptoKey,2021-07-05 07:25:25.443139 +0000 +0000,Native,Create_GCP_Key,user@cckm.iam.gserviceaccount.com\n"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/reports":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate a report","description":"Generate a report. Specify the following details.\n- Start time\n- End time\n- Connection\n- Log Analytic Params\n- Name\n","tags":["CCKM/AzureReports"],"parameters":[{"name":"body","in":"body","description":"Generate a report.","schema":{"type":"object","title":"Get Key Service Usage Report.","required":["log_analytic_params","name","report_type"],"properties":{"name":{"type":"string","description":"Name of your report."},"start_time":{"type":"string","description":"Start time from where report to be generated. (Default start_time is end_time-24hrs)."},"end_time":{"type":"string","description":"End time for reports. (Default end_time is the time when you initiate the call)."},"report_type":{"type":"string","description":"Type of report to be generated.","enum":["service-report","key-report","key-aging"]},"log_analytic_params":{"type":"array","items":{"type":"object","description":"Azure Log analytic Params.","required":["key_vault"],"properties":{"key_vault":{"type":"string","description":"Name of the key vault"},"work_space_id":{"type":"string","description":"ID of the work space in log analytic Region name(not required for aging-report)."}}}}},"example":{"start_time":"2020-07-15T06:37:07+00:00","end_time":"2020-07-15T06:37:07+00:00","name":"report-name","report_type":"key-report","log_analytic_params":[{"key_vault":"Test","work_space_id":"1234567sdgs"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"e5bfe384-a0b0-4e47-944e-018bf495ff85","uri":"kylo:kylo:cckm:reports:e5bfe384-a0b0-4e47-944e-018bf495ff85","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-10T06:39:01.118879307Z","name":"report-name","updatedAt":"2020-09-10T06:39:01.154523582Z","overall_status":"in_progress","abort":false,"report_type":"key-report","work_space_ids":["0116b13f-33f0-4192-a29f-db857804251e"],"key_vaults":["CCKM-demo::3243e7-777b-4jka3c-84ea-887620498863"],"start_time":"2020-09-09T06:39:01Z","end_time":"2020-09-10T06:39:01Z"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List Reports","description":"Returns a list of updated report status. The results can be filtered using the query parameters.\n","tags":["CCKM/AzureReports"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of reports."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by reports overall status."},{"name":"name","in":"query","type":"string","description":"Filter the result by report name.","collectionFormat":"multi"},{"name":"report_type","in":"query","type":"string","description":"Filter the results by reports type.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"e5bfe384-a0b0-4e47-944e-018bf495ff85","uri":"kylo:kylo:cckm:reports:e5bfe384-a0b0-4e47-944e-018bf495ff85","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-10T06:39:01.118879307Z","name":"report-name","updatedAt":"2020-09-10T06:39:01.154523582Z","overall_status":"completed","detailed_status":{"CCKM-demo::3243e7-777b-4jka3c-84ea-887620498863":"completed"},"abort":false,"report_type":"key-report","work_space_ids":["0116b13f-33f0-4192-a29f-db857804251e"],"key_vaults":["CCKM-demo::3243e7-777b-4jka3c-84ea-887620498863"],"start_time":"2020-09-09T06:39:01Z","end_time":"2020-09-10T06:39:01Z"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Report","description":"Get Report\n","tags":["CCKM/AzureReports"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"e5bfe384-a0b0-4e47-944e-018bf495ff85","uri":"kylo:kylo:cckm:reports:e5bfe384-a0b0-4e47-944e-018bf495ff85","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-10T06:39:01.118879307Z","name":"report-name","updatedAt":"2020-09-10T06:39:01.154523582Z","overall_status":"completed","detailed_status":{"CCKM-demo::3243e7-777b-4jka3c-84ea-887620498863":"completed"},"abort":false,"report_type":"key-report","work_space_ids":["0116b13f-33f0-4192-a29f-db857804251e"],"key_vaults":["CCKM-demo::3243e7-777b-4jka3c-84ea-887620498863"],"start_time":"2020-09-09T06:39:01Z","end_time":"2020-09-10T06:39:01Z"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes job and its Azure reports from the CCKM.","tags":["CCKM/AzureReports"],"responses":{"204":{"description":"No Content | Azure report was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/reports/{id}/contents":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Contents","description":"Get Contents\n","tags":["CCKM/AzureReports"],"parameters":[{"name":"subscription_id","in":"query","type":"string","description":"Filter the results by subscription_id."},{"name":"key_name","in":"query","type":"string","description":"Filter the results by key_name."},{"name":"key_vault","in":"query","type":"string","description":"Filter the results by key_vault."},{"name":"key_version","in":"query","type":"string","description":"Filter the results by key_version."},{"name":"key_activity","in":"query","type":"string","description":"Filter the results by key_activity.","collectionFormat":"multi"},{"name":"client_id","in":"query","type":"string","description":"Filter the results by client_id."},{"name":"key_owner","in":"query","type":"string","description":"Filter the results by key_owner."},{"name":"cckm_operation","in":"query","type":"string","description":"Filter the results by cckm_operation."},{"name":"user_name","in":"query","type":"string","description":"Filter the results by user_name."},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud_name.","collectionFormat":"multi"},{"name":"azure_name","in":"query","type":"string","description":"Filter the results by azure key vault name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"3cfbc172-9836-40fd-9caa-0beac209fa28","uri":"kylo:kylo:cckm:azure-reports:3cfbc172-9836-40fd-9caa-0beac209fa28","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-09-10T09:50:50.625656Z","updatedAt":"2020-09-10T09:50:50.776208Z","key_name":"https://cckm-demo.vault.azure.net/","key_vault":"/SUBSCRIPTIONS/c0d7f123-6058-418c-bcb0-5e68701df869/RESOURCEGROUPS/CCKM-RESOURCE/PROVIDERS/MICROSOFT.KEYVAULT/VAULTS/CCKM-DEMO","key_version":"https://cckm-demo.vault.azure.net/","key_activity":"VaultGet","object_id":"c575a5c2-9e70-4b66-83b9-abad542244bc","client_id":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_time":"2020-09-10T09:43:21.091Z","key_expiration":null,"subscription_id":"3243e7-777b-4jka3c-84ea-887620498863","cloud_name":"AzureCloud","azure_name":"CCKM-DEMO"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/reports/{id}/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get CSV Contents","description":"Get CSV Contents\n","tags":["CCKM/AzureReports"],"produces":["text/csv"],"responses":{"200":{"description":"OK","schema":{"type":"file"},"examples":{"text/csv":"Key Name,Key Vault,Key Activity,Time Generated,CCKM Operation,User Name,Subscription ID https://cckm-demo.vault.azure.net/keys/try-key,/SUBSCRIPTIONS/1cda5d8b-c825-4976-9999-26022adb76b5/RESOURCEGROUPS/CCKM-RESOURCE/PROVIDERS/MICROSOFT.KEYVAULT/VAULTS/CCKM-DEMO,KeyDelete,2020-10-21 11:51:43.419 +0000 +0000,,,260ecsds-777b-4d3c-84ea-887620494353\n"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/secrets":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Azure secret. Specify the following details.\n- Name for the Secret.\n- Name or ID of the key vault where the secret will be created.\n- Value of the secret.\n- Type of the secret, such as a password (optional).\n- Secret management attributes (optional).\n","tags":["CCKM/AzureSecrets"],"parameters":[{"name":"body","in":"body","description":"Creates an Azure secret.","schema":{"type":"object","title":"Creates an Azure secret.","required":["secret_name","key_vault","azure_param"],"properties":{"secret_name":{"type":"string","description":"Name for the Azure secret. Secret names can only contain alphanumeric characters and hyphens ( - )."},"key_vault":{"type":"string","description":"Name or ID of the Azure vault where the secret will be created."},"azure_param":{"type":"object","description":"Azure secret parameters.","required":["value"],"properties":{"value":{"type":"string","description":"Value of the Azure secret."},"contentType":{"type":"string","description":"Type of the Azure secret value such as password."},"tags":{"type":"object","description":"Application specific metadata in the form of key-value pairs."},"attributes":{"type":"object","description":"Secret management attributes.","properties":{"enabled":{"type":"boolean","description":"Determines whether the object is enabled."},"nbf":{"type":"string","format":"date-time","description":"Not before date in UTC."},"exp":{"type":"string","format":"date-time","description":"Expiry date in UTC."}}}}}},"example":{"secret_name":"azure-secret","key_vault":"9ae64517-7249-42a9-bf86-9252add02ef9","azure_param":{"value":"dummy value"}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"dc199b22-d864-4ff6-92a8-cbd16dd93419","uri":"kylo:kylo:cckm:azure-secret:azure-secret123-dc199b22-d864-4ff6-92a8-cbd16dd93419","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-23T08:57:16.242016309Z","updatedAt":"2022-06-23T08:57:16.235723981Z","key_vault":"cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","key_vault_id":"b3a57aca-bc14-4f08-b6b6-8b710fe45f4c","region":"northcentralus","deleted":false,"backup_at":"2022-06-23T08:57:16.235119064Z","soft_delete_enabled":true,"secret_soft_deleted_in_azure":false,"syncedAt":"2022-06-23T08:57:15Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"e5cf57baf68040d697a1480bce1fcbf4","backup":"ef471c8541f14d7782f91447e7eb3efb006efe9dc1cf42f68b0ba2349ec6a4e1","secret_name":"azure-secret123","cloud_name":"AzureCloud","azure_created_at":"2022-06-23T08:57:15Z","azure_updated_at":"2022-06-23T08:57:15Z","tenant":"ef767cf9-61dd-4765-a4df-ebd65493c728","status":"AVAILABLE","gone":false,"azure_param":{"secret_id":"https://cckm-vault.vault.azure.net/secrets/azure-secret123/e5cf57baf68040d697a1480bce1fcbf4","attributes":{"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","enabled":true,"created":1655974635,"updated":1655974635}}}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}},"get":{"summary":"List","description":"Returns a list of Azure secrets. The results can be filtered using the query parameters.\n","tags":["CCKM/AzureSecrets"],"parameters":[{"name":"id","in":"query","type":"string","description":"Internal ID of the Azure secret."},{"name":"key_vault","in":"query","type":"string","description":"Name of the Azure key vault.","collectionFormat":"multi"},{"name":"key_vault_id","in":"query","type":"string","description":"ID of the key vault.","collectionFormat":"multi"},{"name":"secret_name","in":"query","type":"string","collectionFormat":"multi","description":"Name of the secret."},{"name":"region","in":"query","type":"string","description":"Region name.","collectionFormat":"multi"},{"name":"status","in":"query","type":"string","description":"Status of the secret.","collectionFormat":"multi"},{"name":"backup","in":"query","type":"string","description":"Backed up secrets."},{"name":"enabled","in":"query","type":"boolean","description":"Enabled secrets."},{"name":"deleted_in_azure","in":"query","type":"boolean","description":"Fetches the secrets based on their availability in Azure."},{"name":"secret_id","in":"query","type":"string","description":"Filter the results by Azure secret id."},{"name":"gone","in":"query","type":"boolean","description":"Fetches secrets based on their existence in the cloud."},{"name":"version","in":"query","type":"string","description":"Filters the results by matching version. If version is specified as -1, only latest version of the\nsecrets is returned.\n"},{"name":"tags","in":"query","type":"string","description":"Fetches secrets based on their tags\nExamples of JSON containment:\n\n- Values contain themselves: `[{\"TagKey\": \"Name\", \"TagValue\": \"TestTag\"}]` contains `[{\"TagKey\": \"Name\", \"TagValue\": \"TestTag\"}]`\n- Values contain subsets: `[{\"TagKey\": \"Name\", \"TagValue\": \"test\"},{\"TagKey\": \"cloud\", \"TagValue\": \"aws\"}]` contains `{\"Name\":\"test\"}` and `{\"cloud\":\"aws\"}`, but not `{\"cloud\":\"azure\"}`\n- Values contains only TagKey: [{\"TagKey\": \"Name\"}]`\n"},{"name":"managed","in":"query","type":"boolean","description":"Filter the results based on key managed by AzureVaults."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"70dfe711-c58b-49d4-ab48-b317b4e93227","uri":"kylo:kylo:cckm:azure-secret:azuresecret123-70dfe711-c58b-49d4-ab48-b317b4e93227","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-23T06:40:21.321287Z","updatedAt":"2022-06-23T06:40:21.333952Z","key_vault":"cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","key_vault_id":"b3a57aca-bc14-4f08-b6b6-8b710fe45f4c","region":"northcentralus","deleted":false,"backup_at":"2022-06-23T06:40:21.306894Z","soft_delete_enabled":true,"secret_soft_deleted_in_azure":false,"syncedAt":"2022-06-23T06:40:21Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"e22fb815c3854eb2bfbd35f8ebf2768a","backup":"ae76570339f54536a2d53b7f6ffa89b1a2aedaab6d7844f3af63da168e71db3c","secret_name":"azuresecret123","cloud_name":"AzureCloud","azure_created_at":"2022-06-23T06:40:21Z","azure_updated_at":"2022-06-23T06:40:21Z","tenant":"ef767cf9-61dd-4765-a4df-ebd65493c728","status":"AVAILABLE","gone":false,"azure_param":{"secret_id":"https://cckm-vault.vault.azure.net/secrets/azuresecret123/e22fb815c3854eb2bfbd35f8ebf2768a","attributes":{"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","enabled":true,"created":1655966421,"updated":1655966421}}}]}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/secrets/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an Azure secret with the given `ID`.","tags":["CCKM/AzureSecrets"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"70dfe711-c58b-49d4-ab48-b317b4e93227","uri":"kylo:kylo:cckm:azure-secret:azuresecret123-70dfe711-c58b-49d4-ab48-b317b4e93227","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-23T06:40:21.321287Z","updatedAt":"2022-06-23T06:40:21.333952Z","key_vault":"cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","key_vault_id":"b3a57aca-bc14-4f08-b6b6-8b710fe45f4c","region":"northcentralus","deleted":false,"backup_at":"2022-06-23T06:40:21.306894Z","soft_delete_enabled":true,"secret_soft_deleted_in_azure":false,"syncedAt":"2022-06-23T06:40:21Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"e22fb815c3854eb2bfbd35f8ebf2768a","backup":"ae76570339f54536a2d53b7f6ffa89b1a2aedaab6d7844f3af63da168e71db3c","secret_name":"azuresecret123","cloud_name":"AzureCloud","azure_created_at":"2022-06-23T06:40:21Z","azure_updated_at":"2022-06-23T06:40:21Z","tenant":"ef767cf9-61dd-4765-a4df-ebd65493c728","status":"AVAILABLE","gone":false,"azure_param":{"value":"dummy value","secret_id":"https://cckm-vault.vault.azure.net/secrets/azuresecret123/e22fb815c3854eb2bfbd35f8ebf2768a","attributes":{"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","enabled":true,"created":1655966421,"updated":1655966421}}}}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the secret attributes like secret expiration time,secret activation time and tags","tags":["CCKM/AzureSecrets"],"parameters":[{"name":"body","in":"body","description":"Updates an Azure secret.","schema":{"type":"object","title":"Updates an Azure secret.","properties":{"attributes":{"type":"object","description":"Secret attributes to be updated.","enum":["nbf - Activation date for the secret in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","exp - Expiration date for the secret in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","enabled - Whether secret is enabled or disabled (true/false)"]},"tags":{"type":"object","description":"Application specific metadata in the form of key-value pair."},"contentType":{"type":"string","description":"Update content type for secrets to aid interpretation on retrieval."}}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"70dfe711-c58b-49d4-ab48-b317b4e93227","uri":"kylo:kylo:cckm:azure-secret:azuresecret123-70dfe711-c58b-49d4-ab48-b317b4e93227","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-23T06:40:21.321287Z","updatedAt":"2022-06-23T08:36:03.100564787Z","key_vault":"cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","key_vault_id":"b3a57aca-bc14-4f08-b6b6-8b710fe45f4c","region":"northcentralus","deleted":false,"backup_at":"2022-06-23T08:36:03.080110737Z","soft_delete_enabled":true,"secret_soft_deleted_in_azure":false,"syncedAt":"2022-06-23T06:40:21Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"e22fb815c3854eb2bfbd35f8ebf2768a","backup":"80c39405bca242c184447b3edbbeddac24151c04e9794b5bb66891ffe16ba9df","secret_name":"azuresecret123","cloud_name":"AzureCloud","azure_created_at":"2022-06-23T06:40:21Z","azure_updated_at":"2022-06-23T06:40:21Z","tenant":"ef767cf9-61dd-4765-a4df-ebd65493c728","status":"AVAILABLE","gone":false,"azure_param":{"secret_id":"https://cckm-vault.vault.azure.net/secrets/azuresecret123/e22fb815c3854eb2bfbd35f8ebf2768a","content_type":"Testing","attributes":{"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","enabled":true,"created":1655966421,"updated":1655973362},"tags":{"key":"value"}}}}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"},"500":{"description":"Internal server error."}}},"delete":{"summary":"Delete","description":"Deletes an Azure secrets and its versions from the CCKM.","tags":["CCKM/AzureSecrets"],"responses":{"204":{"description":"No Content | Azure Secret was deleted successfully."},"404":{"description":"Resource not found."},"405":{"description":"MethodNotAllowed."},"500":{"description":"Internal server error."}}}},"/v1/cckm/azure/secrets/{id}/soft-delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Soft Delete","description":"Soft deletes an Azure secret from the vault.","tags":["CCKM/AzureSecrets"],"responses":{"200":{"description":"Azure secret soft-deleted from the vault.","examples":{"id":"70dfe711-c58b-49d4-ab48-b317b4e93227","uri":"kylo:kylo:cckm:azure-secret:azuresecret123-70dfe711-c58b-49d4-ab48-b317b4e93227","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-23T06:40:21.321287Z","updatedAt":"2022-06-23T08:36:03.111706Z","key_vault":"cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","key_vault_id":"b3a57aca-bc14-4f08-b6b6-8b710fe45f4c","region":"northcentralus","deleted":false,"backup_at":"2022-06-23T08:36:03.080111Z","soft_delete_enabled":true,"secret_soft_deleted_in_azure":true,"syncedAt":"2022-06-23T06:40:21Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"e22fb815c3854eb2bfbd35f8ebf2768a","backup":"80c39405bca242c184447b3edbbeddac24151c04e9794b5bb66891ffe16ba9df","secret_name":"azuresecret123","cloud_name":"AzureCloud","azure_created_at":"2022-06-23T06:40:21Z","azure_updated_at":"2022-06-23T06:40:21Z","tenant":"ef767cf9-61dd-4765-a4df-ebd65493c728","status":"SOFT-DELETED","gone":false,"azure_param":{"secret_id":"https://cckm-vault.vault.azure.net/secrets/azuresecret123/e22fb815c3854eb2bfbd35f8ebf2768a","attributes":{"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","enabled":true,"created":1655966421,"updated":1655973362},"tags":{"key":"value"}},"version_count":1}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/azure/secrets/{id}/hard-delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Purge","description":"Permanently deletes the Azure secret.","tags":["CCKM/AzureSecrets"],"responses":{"200":{"description":"Deleted Azure secret purged from the vault.","examples":{"id":"70dfe711-c58b-49d4-ab48-b317b4e93227","uri":"kylo:kylo:cckm:azure-secret:azuresecret123-70dfe711-c58b-49d4-ab48-b317b4e93227","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-23T06:40:21.321287Z","updatedAt":"2022-06-23T09:14:39.192617Z","key_vault":"cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","key_vault_id":"b3a57aca-bc14-4f08-b6b6-8b710fe45f4c","region":"northcentralus","deleted":true,"backup_at":"2022-06-23T08:36:03.080111Z","soft_delete_enabled":true,"secret_soft_deleted_in_azure":true,"syncedAt":"2022-06-23T06:40:21Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"e22fb815c3854eb2bfbd35f8ebf2768a","backup":"80c39405bca242c184447b3edbbeddac24151c04e9794b5bb66891ffe16ba9df","secret_name":"azuresecret123","cloud_name":"AzureCloud","azure_created_at":"2022-06-23T06:40:21Z","azure_updated_at":"2022-06-23T06:40:21Z","tenant":"ef767cf9-61dd-4765-a4df-ebd65493c728","status":"DELETED","gone":false,"azure_param":{"secret_id":"https://cckm-vault.vault.azure.net/secrets/azuresecret123/e22fb815c3854eb2bfbd35f8ebf2768a","attributes":{"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","enabled":true,"created":1655966421,"updated":1655973362},"tags":{"key":"value"}}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/azure/secrets/{id}/recover":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Recover","description":"Recovers a soft-deleted Azure secret.","tags":["CCKM/AzureSecrets"],"responses":{"200":{"description":"Deleted Azure secret recovered successfully.","examples":{"id":"e5bb84bc-d177-45d8-8b18-936ffee7c4c4","uri":"kylo:kylo:cckm:azure-secret:azure-secrettestversion-e5bb84bc-d177-45d8-8b18-936ffee7c4c4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-23T09:21:24.124242Z","updatedAt":"2022-06-23T09:21:50.926873Z","key_vault":"cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","key_vault_id":"b3a57aca-bc14-4f08-b6b6-8b710fe45f4c","region":"northcentralus","deleted":false,"backup_at":"2022-06-23T09:21:24.116019Z","soft_delete_enabled":true,"secret_soft_deleted_in_azure":false,"syncedAt":"2022-06-23T09:21:23Z","created_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","modified_by":"ef767cf9-61dd-4765-a4df-ebd65493c728","version":"c26654727bb346888926922c40c06c5b","backup":"d398a9ef88e2409c9ebc3e7188a7d2c09146c783c4244eada5d38ddb1a414371","secret_name":"azure-secretTestVersion","cloud_name":"AzureCloud","azure_created_at":"2022-06-23T09:21:23Z","azure_updated_at":"2022-06-23T09:21:23Z","tenant":"ef767cf9-61dd-4765-a4df-ebd65493c728","status":"AVAILABLE","gone":false,"azure_param":{"secret_id":"https://cckm-vault.vault.azure.net/secrets/azure-secretTestVersion/c26654727bb346888926922c40c06c5b","attributes":{"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","enabled":true,"created":1655976083,"updated":1655976083}},"version_count":1}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/azure/secrets/{id}/restore":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Restore","description":"Restores a backed up secret to a vault.\n","tags":["CCKM/AzureSecrets"],"parameters":[{"name":"body","in":"body","description":"Restores a backed up Secret to a vault.","schema":{"type":"object","title":"Restore Secret","properties":{"key_vault":{"type":"string","description":"Id or name of the vault where the secret will be restored. By default, the secret will be restored to the vault from where it was deleted."}}}}],"responses":{"200":{"description":"OK","examples":{"id":"ba368f06-19bb-4502-b1b8-09c40470d86c","uri":"kylo:kylo:cckm:azure-secret:secret-05-may-04-ba368f06-19bb-4502-b1b8-09c40470d86c","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-05-05T08:31:46.39672Z","updatedAt":"2022-05-05T08:32:29.708827Z","key_vault":"cckm_vault3::eecde78c-1b53-4552-acd9-a19beb2ea72e","key_vault_id":"1b8b4131-f5fe-4cb8-a312-9c5c2b67ab16","region":"northcentralus","deleted":false,"backup_at":"2022-05-05T08:31:50.840044Z","soft_delete_enabled":true,"secret_soft_deleted_in_azure":false,"syncedAt":"2022-05-05T08:31:45Z","created_by":"a8f38993-aa49-4281-888c-52afd80af6b1","modified_by":"a8f38993-aa49-4281-888c-52afd80af6b1","version":"1a0dcc14166c4ba79438d5b4a1e46781","backup":"8a3cae5c4c74417084523804e2b1acc3ef10ad60bfe54d0593972cbc6921b6e5","secret_name":"secret-05-may-04","cloud_name":"AzureCloud","azure_created_at":"2022-05-05T08:31:45Z","azure_updated_at":"2022-05-05T08:31:45Z","tenant":"ef767cf9-61dd-4765-a4df-ebd65493c728","status":"AVAILABLE","gone":false,"azure_param":{"id":"https://cckm_vault3.vault.azure.net/secrets/secret-05-may-04/1a0dcc14166c4ba79438d5b4a1e46781","attributes":{"recoveryLevel":"Recoverable+Purgeable","enabled":true,"created":1651739505,"updated":1651739505}}}},"401":{"description":"Authorization failed."},"404":{"description":"Resource not found."},"422":{"description":"Unprocessable entity. In case, record has missing backup or is not in 'deleted' state."},"500":{"description":"Internal server error."}}}},"/v1/cckm/azure/secrets/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronizes Azure secrets.\n","tags":["CCKM/AzureSecrets","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"Synchronize Azure secrets of the given key vaults","schema":{"type":"object","title":"List of key vaults name and id.","properties":{"key_vaults":{"type":"array","items":{"type":"string"},"description":"Name or ID of key vaults from which Azure secrets will be synchronized. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all secrets from all vaults. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults."}},"example":{"key_vaults":[],"synchronize_all":false}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"5df2bf50-cbf3-4c10-b784-613059982cb4","uri":"kylo:kylo:cckm:synchronize:5df2bf50-cbf3-4c10-b784-613059982cb4","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-10T11:47:32.209469205Z","updatedAt":"2022-05-10T11:47:32.212156703Z","overall_status":"in_progress","cloud":"AzureCloud","key_vaults":["cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","cckm_vault2::eecde78c-1b53-4552-acd9-a19beb2ea72e","cckm_vault3::eecde78c-1b53-4552-acd9-a19beb2ea72e"],"abort":false,"sync_item":"azure-secret"}}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized."},"403":{"description":"Forbidden."},"409":{"description":"There is a conflict."},"422":{"description":"UnprocessableEntity."},"500":{"description":"Internal Server Error"}}},"get":{"summary":"Status","description":"Returns a list of updated secret synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/AzureSecrets","Tech Preview"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by synchronization overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"key_vaults","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results of synchronization by key vaults."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"1f413972-499e-498c-9543-77c2da7d71e4","uri":"kylo:kylo:cckm:synchronize:1f413972-499e-498c-9543-77c2da7d71e4","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-12T07:00:52.032722Z","updatedAt":"2022-05-12T07:01:17.698896Z","completed_at":"2022-05-12T07:01:17.698624Z","overall_status":"failed","detailed_status":{"northcentralus/cckm_vault3::eecde78c-1b53-4552-acd9-a19beb2ea72e":"vault synchronized successfully","northcentralus/cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e":"vault synchronized successfully"},"cloud":"AzureCloud","key_vaults":["cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","cckm_vault3::eecde78c-1b53-4552-acd9-a19beb2ea72e"],"abort":false,"sync_item":"azure-secret"},{"id":"a2efb173-1f45-4a85-9733-5c52e523c93d","uri":"kylo:kylo:cckm:synchronize:a2efb173-1f45-4a85-9733-5c52e523c93d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-12T06:58:10.133679Z","updatedAt":"2022-05-12T06:58:29.55173Z","completed_at":"2022-05-12T06:58:29.546843Z","overall_status":"failed","detailed_status":{"northcentralus/cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e":"vault synchronized successfully"},"cloud":"AzureCloud","key_vaults":["cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e"],"abort":false,"sync_item":"azure-secret"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/secrets/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a secret synchronization process with the given id.","tags":["CCKM/AzureSecrets","Tech Preview"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"1f413972-499e-498c-9543-77c2da7d71e4","uri":"kylo:kylo:cckm:synchronize:1f413972-499e-498c-9543-77c2da7d71e4","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-12T07:00:52.032722Z","updatedAt":"2022-05-12T07:01:17.698896Z","completed_at":"2022-05-12T07:01:17.698624Z","overall_status":"failed","detailed_status":{"northcentralus/cckm_vault3::eecde78c-1b53-4552-acd9-a19beb2ea72e":"vault synchronized successfully","northcentralus/cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e":"vault synchronized successfully"},"cloud":"AzureCloud","key_vaults":["cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","cckm_vault3::eecde78c-1b53-4552-acd9-a19beb2ea72e"],"abort":false,"sync_item":"azure-secret"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/secrets/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels the synchronization job\n","tags":["CCKM/AzureSecrets","Tech Preview"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"6a5b8f4c-e377-4019-b77a-cad68061af4d","uri":"kylo:kylo:cckm:synchronize:6a5b8f4c-e377-4019-b77a-cad68061af4d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-12T08:35:28.927391Z","updatedAt":"2022-05-12T08:35:28.929992Z","overall_status":"in_progress","cloud":"AzureCloud","key_vaults":["cckm-vault::eecde78c-1b53-4552-acd9-a19beb2ea72e","cckm_vault3::eecde78c-1b53-4552-acd9-a19beb2ea72e"],"abort":true,"sync_item":"azure-secret"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/add-partition":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Partition","description":"Input for add partition\n- ID or name of the connection.\n","tags":["CCKM/HSMLunaPartitions"],"parameters":[{"name":"body","in":"body","description":"Add Partition Input","schema":{"type":"object","title":"Add Partition Input","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the connection."}},"example":{"connection":"hsm-connection"}}}],"responses":{"201":{"description":"OK"},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/partitions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of partitions.","tags":["CCKM/HSMLunaPartitions"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"connection","in":"query","type":"string","description":"Filter the results by connection"},{"name":"model","in":"query","type":"string","description":"Filter the results by model.","collectionFormat":"multi"},{"name":"label","in":"query","type":"string","description":"Filter the results by label."},{"name":"ha_enabled","in":"query","type":"boolean","description":"Filter the results by ha_enabled."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"2d7debb6-4f99-4181-81a8-bb2575f1ae8b","uri":"kylo:kylo:cckm:luna-partitions:2d7debb6-4f99-4181-81a8-bb2575f1ae8b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-05T07:23:33.57619Z","updatedAt":"2020-11-05T07:23:33.574957Z","flags":0,"max_session_count":0,"session_count":0,"max_rw_session_count":0,"rw_session_count":0,"max_pin_len":0,"min_pin_len":0,"total_public_memory":0,"free_public_memory":0,"total_private_memory":0,"free_private_memory":0,"ha_enabled":true,"members":{"1234567890123":"Partition01","9876543210987":"Partition02"},"connection":"ha-connection"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/partitions/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an Luna HSM partitions with the given `id`.","tags":["CCKM/HSMLunaPartitions"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"2d7debb6-4f99-4181-81a8-bb2575f1ae8b","uri":"kylo:kylo:cckm:luna-partitions:2d7debb6-4f99-4181-81a8-bb2575f1ae8b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-05T07:23:33.57619Z","updatedAt":"2020-11-05T07:23:33.574957Z","flags":0,"max_session_count":0,"session_count":0,"max_rw_session_count":0,"rw_session_count":0,"max_pin_len":0,"min_pin_len":0,"total_public_memory":0,"free_public_memory":0,"total_private_memory":0,"free_private_memory":0,"ha_enabled":true,"members":{"1234567890123":"Partition01","9876543210987":"Partition02"},"connection":"ha-connection"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes an Luna HSM partition from CCKM.","tags":["CCKM/HSMLunaPartitions"],"responses":{"204":{"description":"No Content | Luna HSM partition was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the connection in Luna HSM partition. The connection and partition must be of the same type - HA or single.\n","tags":["CCKM/HSMLunaPartitions"],"parameters":[{"name":"body","in":"body","description":"Updates a Luna HSM partitions.","schema":{"type":"object","title":"Updates a Luna HSM partition.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the connection."}},"example":{"connection":"hsm-connection"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"2d7debb6-4f99-4181-81a8-bb2575f1ae8b","uri":"kylo:kylo:cckm:luna-partitions:2d7debb6-4f99-4181-81a8-bb2575f1ae8b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-05T07:23:33.57619Z","updatedAt":"2020-11-05T07:23:33.574957Z","flags":0,"max_session_count":0,"session_count":0,"max_rw_session_count":0,"rw_session_count":0,"max_pin_len":0,"min_pin_len":0,"total_public_memory":0,"free_public_memory":0,"total_private_memory":0,"free_private_memory":0,"ha_enabled":true,"members":{"1234567890123":"Partition01","9876543210987":"Partition02"},"connection":"updated-connection"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create key","description":"This API creates a RSA key-pair or AES key in the specified partition. Supported mechanisms are as follows\n\n- CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN\n- CKM_RSA_X9_31_KEY_PAIR_GEN\n- CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN\n- CKM_RSA_PKCS_KEY_PAIR_GEN\n- CKM_AES_KEY_GEN\n\nLuna HSM key creation is an asynchronous operation. When the API is run, the status of the key is in_progress. Check the status of the key by calling the get /v1/cckm/hsm/luna/keys/{id} API. This API returns details of the HSM Luna key with the given id. When the key is created successfully, the key status becomes AVAILABLE.\n","tags":["CCKM/HSMLunaKeys"],"parameters":[{"name":"body","in":"body","description":"Create Luna HSM key.","schema":{"type":"object","title":"Create Luna HSM key.","required":["partition_id","size","label"],"properties":{"label":{"type":"string","description":"Label of the key."},"size":{"type":"integer","description":"Size of the key.\nValid sizes are 2048, 3072, 4096 and 8192 for RSA keys, and 128, 192 and 256 for AES keys.\n"},"partition_id":{"type":"string","description":"Partition id in which key would be created."},"mechanism":{"type":"string","description":"Mechanism of the key.\n","enum":["CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN","CKM_RSA_X9_31_KEY_PAIR_GEN","CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN","CKM_RSA_PKCS_KEY_PAIR_GEN","CKM_AES_KEY_GEN"]},"attributes":{"type":"array","items":{"type":"string"},"description":"Attributes of the key.\n","enum":["CKA_MODIFIABLE","CKA_EXTRACTABLE","CKA_SENSITIVE","CKA_ENCRYPT and CKA_DECRYPT","CKA_WRAP and CKA_UNWRAP","CKA_SIGN and CKA_VERIFY","CKA_DERIVE"]},"hyok_key":{"type":"boolean","description":"Indicates whether key is intended for AWS HYOK use. If set, default attribute use will be controlled."}},"example":{"label":"key-label","size":2048,"partition_id":"2d7debb6-4f99-4181-81a8-bb2575f1ae8b","mechanism":"CKM_RSA_X9_31_KEY_PAIR_GEN","attributes":["CKA_MODIFIABLE","CKA_SENSITIVE","CKA_EXTRACTABLE"],"hyok_key":false}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"637832ec-e7e3-4096-b1ab-e2f1029aca2e","uri":"kylo:kylo:cckm:luna-keys:637832ec-e7e3-4096-b1ab-e2f1029aca2e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-20T09:56:00.030509148Z","updatedAt":"2020-11-20T09:56:00.028805102Z","partition_id":"c91b9619-9ebc-4e6c-acfb-4fb7cd9ffb3d","partition_label":"","status":"in_progress","operation":"keycreate","algorithm":"","object_type":"","mechanism":"CKM_RSA_X9_31_KEY_PAIR_GEN","size":2048,"label":"key-label","replicated":false,"byok_key":false,"hyok_key":false,"links":{"id":"1634e28b-85c6-443f-bb4d-68e8b9b2cfcd","uri":"kylo:kylo:cckm:luna-keys:1634e28b-85c6-443f-bb4d-68e8b9b2cfcd","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-20T09:56:00.033188979Z","updatedAt":"2020-11-20T09:56:00.031511693Z","partition_id":"c91b9619-9ebc-4e6c-acfb-4fb7cd9ffb3d","partition_label":"","status":"in_progress","operation":"keycreate","algorithm":"","object_type":"","mechanism":"CKM_RSA_X9_31_KEY_PAIR_GEN","size":2048,"label":"key-label","replicated":false,"byok_key":false,"hyok_key":false,"modulus":"","exponent":0,"link_id":"","ha_enabled":true},"modulus":"","exponent":0,"link_id":"","ha_enabled":true}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List","description":"Returns a list of Luna HSM Keys.","tags":["CCKM/HSMLunaKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"label","in":"query","type":"string","description":"Filter the results by label."},{"name":"algorithm","in":"query","type":"string","description":"Filter the results by algorithm. Valid values are \"rsa\" or \"aes\"","collectionFormat":"multi"},{"name":"mechanism","in":"query","type":"string","description":"Filter the results by mechanism. Valid values are:\n CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN\n CKM_RSA_X9_31_KEY_PAIR_GEN\n CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN\n CKM_RSA_PKCS_KEY_PAIR_GEN\n CKM_AES_KEY_GEN\n"},{"name":"size","in":"query","type":"integer","collectionFormat":"multi","description":"Filter the results by size. Valid values are 2048, 3072, and 4096 for RSA keys, and 128, 192, and 256 for AES keys."},{"name":"byok_key","in":"query","type":"boolean","description":"Filter the results by byok_key."},{"name":"hyok_key","in":"query","type":"boolean","description":"Filter the results by hyok compatibility."},{"name":"partition_id","in":"query","type":"string","description":"Filter the results by partition_id."},{"name":"partition_label","in":"query","type":"string","description":"Filter the results by partition_label."},{"name":"status","in":"query","type":"string","description":"Filter the results by status.","collectionFormat":"multi"},{"name":"object_type","in":"query","type":"string","description":"Filter the results by object_type. Valid values are \"public key\", \"private key\", or \"symmetric key\"","collectionFormat":"multi"},{"name":"origin","in":"query","type":"string","description":"Filter the results by origin."},{"name":"sha_256_fingerprint","in":"query","type":"string","description":"Filter the results by sha_256_fingerprint."},{"name":"modulus","in":"query","type":"string","description":"Filter the results by modulus. Only valid for RSA keys."},{"name":"link_id","in":"query","type":"string","description":"Filter the results by link_id."},{"name":"replicated","in":"query","type":"boolean","description":"Filter the results by replicated."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"1634e28b-85c6-443f-bb4d-68e8b9b2cfcd","uri":"kylo:kylo:cckm:luna-keys:1634e28b-85c6-443f-bb4d-68e8b9b2cfcd","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-20T09:56:00.033189Z","updatedAt":"2020-11-20T09:56:06.039522Z","partition_id":"c91b9619-9ebc-4e6c-acfb-4fb7cd9ffb3d","partition_label":"cckm-1605866160","status":"AVAILABLE","operation":"keycreate","algorithm":"rsa","object_type":"public key","mechanism":"CKM_RSA_X9_31_KEY_PAIR_GEN","size":2048,"label":"key-label","attributes":["CKA_PRIVATE","CKA_TOKEN","CKA_MODIFIABLE"],"object_uid":"5f2a00001f000001155f0900","sha_256_fingerprint":"6c6eb7758f86f7f12ae72a807db42fe7b89bc196791dc0bd8c9c9f30fdf7fdee","replication_info":{"1429964054509":"available","1429964054510":"available"},"replicated":true,"byok_key":false,"hyok_key":false,"origin":"cckm","modulus":"bfc4e6aa7021ff47561a56d2f51f43257f6cf785651472aa04b569f5c26db4fe13c4962b528e196a1287336074063f7a6b8478d52c5bb8051e65c7e9de74cd9bb6bbf644aa2dc57458b2c804eb1838d90d66b9dbce71feacb19999aafbbeba45fca600702496d922f2d288001b39948f1c1d3c0d1ee91511dc7bbbf6fbc5d1944f353934797eb7c31e02f486791376fee5246451ba9a9a44c7c749d226304681b390c6bdb2ad58841401fc92a6a2595adcaa4675d79b1e89a70462be3f7d3046df6a7a5c0ddcefc6ff1cfd55c51d4a41ee64dc583671e407a6f41623a4c2aafc63218940704b51de14677a1c58f965f92f558f0dcc9417b77fdb56ed83824dc3","exponent":65537,"link_id":"637832ec-e7e3-4096-b1ab-e2f1029aca2e","ha_enabled":true},{"id":"637832ec-e7e3-4096-b1ab-e2f1029aca2e","uri":"kylo:kylo:cckm:luna-keys:637832ec-e7e3-4096-b1ab-e2f1029aca2e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-20T09:56:00.030509Z","updatedAt":"2020-11-20T09:56:06.038385Z","partition_id":"c91b9619-9ebc-4e6c-acfb-4fb7cd9ffb3d","partition_label":"cckm-1605866160","status":"AVAILABLE","operation":"keycreate","algorithm":"rsa","object_type":"private key","mechanism":"CKM_RSA_X9_31_KEY_PAIR_GEN","size":2048,"label":"key-label","attributes":["CKA_PRIVATE","CKA_TOKEN","CKA_MODIFIABLE","CKA_SENSITIVE","CKA_EXTRACTABLE"],"object_uid":"5e2a00001f000001155f0900","sha_256_fingerprint":"c7f1b022bdabd9984f8a2d788d6efb422ac71d15a9e5661d7a3ae490601b63e0","replication_info":{"1429964054509":"available","1429964054510":"available"},"replicated":true,"byok_key":false,"hyok_key":false,"origin":"cckm","modulus":"bfc4e6aa7021ff47561a56d2f51f43257f6cf785651472aa04b569f5c26db4fe13c4962b528e196a1287336074063f7a6b8478d52c5bb8051e65c7e9de74cd9bb6bbf644aa2dc57458b2c804eb1838d90d66b9dbce71feacb19999aafbbeba45fca600702496d922f2d288001b39948f1c1d3c0d1ee91511dc7bbbf6fbc5d1944f353934797eb7c31e02f486791376fee5246451ba9a9a44c7c749d226304681b390c6bdb2ad58841401fc92a6a2595adcaa4675d79b1e89a70462be3f7d3046df6a7a5c0ddcefc6ff1cfd55c51d4a41ee64dc583671e407a6f41623a4c2aafc63218940704b51de14677a1c58f965f92f558f0dcc9417b77fdb56ed83824dc3","exponent":65537,"link_id":"1634e28b-85c6-443f-bb4d-68e8b9b2cfcd","ha_enabled":true}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of the Luna HSM key with the given `id`.","tags":["CCKM/HSMLunaKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"637832ec-e7e3-4096-b1ab-e2f1029aca2e","uri":"kylo:kylo:cckm:luna-keys:637832ec-e7e3-4096-b1ab-e2f1029aca2e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-20T09:56:00.030509Z","updatedAt":"2020-11-20T09:56:06.038385Z","partition_id":"c91b9619-9ebc-4e6c-acfb-4fb7cd9ffb3d","partition_label":"cckm-1605866160","status":"AVAILABLE","operation":"keycreate","algorithm":"rsa","object_type":"private key","mechanism":"CKM_RSA_X9_31_KEY_PAIR_GEN","size":2048,"label":"key-label","attributes":["CKA_PRIVATE","CKA_TOKEN","CKA_MODIFIABLE","CKA_SENSITIVE","CKA_EXTRACTABLE"],"object_uid":"5e2a00001f000001155f0900","sha_256_fingerprint":"c7f1b022bdabd9984f8a2d788d6efb422ac71d15a9e5661d7a3ae490601b63e0","replication_info":{"1429964054509":"available","1429964054510":"available"},"replicated":true,"byok_key":false,"hyok_key":false,"origin":"cckm","modulus":"bfc4e6aa7021ff47561a56d2f51f43257f6cf785651472aa04b569f5c26db4fe13c4962b528e196a1287336074063f7a6b8478d52c5bb8051e65c7e9de74cd9bb6bbf644aa2dc57458b2c804eb1838d90d66b9dbce71feacb19999aafbbeba45fca600702496d922f2d288001b39948f1c1d3c0d1ee91511dc7bbbf6fbc5d1944f353934797eb7c31e02f486791376fee5246451ba9a9a44c7c749d226304681b390c6bdb2ad58841401fc92a6a2595adcaa4675d79b1e89a70462be3f7d3046df6a7a5c0ddcefc6ff1cfd55c51d4a41ee64dc583671e407a6f41623a4c2aafc63218940704b51de14677a1c58f965f92f558f0dcc9417b77fdb56ed83824dc3","exponent":65537,"link_id":"1634e28b-85c6-443f-bb4d-68e8b9b2cfcd","ha_enabled":true}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes an Luna HSM key from the CCKM.","tags":["CCKM/HSMLunaKeys"],"responses":{"204":{"description":"No Content | Luna HSM key was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Luna HSM key update is an asynchronous operation. When you run the patch /v1/cckm/hsm/luna/keys/{id} API, the operation_status of the key becomes \"in_progress\". The key might take some time to update. To check the key status, run the get /v1/cckm/hsm/luna/keys/{id} API. The API returns details of the key with its status. When the keyupdate operation is complete, operation_status of the key becomes \"completed\".\n","tags":["CCKM/HSMLunaKeys"],"parameters":[{"name":"body","in":"body","description":"Updates a Luna HSM key.","schema":{"type":"object","title":"Updates a Luna HSM key.","required":["attributes"],"properties":{"attributes":{"type":"array","items":{"type":"object","title":"attributes","properties":{"type":{"description":"Type of the attribute. Can be:\n - \"CKA_TOKEN\",\n - \"CKA_PRIVATE\",\n - \"CKA_MODIFIABLE\",\n - \"CKA_SENSITIVE\",\n - \"CKA_DECRYPT\",\n - \"CKA_UNWRAP\",\n - \"CKA_SIGN\",\n - \"CKA_DERIVE\",\n - \"CKA_EXTRACTABLE\"\n","type":"string"},"value":{"description":"Value corresponding to attribute.","type":"boolean"}}}}},"example":{"attributes":[{"type":"","value":false}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"a79f373b-4f94-4bf0-8768-5b809cb43c46","uri":"kylo:kylo:cckm:luna-keys:a79f373b-4f94-4bf0-8768-5b809cb43c46","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-12-14T10:55:12.086341Z","updatedAt":"2020-12-14T10:57:47.144391701Z","partition_id":"fe192148-82eb-403f-96b2-125bf28d3824","partition_label":"cckm-1607942872","status":"AVAILABLE","operation":"keyupdate","operation_status":"in_progress","algorithm":"rsa","object_type":"private key","mechanism":"CKM_RSA_X9_31_KEY_PAIR_GEN","size":2048,"label":"hsm-key","attributes":["CKA_PRIVATE","CKA_TOKEN","CKA_MODIFIABLE","CKA_SENSITIVE","CKA_EXTRACTABLE"],"object_uid":"b83a00001f000001155f0900","sha_256_fingerprint":"23c5d6bd56432c1ff151a742f1e67bb301a7264e9fc685eebe3063fca6655121","replication_info":{"1429964054507":"available","1429964054508":"available","1429964054509":"available","1429964054510":"available"},"replicated":true,"byok_key":true,"hyok_key":false,"origin":"cckm","modulus":"a3ce9ac0eb6ccdb3634997a217d998fbfc3fbc696458ae408929ae7e9dda185d8a6e62e25ecf4f6e156525b803f5e871fc1ba551d3836d4c9243b926467821ddca8ceee408853532d89beb5f879c7bca4b54b58a68e3b13cd225f8ed40435637d181cf3dc19266212047ab6dd11fdd54446ad044417aaf1f025d515a7defff8df5f9839ccf1289fced7c41009afe6a888d579114ff8f04d5e530dea557aa4ed0df58bcf5df6b9ca62a1e707522a169a713633082d24367d17fc567cbefbe0fe84e270dad42bcca6e5c4c74ae2ca008c7d5219db94e89d30ba6ebd34447983917fec2eba26dc65c16d8d8d3697503bb151655343fd1a68055dc716ace46a540e7","exponent":65537,"link_id":"ca74e45b-e3d0-4fde-af00-f841a7e586d0","ha_enabled":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/keys/{id}/replicate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Luna HSM key replicate is an asynchronous operation. When you run the post /v1/cckm/hsm/luna/keys/{id}/replicate API, the operation_status of the key becomes \"in_progress\". The key might take some time to replicate. To check the key status, run the get /v1/cckm/hsm/luna/keys/{id} API. The API returns details of the key with its status. When the \"keyreplicate\" operation is complete, operation_status of the key becomes \"completed\".\n","tags":["CCKM/HSMLunaKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"b2b01847-3f4b-43c3-afd3-c6ca381b5a45","uri":"kylo:kylo:cckm:luna-keys:b2b01847-3f4b-43c3-afd3-c6ca381b5a45","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-12-15T06:20:15.699004Z","updatedAt":"2020-12-15T06:25:57.338588051Z","partition_id":"ed5b1bbd-ce0b-48c1-ab69-a4592e5b2da2","partition_label":"cckm-1608012946","status":"AVAILABLE","operation":"keyreplicate","operation_status":"in_progress","algorithm":"rsa","object_type":"public key","mechanism":"CKM_RSA_PKCS_KEY_PAIR_GEN","size":2048,"label":"hsm-key","attributes":["CKA_TOKEN","CKA_PRIVATE","CKA_MODIFIABLE","CKA_ENCRYPT","CKA_WRAP","CKA_VERIFY","CKA_DERIVE"],"object_uid":"dc3a00001f000001155f0900","sha_256_fingerprint":"29cf101ff9c927cc2efedc59465256a0f4b0230cfc1014fac5c1249cdcd305d6","replication_info":{"1429964054507":"available","1429964054508":"Error finding key"},"replicated":false,"byok_key":false,"hyok_key":false,"links":{"id":"96ae21a3-9d0e-465b-98fb-6d428b7180d0","uri":"kylo:kylo:cckm:luna-keys:96ae21a3-9d0e-465b-98fb-6d428b7180d0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-12-15T06:20:15.158024Z","updatedAt":"2020-12-15T06:25:57.352607788Z","partition_id":"ed5b1bbd-ce0b-48c1-ab69-a4592e5b2da2","partition_label":"cckm-1608012946","status":"AVAILABLE","operation":"keyreplicate","operation_status":"in_progress","algorithm":"rsa","object_type":"private key","mechanism":"CKM_RSA_PKCS_KEY_PAIR_GEN","size":2048,"label":"hsm-key","attributes":["CKA_TOKEN","CKA_PRIVATE","CKA_MODIFIABLE","CKA_SENSITIVE","CKA_DECRYPT","CKA_UNWRAP","CKA_SIGN","CKA_DERIVE","CKA_EXTRACTABLE"],"object_uid":"dd3a00001f000001155f0900","sha_256_fingerprint":"c89c7e4e57edc97f7cebb261dd72e93494fb6264cdb98331f1014623693412c6","replication_info":{"1429964054507":"available","1429964054508":"Error finding key"},"replicated":false,"byok_key":true,"hyok_key":false,"origin":"unknown","modulus":"b63983de7ba83cb14ce66f80c2b6d8bfbcf071b692345820820eee544caa9203f2bbdd5e3f96d8c114d36105e40f38fec36689473fe1444b609b6b63f1f5e005ecb8d48e4d37eed9a7d324645728721aa5f04ed5f533d5c74cfd3c8949e62d36bc4c9bb835dbbab80e2397bf108b7ae973c3a3a0dd544ed53107acf5f2ae9b2d062edbaeef68ad71686dd0538e3751217dacf0feec8c0d7f27a2d0202c6f0904d57e6cf42b6c8b391ebf5c99cb1e201fbd8370bd1053de91d8a7cc3db9786e0d3b805b7d099f10cca9d5ce900c183ef69d5f537f8bcf8b341b8cfd3a2c5e49937b36df76108c47722be555acf4e03ce29b45ed519acc3882468c40419755dc05","exponent":65537,"link_id":"8c9656e3-f1cd-4dfc-a013-269a5b0228ef","ha_enabled":true},"origin":"unknown","modulus":"b63983de7ba83cb14ce66f80c2b6d8bfbcf071b692345820820eee544caa9203f2bbdd5e3f96d8c114d36105e40f38fec36689473fe1444b609b6b63f1f5e005ecb8d48e4d37eed9a7d324645728721aa5f04ed5f533d5c74cfd3c8949e62d36bc4c9bb835dbbab80e2397bf108b7ae973c3a3a0dd544ed53107acf5f2ae9b2d062edbaeef68ad71686dd0538e3751217dacf0feec8c0d7f27a2d0202c6f0904d57e6cf42b6c8b391ebf5c99cb1e201fbd8370bd1053de91d8a7cc3db9786e0d3b805b7d099f10cca9d5ce900c183ef69d5f537f8bcf8b341b8cfd3a2c5e49937b36df76108c47722be555acf4e03ce29b45ed519acc3882468c40419755dc05","exponent":65537,"link_id":"96ae21a3-9d0e-465b-98fb-6d428b7180d0","ha_enabled":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Luna HSM key deletion is an asynchronous operation. When you run the post /v1/cckm/hsm/luna/{id}/delete API, the operation_status of the key becomes in_progress. The key might take some time to delete. To check the key status, run the get /v1/cckm/hsm/luna/keys/{id} API. The API returns details of the key with its status. When the keydelete operation is complete, the key status becomes DELETED.\n","tags":["CCKM/HSMLunaKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"fe60eab9-bf80-4d9d-b622-309106d65fff","uri":"kylo:kylo:cckm:luna-keys:fe60eab9-bf80-4d9d-b622-309106d65fff","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-24T11:13:26.026671Z","updatedAt":"2020-11-24T11:15:13.915071523Z","partition_id":"49fe365d-63bf-4662-be27-c7ae9e9333a6","partition_label":"cckm-1606216124","status":"in_progress","operation":"keydelete","algorithm":"rsa","object_type":"private key","mechanism":"CKM_RSA_X9_31_KEY_PAIR_GEN","size":2048,"label":"key-label","attributes":["CKA_PRIVATE","CKA_TOKEN","CKA_MODIFIABLE","CKA_SENSITIVE","CKA_EXTRACTABLE"],"object_uid":"6b2b00001f000001155f0900","sha_256_fingerprint":"c0d7ee22234a06c51825081762db43af7f4aa4ccc01a63e64df5e7b10d224ea1","replication_info":{"1429964054509":"available","1429964054510":"available"},"replicated":true,"byok_key":false,"hyok_key":false,"origin":"cckm","modulus":"edc660059f4c3f8c9c5c2a6a9aa2f5db27485636e8eb7e5cc8d42bf884a8e8208602a5dcbe29dada08f03e6ebd81e6fb452501679d9ba9dd85c769b8810c51e34921106ff7697b1889114246c70d83949a1dcfc9416a921637d605c88f078e7834a5823b0590f2f16f112e16918a262794214fa3c066a111988e8b6d9902026f6338458159e2ae22f33f91dfe6f1fc75628d10a0f944f1e1bf890e035cd4fa51ff47e228152d38b24a8585bfe778479ffbbb1dc6c4b2797bfb082aefd672bc5dc32f925b1038bfcabd809fdecb79fad081e46a1b22c8307e80f18cba8d1cae2a479b4845b33e14fcbf7cc2e40c7c897e74483c1a0a7a3cef5599191205a7c49d","exponent":65537,"link_id":"6512447d-f8c6-406e-860f-647f7d53e78a","ha_enabled":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Refresh","description":"Refresh Luna HSM partitions.\n","tags":["CCKM/HSMLunaKeys"],"parameters":[{"name":"body","in":"body","description":"Refresh Luna HSM keys of the given partitions","schema":{"type":"object","title":"List of partitions name and id.","properties":{"partitions":{"type":"array","items":{"type":"string"},"description":"ID of partition from which keys will be refreshed. synchronize_all and partitions are mutually exclusive. Specify either the synchronize_all or partitions."},"synchronize_all":{"type":"boolean","description":"Set true to refresh all keys from all partitions. synchronize_all and partitions are mutually exclusive. Specify either the synchronize_all or partitions."}}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"hsm-luna","partitions":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false,"job_type":"refresh"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns the list of updated status of refresh API. The results can be filtered using the query parameters.\n","tags":["CCKM/HSMLunaKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of refresh."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"hsm-luna","partitions":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false,"job_type":"refresh"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/refresh/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a refresh process with the given ID.","tags":["CCKM/HSMLunaKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"hsm-luna","partitions":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false,"job_type":"refresh"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/refresh/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Returns the details of a canceled refresh process.","tags":["CCKM/HSMLunaKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"hsm-luna","partitions":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/synchronize":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronizes Luna HSM keys.\n","tags":["CCKM/HSMLunaKeys"],"parameters":[{"name":"body","in":"body","description":"Synchronize Luna HSM HA group.","schema":{"type":"object","title":"List of partitions name and id.","properties":{"partitions":{"type":"array","items":{"type":"string"},"description":"ID of partition from which keys will be synchronized. synchronize_all and partitions are mutually exclusive. Specify either the synchronize_all or partitions."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all partitions. synchronize_all and partitions are mutually exclusive. Specify either the synchronize_all or partitions."}}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"hsm-luna","partitions":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false,"job_type":"ha_synchronize"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns the list of updated synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/HSMLunaKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by synchronization overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"hsm-luna","partitions":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false,"job_type":"ha_synchronize"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/synchronize/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a synchronize process with the given ID.","tags":["CCKM/HSMLunaKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"hsm-luna","partitions":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false,"job_type":"ha_synchronize"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/partitions/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"User ACLS","description":"Grants permissions to users or group to perform specific actions on the Luna HSM partitions. User ID and group are mutually exclusive – specify either of the two.\n\nFor the first time users or group, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.\n\nFor example, a user or group is permitted actions, keycreate, keyupdate, and keyrotate. Now, to permit one more action \"keydelete\" to the user or group, set \"permit\":true and \"actions\": \"keydelete\" and run the API. Similarly, now to deny permission to the action \"keycreate\", set \"permit\":false, \"actions\": \"keycreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n APIs | Actions Required | Description\n ------------------------------- | ---------------------------- | ---------------------------------------------------\n Create | keycreate | Permission to create an Luna HSM key.\n Replicate | keyreplicate | Permission to replicate the key on the Luna HSM partitions.\n Delete | keydelete | Permission for deletion of the key.\n Update | keyupdate | Permission to update the key.\n Refresh | refresh | Permission to refresh Luna HSM partitions.\n Synchronize | synchronize | Permission to synchronize Luna HSM keys.\n List | view | Permission to view partition and its keys.\n Get (HSM Luna partition Keys) | view | Permission to get the details of an Luna HSM key with the given id.\n List HSM Luna partition | view | Permission to view Luna HSM partition and its keys.\n Get (HSM Luna partition) | view | Permission to get the details of Luna HSM partition with the given id.\n","tags":["CCKM/HSMLunaPartitions"],"parameters":[{"name":"body","in":"body","description":"Providing permissions to Users.","schema":{"type":"object","title":"Adding a User.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit, false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keydelete","keyreplicate","keyupdate","view","refresh","synchronize"]}}}}},"example":{"acls":[{"group":"CCKM Users","actions":["view"],"permit":true}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"2d7debb6-4f99-4181-81a8-bb2575f1ae8b","uri":"kylo:kylo:cckm:luna-partitions:2d7debb6-4f99-4181-81a8-bb2575f1ae8b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-11-05T07:23:33.57619Z","updatedAt":"2020-11-05T09:14:06.898749953Z","flags":0,"max_session_count":0,"session_count":0,"max_rw_session_count":0,"rw_session_count":0,"max_pin_len":0,"min_pin_len":0,"total_public_memory":0,"free_public_memory":0,"total_private_memory":0,"free_private_memory":0,"ha_enabled":true,"members":{"1234567890123":"Partition01","9876543210987":"Partition02"},"connection":"ha-connection","acls":[{"group":"CCKM Users","actions":["view","keycreate"]}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/hsm/luna/synchronize/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Returns the details of a canceled synchronization process.","tags":["CCKM/HSMLunaKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"hsm-luna","partitions":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/get-domains":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get domains from DSM","description":"Get DSM domains based on the connection.\n","tags":["CCKM/DSMDomains"],"parameters":[{"name":"body","in":"body","description":"Get DSM domains based on the connection","schema":{"type":"object","title":"get domains.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name of the connection based on which domains are to be fetched."}},"example":{"connection":"dsm-connection"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":1065,"url":"/v1/domains/1065","name":"cckm","adminType":"ALL_ADMIN","kmipEnabled":false,"fingerprintRegistrationDisabled":false,"registrationTokenEnabled":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/add-domains":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add domains","description":"Add DSM domains based on the connection.\n","tags":["CCKM/DSMDomains"],"parameters":[{"name":"body","in":"body","description":"Add DSM domains based on the connection","schema":{"type":"object","title":"add domains.","required":["connection","domains"],"properties":{"connection":{"type":"string","description":"Name of the connection."},"domains":{"description":"List of domains.","type":"array","items":{"type":"integer"}}},"example":{"connection":"dsm-connection","domains":[]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"83d7b91f-2298-420e-b7a5-ce0dce07a6d9","uri":"kylo:kylo:cckm:domain:83d7b91f-2298-420e-b7a5-ce0dce07a6d9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"0001-01-01T00:00:00Z","updatedAt":"0001-01-01T00:00:00Z","dsm_params":{"id":1769,"url":"/v1/domains/1769","name":"testkeydomain","adminType":"ALL_ADMIN","kmipEnabled":false,"fingerprintRegistrationDisabled":false,"registrationTokenEnabled":false},"connection":"dsm-connection-domain","synced_at":null,"description":""}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/domains":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of domains.","tags":["CCKM/DSMDomains"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"name","in":"query","type":"string","collectionFormat":"multi","description":"Filter the results by name."},{"name":"connection","in":"query","type":"string","collectionFormat":"multi","description":"Filter the results by connection."},{"name":"adminType","in":"query","type":"string","collectionFormat":"multi","description":"Filter the results by admin_name."},{"name":"kmipEnabled","in":"query","type":"boolean","description":"Filter the results by kmip_enabled."},{"name":"fingerprintRegistrationDisabled","in":"query","type":"boolean","description":"Filter the results by fingerprint_registration_disabled."},{"name":"registrationTokenEnabled","in":"query","type":"boolean","description":"Filter the results by registration_token_enabled."},{"name":"hosts","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results by hosts.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"89c49e63-b5c9-46be-9371-0d8b0649e289","uri":"kylo:kylo:cckm:domain:89c49e63-b5c9-46be-9371-0d8b0649e289","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-02T09:22:50.853645Z","updatedAt":"2021-03-03T06:13:23.360827Z","dsm_params":{"id":2153,"url":"/v1/domains/2153","name":"domain1","adminType":"ALL_ADMIN","kmipEnabled":false,"fingerprintRegistrationDisabled":false,"registrationTokenEnabled":false},"connection":"dsm-connection-domain","synced_at":"2021-03-03T06:13:23.36059Z","description":""},{"id":"83d7b91f-2298-420e-b7a5-ce0dce07a6d9","uri":"kylo:kylo:cckm:domain:83d7b91f-2298-420e-b7a5-ce0dce07a6d9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-03T06:15:15.622119Z","updatedAt":"2021-03-03T06:15:15.620849Z","dsm_params":{"id":1769,"url":"/v1/domains/1769","name":"testkeydomain","adminType":"ALL_ADMIN","kmipEnabled":false,"fingerprintRegistrationDisabled":false,"registrationTokenEnabled":false},"connection":"dsm-connection-domain","synced_at":null,"description":""}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/domains/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a DSM domains with the given `id`.","tags":["CCKM/DSMDomains"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"83d7b91f-2298-420e-b7a5-ce0dce07a6d9","uri":"kylo:kylo:cckm:domain:83d7b91f-2298-420e-b7a5-ce0dce07a6d9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-03T06:15:15.622119Z","updatedAt":"2021-03-03T06:15:15.620849Z","dsm_params":{"id":1769,"url":"/v1/domains/1769","name":"testkeydomain","adminType":"ALL_ADMIN","kmipEnabled":false,"fingerprintRegistrationDisabled":false,"registrationTokenEnabled":false},"connection":"dsm-connection-domain","synced_at":null,"description":""}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the connection and description in DSM domain. This operation requires connection to have appropriate access permissions on the domain.\n","tags":["CCKM/DSMDomains"],"parameters":[{"name":"body","in":"body","description":"Updates a DSM domains.","schema":{"type":"object","title":"Updates a DSM domains.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the connection."},"description":{"type":"string","description":"Description to be updated for domain."}},"example":{"connection":"dsm-connection","description":"Description to be updated"}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"83d7b91f-2298-420e-b7a5-ce0dce07a6d9","uri":"kylo:kylo:cckm:domain:83d7b91f-2298-420e-b7a5-ce0dce07a6d9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-03T06:15:15.622119Z","updatedAt":"2021-03-03T06:21:21.552824251Z","dsm_params":{"id":1769,"url":"/v1/domains/1769","name":"testkeydomain","adminType":"ALL_ADMIN","kmipEnabled":false,"fingerprintRegistrationDisabled":false,"registrationTokenEnabled":false},"connection":"dsm-connection-domain","synced_at":null,"description":"Description to be updated"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a domain from the CCKM.","tags":["CCKM/DSMDomains"],"responses":{"204":{"description":"No Content","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create Key","description":"Create Key in Dsm.\n","tags":["CCKM/DSMKeys"],"parameters":[{"name":"body","in":"body","description":"Create Key in Dsm.","schema":{"type":"object","title":"Create Key.","required":["dsm_params","domain","object_type"],"properties":{"extractable":{"type":"boolean","description":"Specify whether the key is extractable."},"domain":{"type":"string","description":"ID of the domain."},"object_type":{"type":"string","description":"Object type of the key. Whether the key is \"asymmetric\" or \"symmetric\"."},"dsm_params":{"type":"object","description":"DSM parameters.","required":["name","algorithm"],"properties":{"description":{"type":"string","description":"Description of the key."},"name":{"type":"string","description":"Name of the Key."},"algorithm":{"type":"string","description":"Algorithm of the Key.","enum":["RSA1024 (asymmetric)","RSA2048 (asymmetric)","RSA3072 (asymmetric)","RSA4096 (asymmetric)","AES256 (symmetric)","AES128 (symmetric)","ARIA128 (symmetric)","ARIA256 (symmetric)"]},"encryptionMode":{"type":"string","description":"Encryption mode applicable to AES symmetric keys only.","enum":["CBC","CBC_CS1","XTS"]},"expirationTime":{"type":"string","description":"Expiration Time of the Key,must be formatted as per RFC3339. Example \"2022-07-31T17:18:37.085Z\"."},"keyVersionLifeSpan":{"type":"integer","description":"Key Version Life Span of the Key."}}}},"example":{"domain":"","extractable":true,"object_type":"","dsm_params":{"name":"","algorithm":"","encryptionMode":""}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"d3296d8a-22bf-4b9c-8ff7-a41104b4631e","uri":"kylo:kylo:cckm:dsm-key:d3296d8a-22bf-4b9c-8ff7-a41104b4631e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-03T05:38:55.793895104Z","updatedAt":"2021-03-03T05:38:55.79072393Z","dsm_params":{"name":"testkey123","algorithm":"AES256","encryptionMode":"CBC","keyUsageType":"STORED_ON_SERVER","id":312745,"url":"/v1/domains/2153/keys/symmetric/312745","uuid":"b4946274-1389-31e5-86f9-ec48c0581a39","state":"ACTIVE","creationTime":"2021-03-03T05:07:58.243-08:00","source":"From DSM","domainId":2153,"keyVersion":0,"keyHash":"7b5e25713d79dc52d7df82c5106e6dd8b6a4270e52a568d141cc93923367d95246398601169016640e565be058d6b5bf","numberOfPolicies":0,"alignUnit":"","alignedCachedTime":0,"publicKey":"","publicKeyFormat":"","alignedKeyVersionLifeSpan":0},"domain_id":"89c49e63-b5c9-46be-9371-0d8b0649e289","domain":"domain1","object_type":"symmetric","attributes":{"Cryptographic Usage Mask":"127","EXT_KID":"1796125542","MUID":"b4946274-1389-31e5-86f9-ec48c0581a39c04e690b-777e-303c-b66e-2f0a99229774","UUID":"b4946274-1389-31e5-86f9-ec48c0581a39","x-key-state":"ACTIVE","x-key-state-actions":"PROTECT_AND_PROCESS"},"extractable":true,"versioned":false}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List","description":"Returns a list of DSM Keys.","tags":["CCKM/DSMKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"uuid","in":"query","type":"string","description":"Filter the results by uuid."},{"name":"name","in":"query","type":"string","description":"Filter the results by name."},{"name":"domain","in":"query","type":"string","description":"Filter the results by domain.","collectionFormat":"multi"},{"name":"domain_id","in":"query","type":"string","description":"Filter the results by domain_id.","collectionFormat":"multi"},{"name":"keyVersion","in":"query","type":"string","description":"Filter the results by keyVersion."},{"name":"algorithm","in":"query","type":"string","description":"Filter the results by algorithm","collectionFormat":"multi"},{"name":"state","in":"query","type":"string","description":"Filter the results by state.","collectionFormat":"multi"},{"name":"extractable","in":"query","type":"boolean","description":"Filter the results based on whether the key is extractable or not."},{"name":"versioned","in":"query","type":"boolean","description":"Filter the results to check whether the key is versioned or not."},{"name":"encryption_mode","in":"query","type":"string","description":"Filter the results by Encryption Mode.","collectionFormat":"multi"},{"name":"object_type","in":"query","type":"string","description":"Filter the results by object_type.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":2,"total":23,"resources":[{"id":"d3296d8a-22bf-4b9c-8ff7-a41104b4631e","uri":"kylo:kylo:cckm:dsm-key:d3296d8a-22bf-4b9c-8ff7-a41104b4631e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-03T05:38:55.793895Z","updatedAt":"2021-03-03T05:38:55.790724Z","dsm_params":{"name":"testkey123","algorithm":"AES256","encryptionMode":"CBC","keyUsageType":"STORED_ON_SERVER","id":312745,"url":"/v1/domains/2153/keys/symmetric/312745","uuid":"b4946274-1389-31e5-86f9-ec48c0581a39","state":"ACTIVE","creationTime":"2021-03-03T13:07:58.243Z","source":"From DSM","domainId":2153,"keyVersion":0,"keyHash":"7b5e25713d79dc52d7df82c5106e6dd8b6a4270e52a568d141cc93923367d95246398601169016640e565be058d6b5bf","numberOfPolicies":0,"alignUnit":"","alignedCachedTime":0,"publicKey":"","publicKeyFormat":"","alignedKeyVersionLifeSpan":0},"domain_id":"89c49e63-b5c9-46be-9371-0d8b0649e289","domain":"domain1","object_type":"symmetric","attributes":{"Cryptographic Usage Mask":"127","EXT_KID":"1796125542","MUID":"b4946274-1389-31e5-86f9-ec48c0581a39c04e690b-777e-303c-b66e-2f0a99229774","UUID":"b4946274-1389-31e5-86f9-ec48c0581a39","x-key-state":"ACTIVE","x-key-state-actions":"PROTECT_AND_PROCESS"},"extractable":true,"versioned":false},{"id":"6be34cd8-4140-4e82-8484-1aa3089bfda1","uri":"kylo:kylo:cckm:dsm-key:6be34cd8-4140-4e82-8484-1aa3089bfda1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-02T11:03:34.782879Z","updatedAt":"2021-03-02T11:03:34.781279Z","dsm_params":{"name":"test1","algorithm":"ARIA256","keyUsageType":"STORED_ON_SERVER","id":302121,"url":"/v1/domains/2153/keys/symmetric/302121","uuid":"f4b6470a-6dba-3404-9bf7-edb72dc2929e","state":"ACTIVE","creationTime":"2021-03-02T18:32:42.395Z","source":"From DSM","domainId":2153,"keyVersion":0,"keyHash":"6a07b04a17cfbccb4520929f07c49d07333c8e7371431cb3dd5cbfae9126017983b6460a308208162056108947d7778a","numberOfPolicies":0,"alignUnit":"","alignedCachedTime":0,"publicKey":"","publicKeyFormat":"","alignedKeyVersionLifeSpan":0},"domain_id":"89c49e63-b5c9-46be-9371-0d8b0649e289","domain":"domain1","object_type":"symmetric","attributes":{"Cryptographic Usage Mask":"127","EXT_KID":"1640278799","MUID":"f4b6470a-6dba-3404-9bf7-edb72dc2929e3a63214e-edb7-3d22-a760-2b32315e5fff","UUID":"f4b6470a-6dba-3404-9bf7-edb72dc2929e","x-key-state":"ACTIVE","x-key-state-actions":"PROTECT_AND_PROCESS"},"extractable":true,"versioned":false}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of the DSM key with the given `id`.","tags":["CCKM/DSMKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"d3296d8a-22bf-4b9c-8ff7-a41104b4631e","uri":"kylo:kylo:cckm:dsm-key:d3296d8a-22bf-4b9c-8ff7-a41104b4631e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-03T05:38:55.793895Z","updatedAt":"2021-03-03T05:38:55.790724Z","dsm_params":{"name":"testkey123","algorithm":"AES256","encryptionMode":"CBC","keyUsageType":"STORED_ON_SERVER","id":312745,"url":"/v1/domains/2153/keys/symmetric/312745","uuid":"b4946274-1389-31e5-86f9-ec48c0581a39","state":"ACTIVE","creationTime":"2021-03-03T13:07:58.243Z","source":"From DSM","domainId":2153,"keyVersion":0,"keyHash":"7b5e25713d79dc52d7df82c5106e6dd8b6a4270e52a568d141cc93923367d95246398601169016640e565be058d6b5bf","numberOfPolicies":0,"alignUnit":"","alignedCachedTime":0,"publicKey":"","publicKeyFormat":"","alignedKeyVersionLifeSpan":0},"domain_id":"89c49e63-b5c9-46be-9371-0d8b0649e289","domain":"domain1","object_type":"symmetric","attributes":{"Cryptographic Usage Mask":"127","EXT_KID":"1796125542","MUID":"b4946274-1389-31e5-86f9-ec48c0581a39c04e690b-777e-303c-b66e-2f0a99229774","UUID":"b4946274-1389-31e5-86f9-ec48c0581a39","x-key-state":"ACTIVE","x-key-state-actions":"PROTECT_AND_PROCESS"},"extractable":true,"versioned":false}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Delete key with the given `id`.","tags":["CCKM/DSMKeys"],"responses":{"204":{"description":"No Content | Key was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/keys/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Delete key from DSM and returns details of deleted DSM key with the given `id`.","tags":["CCKM/DSMKeys"],"responses":{"200":{"description":"Deleted | OK","schema":{"type":"object"},"examples":{"application/json":{"id":"d3296d8a-22bf-4b9c-8ff7-a41104b4631e","uri":"kylo:kylo:cckm:dsm-key:d3296d8a-22bf-4b9c-8ff7-a41104b4631e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-03T05:38:55.793895Z","updatedAt":"2021-03-03T05:42:44.208104254Z","dsm_params":{"name":"testkey123","algorithm":"AES256","encryptionMode":"CBC","keyUsageType":"STORED_ON_SERVER","id":312745,"url":"/v1/domains/2153/keys/symmetric/312745","uuid":"b4946274-1389-31e5-86f9-ec48c0581a39","state":"DELETED","creationTime":"2021-03-03T13:07:58.243Z","source":"From DSM","domainId":2153,"keyVersion":0,"keyHash":"7b5e25713d79dc52d7df82c5106e6dd8b6a4270e52a568d141cc93923367d95246398601169016640e565be058d6b5bf","numberOfPolicies":0,"alignUnit":"","alignedCachedTime":0,"publicKey":"","publicKeyFormat":"","alignedKeyVersionLifeSpan":0},"domain_id":"89c49e63-b5c9-46be-9371-0d8b0649e289","domain":"domain1","object_type":"symmetric","attributes":{"Cryptographic Usage Mask":"127","EXT_KID":"1796125542","MUID":"b4946274-1389-31e5-86f9-ec48c0581a39c04e690b-777e-303c-b66e-2f0a99229774","UUID":"b4946274-1389-31e5-86f9-ec48c0581a39","x-key-state":"ACTIVE","x-key-state-actions":"PROTECT_AND_PROCESS"},"extractable":true,"versioned":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/domains/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"User ACLS","description":"Grants permissions to users or group to perform specific actions on the DSM domains. User ID and group are mutually exclusive – specify either of the two.\n\nFor the first time users or group, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.\n\nFor example, a user or group is permitted actions, keycreate, and refresh. Now, to permit one more action \"keydelete\" to the user or group, set \"permit\":true and \"actions\": \"keydelete\" and run the API. Similarly, now to deny permission to the action \"keycreate\", set \"permit\":false, \"actions\": \"keycreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n APIs | Actions Required | Description\n ------------------------------- | ---------------------------- | ---------------------------------------------------\n Create | keycreate | Permission to create a DSM key.\n Delete | keydelete | Permission for deletion of the key.\n Refresh | refresh | Permission to refresh DSM domain.\n List | view | Permission to view domain and its keys.\n Get (DSM domain Keys) | view | Permission to get the details of a DSM key with the given id.\n List DSM domain | view | Permission to view DSM domain and its keys.\n Get (DSM domain) | view | Permission to get the details of DSM domain with the given id.\n","tags":["CCKM/DSMDomains"],"parameters":[{"name":"body","in":"body","description":"Providing permissions to Users.","schema":{"type":"object","title":"Adding a User.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit, false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keydelete","view","refresh"]}}}}},"example":{"acls":[{"group":"CCKM Users","actions":["view"],"permit":true}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"83d7b91f-2298-420e-b7a5-ce0dce07a6d9","uri":"kylo:kylo:cckm:domain:83d7b91f-2298-420e-b7a5-ce0dce07a6d9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-03-03T06:15:15.622119Z","updatedAt":"2021-03-03T06:22:13.54186619Z","dsm_params":{"id":1769,"url":"/v1/domains/1769","name":"testkeydomain","adminType":"ALL_ADMIN","kmipEnabled":false,"fingerprintRegistrationDisabled":false,"registrationTokenEnabled":false},"connection":"dsm-connection-domain","acls":[{"group":"CCKM Users","actions":["view"]}],"synced_at":null,"description":"Description to be updated"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Refresh","description":"Refresh DSM domains.\n","tags":["CCKM/DSMKeys"],"parameters":[{"name":"body","in":"body","description":"Refresh DSM keys of the given domains","schema":{"type":"object","title":"List of domain id.","properties":{"domains":{"type":"array","items":{"type":"string"},"description":"ID of domain from which keys will be refreshed. synchronize_all and domains are mutually exclusive. Specify either the synchronize_all or domains."},"synchronize_all":{"type":"boolean","description":"Set true to refresh all keys from all domains. synchronize_all and domains are mutually exclusive. Specify either the synchronize_all or domains."}}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"dsm","domains":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns the list of updated status of refresh API. The results can be filtered using the query parameters.\n","tags":["CCKM/DSMKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of refresh."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"dsm","domains":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/refresh/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a refresh process with the given ID.","tags":["CCKM/DSMKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"dsm","domains":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/dsm/refresh/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Returns the details of a canceled refresh process.","tags":["CCKM/DSMKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"dsm","domains":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a Google Cloud key. Specify the following details.\n- Key Ring ID or Name where the Key needs to be created\n- Parameters for the Key such as algorithm, purpose, protection_level, key_name etc.\n","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"body","in":"body","description":"Create a new native Google Cloud key","schema":{"type":"object","title":"Create a new native Google Cloud key.","required":["key_ring","gcp_key_params"],"properties":{"gcp_key_params":{"type":"object","description":"Google Cloud Key related parameters","required":["key_name","purpose","protection_level","algorithm"],"properties":{"key_name":{"type":"string","description":"Name of the Google Cloud key where key will be created."},"next_rotation_time":{"type":"string","description":"Next time the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as per RFC3339. Example \"2022-07-31T17:18:37.085Z\"."},"rotation_period":{"type":"string","description":"Frequency at which the Google Cloud key will to be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as a duration in seconds terminated by \"s\". Example \"360000s\"."},"labels":{"type":"object","additionalProperties":{"type":"string"},"description":"Labels attached to the Google Cloud key in the form of string key,value json pair"},"purpose":{"type":"string","description":"Purpose of the key.","enum":["ENCRYPT_DECRYPT","ASYMMETRIC_SIGN","ASYMMETRIC_DECRYPT","MAC"]},"protection_level":{"type":"string","description":"Protection level of the key.","enum":["SOFTWARE","HSM"]},"algorithm":{"type":"string","description":"Algorithm of the key.","enum":["RSA_SIGN_PSS_2048_SHA256","RSA_SIGN_PSS_3072_SHA256","RSA_SIGN_PSS_4096_SHA256","RSA_SIGN_PSS_4096_SHA512","RSA_SIGN_PKCS1_2048_SHA256","RSA_SIGN_PKCS1_3072_SHA256","RSA_SIGN_PKCS1_4096_SHA256","RSA_SIGN_PKCS1_4096_SHA512","RSA_DECRYPT_OAEP_2048_SHA256","RSA_DECRYPT_OAEP_3072_SHA256","RSA_DECRYPT_OAEP_4096_SHA256","RSA_DECRYPT_OAEP_4096_SHA512","EC_SIGN_P256_SHA256","EC_SIGN_P384_SHA384","EC_SIGN_SECP256K1_SHA256 (Only for protection level = HSM)","GOOGLE_SYMMETRIC_ENCRYPTION","HMAC_SHA256"]}}},"key_ring":{"type":"string","description":"ID or Resource URL of the Google Cloud keyRing where key will be created."}},"example":{"key_ring":"projects/my-project/locations/my-location/keyRings/my-keyring","gcp_key_params":{"key_name":"TestKey","purpose":"ENCRYPT_DECRYPT","protection_level":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","labels":{"isakey":"yes"}}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"82436f2b-9d09-48f5-aca5-49433cad79dc","uri":"kylo:kylo:cckm:gcp-keys:82436f2b-9d09-48f5-aca5-49433cad79dc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.555548616Z","updatedAt":"2021-07-09T07:43:34.554404684Z","cloud_name":"gcp","key_id":"TestKey","project_id":"cckm","location_id":"global","key_ring_id":"Cckm-test","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","gone":false,"auto_rotate":false,"status":"AVAILABLE","create_status":"AVAILABLE","gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","gcp_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","primary":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","createTime":"2021-07-09T07:45:16.366375703Z","labels":{"isakey":"yes"},"purpose":"ENCRYPT_DECRYPT","next_rotation_time":null,"protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List Keys","description":"Returns the list of Google Cloud Keys. The results can be filtered using the query parameters.\n","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of Google Cloud key."},{"name":"name","in":"query","type":"string","description":"Filter the results by Google Cloud key name."},{"name":"key_id","in":"query","type":"string","description":"Filter the results by Google Cloud key ID."},{"name":"key_ring_id","in":"query","type":"string","description":"Filter the results by Google Cloud key ring id.","collectionFormat":"multi"},{"name":"location_id","in":"query","type":"string","description":"Filter the results by location id.","collectionFormat":"multi"},{"name":"project_id","in":"query","type":"string","description":"Filter the results by project id.","collectionFormat":"multi"},{"name":"create_status","in":"query","type":"string","description":"Filter the results by create status.","collectionFormat":"multi"},{"name":"organization_name","in":"query","type":"string","description":"Filter the results by organization name in the form organizations/.","collectionFormat":"multi"},{"name":"organization_display_name","in":"query","type":"string","description":"Filter the results by organization display name. If credentials do not have Organization Viewer role, display name is the organization ID.","collectionFormat":"multi"},{"name":"purpose","in":"query","type":"string","description":"Filter the results by purpose.","collectionFormat":"multi"},{"name":"algorithm","in":"query","type":"string","description":"Filter the results by Google Cloud key algorithm.","collectionFormat":"multi"},{"name":"protection_level","in":"query","type":"string","description":"Filter the results by Google Cloud key protection level.","collectionFormat":"multi"},{"name":"job_config_id","in":"query","type":"string","description":"Filter the results by job_config_id."},{"name":"state","in":"query","type":"string","description":"Filter the results by Google Cloud key state. Possible values for symmetric key are PENDING_GENERATION, ABORTED, ENABLED, DISABLED, DESTROY_SCHEDULED, DESTROYED.","collectionFormat":"multi"},{"name":"rotation_job_enabled","in":"query","type":"string","description":"Filter the results if rotation job is enabled or disabled."},{"name":"labels","in":"query","type":"string","description":"A valid JSON value. Keys whose 'labels' attribute contains the JSON value will be returned.\nExamples of JSON containment:\n\n- Values contain themselves: `[{\"LabelKey\": \"Name\", \"LabelValue\": \"TestLabel\"}]` contains `[{\"LabelKey\": \"Name\", \"LabelValue\": \"TestLabel\"}]`\n- Values contain subsets: `[{\"LabelKey\": \"Name\", \"LabelValue\": \"test\"},{\"LabelKey\": \"cloud\", \"LabelValue\": \"aws\"}]` contains `{\"Name\":\"test\"}` and `{\"cloud\":\"aws\"}`, but not `{\"cloud\":\"azure\"}`\n- Values contains only TagKey: [{\"LabelKey\": \"Name\"}]`\n"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"82436f2b-9d09-48f5-aca5-49433cad79dc","uri":"kylo:kylo:cckm:gcp-keys:82436f2b-9d09-48f5-aca5-49433cad79dc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.555549Z","updatedAt":"2021-07-09T07:43:34.554405Z","cloud_name":"gcp","key_id":"TestKey","project_id":"cckm","location_id":"global","key_ring_id":"Cckm-test","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","gone":false,"auto_rotate":false,"status":"AVAILABLE","create_status":"AVAILABLE","gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","gcp_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","primary":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","createTime":"2021-07-09T07:45:16.366376Z","labels":{"isakey":"yes"},"purpose":"ENCRYPT_DECRYPT","next_rotation_time":null,"protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION"},"state":"ENABLED","organization_name":"organizations/123456789012","organization_display_name":"123456789012"}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Gets a key","description":"Returns the details of a Google Cloud key with the given id.\n","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","examples":{"id":"82436f2b-9d09-48f5-aca5-49433cad79dc","uri":"kylo:kylo:cckm:gcp-keys:82436f2b-9d09-48f5-aca5-49433cad79dc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.555549Z","updatedAt":"2021-07-09T07:43:34.554405Z","cloud_name":"gcp","key_id":"TestKey","project_id":"cckm","location_id":"global","key_ring_id":"Cckm-test","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","gone":false,"auto_rotate":false,"status":"AVAILABLE","create_status":"AVAILABLE","gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","gcp_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","primary":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","createTime":"2021-07-09T07:45:16.366376Z","labels":{"isakey":"yes"},"purpose":"ENCRYPT_DECRYPT","next_rotation_time":null,"protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION"},"organization_name":"organizations/123456789012","organization_display_name":"123456789012"}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the key attributes. For symmetric keys, updatable fields are: primary_version_id, next_rotation_time, rotation_period and labels. For asymmetric, updatable fields are: version_template_algorithm and labels. For HMAC keys, updatable field is: labels.","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"body","in":"body","description":"Updates a Google Cloud key.","schema":{"type":"object","title":"Updates a Google Cloud key.","properties":{"primary_version_id":{"type":"string","description":"Version number of the new primary version."},"next_rotation_time":{"type":"string","description":"Next time the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as per RFC3339. Example \"2022-07-31T17:18:37.085Z\"."},"rotation_period":{"type":"string","description":"Frequency at which the Google Cloud key will to be automatically rotated by Google Cloud KMS (symmetric key only). Must be formatted as a duration in seconds terminated by \"s\". Example \"360000s\"."},"labels":{"type":"object","additionalProperties":{"type":"string"},"description":"Labels attached to the Google Cloud key in the form of string key,value json pair."},"version_template_algorithm":{"type":"string","description":"Algorithm of the asymmetric key (Symmetric key and HMAC key algorithm is not updatable).","enum":["RSA_SIGN_PSS_2048_SHA256","RSA_SIGN_PSS_3072_SHA256","RSA_SIGN_PSS_4096_SHA256","RSA_SIGN_PSS_4096_SHA512","RSA_SIGN_PKCS1_2048_SHA256","RSA_SIGN_PKCS1_3072_SHA256","RSA_SIGN_PKCS1_4096_SHA256","RSA_SIGN_PKCS1_4096_SHA512","RSA_DECRYPT_OAEP_2048_SHA256","RSA_DECRYPT_OAEP_3072_SHA256","RSA_DECRYPT_OAEP_4096_SHA256","RSA_DECRYPT_OAEP_4096_SHA512","EC_SIGN_P256_SHA256","EC_SIGN_P384_SHA384","EC_SIGN_SECP256K1_SHA256 (Only for protection level = HSM)"]}}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"82436f2b-9d09-48f5-aca5-49433cad79dc","uri":"kylo:kylo:cckm:gcp-keys:82436f2b-9d09-48f5-aca5-49433cad79dc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.555549Z","updatedAt":"2021-07-09T07:43:34.554405Z","cloud_name":"gcp","key_id":"TestKey","project_id":"cckm","location_id":"global","key_ring_id":"Cckm-test","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","gone":false,"auto_rotate":false,"status":"AVAILABLE","create_status":"AVAILABLE","gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","gcp_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","primary":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","createTime":"2021-07-09T07:45:16.366376Z","labels":{"isakey":"yes"},"purpose":"ENCRYPT_DECRYPT","next_rotation_time":null,"protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION"},"organization_name":"organizations/123456789012","organization_display_name":"123456789012"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/versions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns the list of Google Cloud key versions. The results can be filtered using the query parameters.\n","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"version_id","in":"query","type":"string","description":"Filter the results by internal id of Google Cloud key version."},{"name":"version","in":"query","type":"string","description":"Filter the results by Google Cloud key version id (i.e. version=3)."},{"name":"name","in":"query","type":"string","description":"Filter the results by Google Cloud key version full name (i.e. \"projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/key-1/cryptoKeyVersions/3\")."},{"name":"state","in":"query","type":"string","description":"Filter the results by Google Cloud key version state.","collectionFormat":"multi"},{"name":"algorithm","in":"query","type":"string","description":"Filter the results by Google Cloud key version algorithm.","collectionFormat":"multi"},{"name":"is_primary","in":"query","type":"boolean","description":"Filter the results on whether the Google Cloud key version is the primary version."},{"name":"deleted","in":"query","type":"boolean","description":"Filter the results by deleted key version."},{"name":"gone","in":"query","type":"boolean","description":"Filter the results by gone."},{"name":"key_material_origin","in":"query","type":"string","description":"Filter the results by key_material_origin.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"13638893-784f-484d-a050-53d25a9931d3","uri":"kylo:kylo:cckm:gcp-key-versions:13638893-784f-484d-a050-53d25a9931d3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.552654Z","updatedAt":"2021-07-09T07:43:34.550503Z","parent_key_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","parent_key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","version":1,"is_primary":true,"key_material_origin":"native","deleted":false,"gone":false,"gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","gcp_key_version_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","state":"ENABLED","protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","createTime":"2021-07-09T07:45:16.366376Z","generateTime":"2021-07-09T07:45:16.366376Z"}}]}},"404":{"description":"Resource not found."}}},"post":{"summary":"Post","description":"Add a new key version to a symmetric or asymmetric or hmac Google Cloud key. Specify whether the version will be created natively on Google Cloud or uploaded from an external key source.","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"body","in":"body","description":"Adds a new key version to a Google Cloud key.","schema":{"type":"object","title":"Adds a new key version to a Google Cloud key.","required":["is_native"],"properties":{"source_key_tier":{"type":"string","description":"Key source from where the key will be uploaded. - local for keySecure - dsm for DSM - hsm-luna for Luna HSM"},"source_key_id":{"type":"string","description":"The key ID which will be uploaded from key source."},"algorithm":{"type":"string","description":"Algorithm of the key.","enum":["RSA_SIGN_PSS_2048_SHA256","RSA_SIGN_PSS_3072_SHA256","RSA_SIGN_PSS_4096_SHA256","RSA_SIGN_PSS_4096_SHA512","RSA_SIGN_PKCS1_2048_SHA256","RSA_SIGN_PKCS1_3072_SHA256","RSA_SIGN_PKCS1_4096_SHA256","RSA_SIGN_PKCS1_4096_SHA512","RSA_DECRYPT_OAEP_2048_SHA256","RSA_DECRYPT_OAEP_3072_SHA256","RSA_DECRYPT_OAEP_4096_SHA256","RSA_DECRYPT_OAEP_4096_SHA512","EC_SIGN_P256_SHA256","EC_SIGN_P384_SHA384","EC_SIGN_SECP256K1_SHA256 (Only for protection level = HSM)","GOOGLE_SYMMETRIC_ENCRYPTION","HMAC_SHA256"]},"is_native":{"type":"boolean","description":"This flag tells whether the key version will be created natively or will be uploaded."}}}}],"responses":{"204":{"description":"OK","schema":{"type":"object"},"examples":{"id":"ce23f9be-287e-4b15-b2d9-c42362de6ef8","uri":"kylo:kylo:cckm:gcp-key-versions:ce23f9be-287e-4b15-b2d9-c42362de6ef8","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T09:00:55.019909334Z","updatedAt":"2021-07-09T09:00:55.01855799Z","parent_key_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","parent_key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","version":2,"is_primary":true,"key_material_origin":"native","deleted":false,"gone":false,"gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","gcp_key_version_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","state":"ENABLED","protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","createTime":"2021-07-09T09:02:36.11438554Z","generateTime":"2021-07-09T09:02:36.11438554Z"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/versions/{versionID}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"get":{"summary":"Get key version details.","description":"Get key version details. Specify the key ID and the version ID.","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"ce23f9be-287e-4b15-b2d9-c42362de6ef8","uri":"kylo:kylo:cckm:gcp-key-versions:ce23f9be-287e-4b15-b2d9-c42362de6ef8","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T09:00:55.019909Z","updatedAt":"2021-07-09T09:00:55.018558Z","parent_key_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","parent_key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","version":2,"is_primary":true,"key_material_origin":"native","deleted":false,"gone":false,"gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","gcp_key_version_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","state":"ENABLED","protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","createTime":"2021-07-09T09:02:36.114386Z","generateTime":"2021-07-09T09:02:36.114386Z"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/versions/{versionID}/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"post":{"summary":"Refreshes the key version details and updates with the latest version.","description":"Refreshes the key version details.","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"ce23f9be-287e-4b15-b2d9-c42362de6ef8","uri":"kylo:kylo:cckm:gcp-key-versions:ce23f9be-287e-4b15-b2d9-c42362de6ef8","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T09:00:55.019909Z","updatedAt":"2021-07-09T09:00:55.018558Z","parent_key_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","parent_key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","version":2,"is_primary":true,"key_material_origin":"native","deleted":false,"gone":false,"gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","gcp_key_version_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","state":"ENABLED","protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","createTime":"2021-07-09T09:02:36.114386Z","generateTime":"2021-07-09T09:02:36.114386Z"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Refreshes the key and all the version details and updates with the latest values.","description":"Refreshes the key and all the version details.","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"e37185f8-c4d4-4942-ac6d-105ece81ff13","uri":"kylo:kylo:cckm:gcp-key-versions:e37185f8-c4d4-4942-ac6d-105ece81ff13","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-04-27T06:13:31.892241Z","updatedAt":"2021-04-27T06:13:31.889962Z","synced_at":"2021-04-27T06:13:31.889529Z","parent_key_name":"projects/cckmqa-automation/locations/us-east1/keyRings/cckmautomation/cryptoKeys/testkey","key_ring_name":"projects/cckmqa-automation/locations/us-east1/keyRings/cckmautomation","version":1,"is_primary":true,"key_material_origin":"unknown","deleted":false,"gone":false,"gcp_key_version_params":{"name":"projects/cckmqa-automation/locations/us-east1/keyRings/cckmautomation/cryptoKeys/testkey/cryptoKeyVersions/1","state":"ENABLED","protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","createTime":"2021-04-26T14:14:59.879236Z","generateTime":null,"destroyEventTime":null,"importJob":"projects/cckmqa-automation/locations/us-east1/keyRings/cckmautomation/importJobs/8ee91e45-6f8b-42c0-93df-c61e157233b2","importTime":"2021-04-26T14:14:59.972117Z"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/update-all-versions-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"UpdateVersions","description":"Updates all versions of a Google Cloud key.\n","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"body","in":"body","description":"Updates all versions of the given Google Cloud key","schema":{"type":"object","title":"Key on which to perform the given operation.","required":["key_id","operation"],"properties":{"key_id":{"type":"string","description":"ID of the Google Cloud key whose all versions are to be updated."},"operation":{"type":"string","description":"Operation to be performed on all versions of the Google Cloud key.","enum":["enable","disable","schedule_destroy","cancel_destroy"]}}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"c86d9b70-64f8-4d52-bc10-562e65440c0e","uri":"kylo:kylo:cckm:update_all_versions:c86d9b70-64f8-4d52-bc10-562e65440c0e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T09:12:00.567185929Z","updatedAt":"2021-07-09T09:12:00.566028969Z","overall_status":"in_progress","job_id":"c86d9b70-64f8-4d52-bc10-562e65440c0e","key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","version_count":2,"operation":"enable","abort":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/update-all-versions-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an update all versions job with the given id.","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"c86d9b70-64f8-4d52-bc10-562e65440c0e","uri":"kylo:kylo:cckm:update_all_versions:c86d9b70-64f8-4d52-bc10-562e65440c0e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T09:12:00.567186Z","updatedAt":"2021-07-09T09:12:04.760959Z","completed_at":"2021-07-09T09:12:04.760752Z","overall_status":"completed","detailed_status":{"completed":["1","1"],"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey":"Successfully updated all key versions state."},"job_id":"c86d9b70-64f8-4d52-bc10-562e65440c0e","key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","version_count":2,"operation":"enable","abort":false}}}}}},"/v1/cckm/google/keys/{id}/versions/{versionID}/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"post":{"summary":"Enable Key version","description":"Enable a particular version of a Google Cloud key. The state of a key version changes from DISABLED to ENABLED.","tags":["CCKM/Google Cloud Keys"],"responses":{"204":{"description":"OK","schema":{"type":"object"},"examples":{"id":"13638893-784f-484d-a050-53d25a9931d3","uri":"kylo:kylo:cckm:gcp-key-versions:13638893-784f-484d-a050-53d25a9931d3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.552654Z","updatedAt":"2021-07-09T09:12:59.366806008Z","synced_at":"2021-07-09T09:11:53.995906Z","parent_key_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","parent_key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","version":1,"is_primary":true,"key_material_origin":"native","deleted":false,"gone":false,"gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","gcp_key_version_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","state":"ENABLED","protectionLevel":"\u0001","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","createTime":"2021-07-09T07:45:16.366376Z","generateTime":"2021-07-09T07:45:16.366376Z"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/versions/{versionID}/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"post":{"summary":"Disable Key version","description":"Disable a particular version of a Google Cloud key. The state of a key version changes from ENABLED to DISABLED.","tags":["CCKM/Google Cloud Keys"],"responses":{"204":{"description":"OK","schema":{"type":"object"},"examples":{"id":"13638893-784f-484d-a050-53d25a9931d3","uri":"kylo:kylo:cckm:gcp-key-versions:13638893-784f-484d-a050-53d25a9931d3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.552654Z","updatedAt":"2021-07-09T09:12:56.258898716Z","synced_at":"2021-07-09T09:11:53.995906Z","parent_key_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","parent_key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","version":1,"is_primary":true,"key_material_origin":"native","deleted":false,"gone":false,"gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","gcp_key_version_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","state":"DISABLED","protectionLevel":"\u0001","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","createTime":"2021-07-09T07:45:16.366376Z","generateTime":"2021-07-09T07:45:16.366376Z"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/versions/{versionID}/schedule-destroy":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"post":{"summary":"Schedule destruction of a key version.","description":"Schedule the destruction of a particular version of a Google Cloud key.","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"13638893-784f-484d-a050-53d25a9931d3","uri":"kylo:kylo:cckm:gcp-key-versions:13638893-784f-484d-a050-53d25a9931d3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.552654Z","updatedAt":"2021-07-09T09:13:36.209222252Z","synced_at":"2021-07-09T09:11:53.995906Z","parent_key_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","parent_key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","version":1,"is_primary":true,"key_material_origin":"native","deleted":false,"gone":false,"gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","gcp_key_version_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","state":"DESTROY_SCHEDULED","protectionLevel":"\u0001","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","createTime":"2021-07-09T07:45:16.366376Z","generateTime":"2021-07-09T07:45:16.366376Z","destroyTime":"2021-07-10T09:15:18.274718Z"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/versions/{versionID}/cancel-schedule-destroy":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"post":{"summary":"Cancel scheduled destruction of a key version.","description":"Cancel the scheduled destruction of a particular version of a Google Cloud key.","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"13638893-784f-484d-a050-53d25a9931d3","uri":"kylo:kylo:cckm:gcp-key-versions:13638893-784f-484d-a050-53d25a9931d3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.552654Z","updatedAt":"2021-07-09T09:13:52.584902131Z","synced_at":"2021-07-09T09:11:53.995906Z","parent_key_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","parent_key_id":"82436f2b-9d09-48f5-aca5-49433cad79dc","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","version":1,"is_primary":true,"key_material_origin":"native","deleted":false,"gone":false,"gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/1","gcp_key_version_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","state":"DISABLED","protectionLevel":"\u0001","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","createTime":"2021-07-09T07:45:16.366376Z","generateTime":"2021-07-09T07:45:16.366376Z"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/enable-auto-rotation":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enables auto rotation","description":"Enable auto rotation for a Google Cloud key.","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"body","in":"body","description":"Enables auto rotation for a Google Cloud Key.","schema":{"type":"object","title":"Enables auto rotation for a Google Cloud key.","required":["job_config_id","auto_rotate_key_source","auto_rotate_algorithm"],"properties":{"job_config_id":{"type":"string","description":"Id of the scheduler job that will perform key rotation."},"auto_rotate_key_source":{"type":"string","description":"Source of the key material. Options are native, hsm-luna, dsm and ciphertrust."},"auto_rotate_algorithm":{"type":"string","description":"Algorithm of the key.","enum":["RSA_SIGN_PSS_2048_SHA256","RSA_SIGN_PSS_3072_SHA256","RSA_SIGN_PSS_4096_SHA256","RSA_SIGN_PSS_4096_SHA512","RSA_SIGN_PKCS1_2048_SHA256","RSA_SIGN_PKCS1_3072_SHA256","RSA_SIGN_PKCS1_4096_SHA256","RSA_SIGN_PKCS1_4096_SHA512","RSA_DECRYPT_OAEP_2048_SHA256","RSA_DECRYPT_OAEP_3072_SHA256","RSA_DECRYPT_OAEP_4096_SHA256","RSA_DECRYPT_OAEP_4096_SHA512","EC_SIGN_P256_SHA256","EC_SIGN_P384_SHA384","EC_SIGN_SECP256K1_SHA256 (Only for protection level = HSM)","GOOGLE_SYMMETRIC_ENCRYPTION","HMAC_SHA256"]},"auto_rotate_partition_id":{"type":"string","description":"Id of the partition in which hsm key will be created."},"auto_rotate_domain_id":{"type":"string","description":"Id of the domain in which dsm key will be created."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"82436f2b-9d09-48f5-aca5-49433cad79dc","uri":"kylo:kylo:cckm:gcp-keys:82436f2b-9d09-48f5-aca5-49433cad79dc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.555549Z","labels":{"auto_rotate_algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","auto_rotate_key_source":"ciphertrust","job_config_id":"1491da7c-ca51-4925-ab1b-779f83d0fd73"},"updatedAt":"2021-07-09T09:15:34.571392Z","cloud_name":"gcp","key_id":"TestKey","project_id":"cckm","location_id":"global","key_ring_id":"Cckm-test","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","gone":false,"auto_rotate":true,"status":"AVAILABLE","create_status":"AVAILABLE","gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","gcp_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","primary":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","createTime":"2021-07-09T07:45:16.366376Z","labels":{"isakey":"yes"},"purpose":"ENCRYPT_DECRYPT","next_rotation_time":null,"protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION"},"organization_name":"organizations/123456789012","organization_display_name":"123456789012"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/disable-auto-rotation":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable the auto-rotation for Google Cloud Key","description":"Disable auto rotation for a Google Cloud key.","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"82436f2b-9d09-48f5-aca5-49433cad79dc","uri":"kylo:kylo:cckm:gcp-keys:82436f2b-9d09-48f5-aca5-49433cad79dc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T07:43:34.555549Z","updatedAt":"2021-07-09T09:16:46.772591178Z","cloud_name":"gcp","key_id":"TestKey","project_id":"cckm","location_id":"global","key_ring_id":"Cckm-test","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","gone":false,"auto_rotate":false,"status":"AVAILABLE","create_status":"AVAILABLE","gcp_cloud_resource_name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","gcp_params":{"name":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey","primary":"projects/cckm/locations/global/keyRings/Cckm-test/cryptoKeys/TestKey/cryptoKeyVersions/2","createTime":"2021-07-09T07:45:16.366376Z","labels":{"isakey":"yes"},"purpose":"ENCRYPT_DECRYPT","next_rotation_time":null,"protectionLevel":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/keys/{id}/versions/{versionID}/download-public-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"post":{"summary":"Download a public key for an asymmetric key version.","description":"Download a public key for an asymmetric key version. The public key encoded in the PEM format is downloaded.","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"name":"projects/cckmqa-automation/locations/us-east1/keyRings/cckmautomation/cryptoKeys/testkey/cryptoKeyVersions/2","pem":"-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/fapXb3aFvU8DljEi0t EYsi34aEKPStH9G2GbG2/yirRpjkgET9LlggFxXqLsVtOMRYL68L5Lx5KH1GOXaI H4nuHuMsOeXL/pzjqw6DwLIFmPxO8WIOY7/zNJt5pIXRLtbI08+7dujQM/CP7s6b G6+CG6kUpYhroapqlSvwBalcVh7Ne574r38VCG0ISPdgkDzHX5gizRu0qQLWI6yw Yfon5CZE3k1lz9MvfLIujbcPTH8ss/05ujOCZl8rkt+dq6pH5QOufF9vDSAhQlbf qdkf3UQlFX34IgPCU12xo0lDYamofZLkcEL/0EWUfBVtlLfADT4h4iFJweppQe9y CQIDAQAB -----END PUBLIC KEY-----","algorithm":"RSA_SIGN_PSS_2048_SHA256"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/upload-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Uploads the key to the Google Cloud. Specify the following details.\n- Key Ring Resource URL where the Key needs to be created\n- Parameters for the Key such as algorithm, purpose, protection_level, key_name etc.\n- Source key tier.\n- Source Key Identifier of the key to be uploaded from a key source.\n","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"body","in":"body","description":"Create a new Google Cloud key by uploading a key from key provider.","schema":{"type":"object","title":"Create a new Google Cloud key.","required":["key_ring","gcp_key_params"],"properties":{"gcp_key_params":{"type":"object","description":"Google Cloud Key related parameters","required":["key_name","purpose","protection_level","algorithm"],"properties":{"key_name":{"type":"string","description":"Name of the Google Cloud key."},"next_rotation_time":{"type":"string","description":"Time when the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric keys only). The time must be in the RFC3339 format, for example, \"2022-07-31T17:18:37.085Z\"."},"rotation_period":{"type":"string","description":"Frequency at which the Google Cloud key will be automatically rotated by Google Cloud KMS (symmetric keys only). The frequency must be in the format \"s\", that is, duration in seconds terminated by s, for example, \"360000s\"."},"import_only":{"type":"boolean","description":"Whether you want to restrict key versions to import only."},"labels":{"type":"object","additionalProperties":{"type":"string"},"description":"Labels attached to the Google Cloud key in the form of string key,value json pair"},"purpose":{"type":"string","description":"Purpose of the Google Cloud key.","enum":["ENCRYPT_DECRYPT","ASYMMETRIC_SIGN","ASYMMETRIC_DECRYPT","MAC"]},"protection_level":{"type":"string","description":"Protection level of the Google Cloud key.","enum":["SOFTWARE","HSM"]},"algorithm":{"type":"string","description":"Algorithm of the Google Cloud key.","enum":["RSA_SIGN_PSS_2048_SHA256","RSA_SIGN_PSS_3072_SHA256","RSA_SIGN_PSS_4096_SHA256","RSA_SIGN_PSS_4096_SHA512","RSA_SIGN_PKCS1_2048_SHA256","RSA_SIGN_PKCS1_3072_SHA256","RSA_SIGN_PKCS1_4096_SHA256","RSA_SIGN_PKCS1_4096_SHA512","RSA_DECRYPT_OAEP_2048_SHA256","RSA_DECRYPT_OAEP_3072_SHA256","RSA_DECRYPT_OAEP_4096_SHA256","RSA_DECRYPT_OAEP_4096_SHA512","EC_SIGN_P256_SHA256","EC_SIGN_P384_SHA384","EC_SIGN_SECP256K1_SHA256 (Only for protection level = HSM)","GOOGLE_SYMMETRIC_ENCRYPTION","HMAC_SHA256 (Only for source_key_tier = local)"]}}},"key_ring":{"type":"string","description":"Resource URL of the Google Cloud Key Ring where key will be created."},"source_key_id":{"type":"string","description":"ID of the key that will be uploaded from a key source."},"source_key_tier":{"type":"string","description":"Key source from where the key will be uploaded. - local for CipherTrust Manager - dsm for Data Security Manager (DSM) - hsm-luna for Luna HSM"}},"example":{"key_ring":"projects/my-project/locations/us-east1/keyRings/my-keyring","source_key_id":"local_key_id","source_key_tier":"local","gcp_key_params":{"key_name":"KeyUpload","purpose":"ENCRYPT_DECRYPT","import_only":true,"protection_level":"SOFTWARE","algorithm":"GOOGLE_SYMMETRIC_ENCRYPTION","labels":{"isakey":"yesabel"}}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"a8be6de4-0b6c-4afd-a4c6-0670c13d6922","uri":"kylo:kylo:cckm:gcp-keys:a8be6de4-0b6c-4afd-a4c6-0670c13d6922","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-09T09:18:01.599921286Z","updatedAt":"2021-07-09T09:18:01.598191117Z","cloud_name":"","key_id":"","project_id":"cckm","location_id":"","key_ring_id":"","key_ring_name":"projects/cckm/locations/global/keyRings/Cckm-test","gone":false,"auto_rotate":false,"create_status":"IN_PROGRESS","gcp_cloud_resource_name":"","gcp_params":{"name":"","primary":"","createTime":null,"purpose":"","import_only":true,"next_rotation_time":null,"protectionLevel":"","algorithm":""}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronizes Google Cloud keys.\n","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"body","in":"body","description":"Synchronize Google Cloud keys of the given key rings.","schema":{"type":"object","title":"List of key ring names.","properties":{"key_rings":{"type":"array","items":{"type":"string"},"description":"Name or ID of key rings from which Google Cloud keys will be synchronized. synchronize_all and key_rings are mutually exclusive. Specify either the synchronize_all or key_rings."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all rings. synchronize_all and key_rings are mutually exclusive. Specify either the synchronize_all or key_rings."}}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"GoogleCloud","key_rings":["projects/cckm-project-1/locations/us-west1/keyrings/cckm-ring-1","projects/cckm-project-2/locations/global/keyrings/cckm-ring-2"],"abort":false}}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns a list of updated synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/Google Cloud Keys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by synchronization overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"key_rings","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results of synchronization by key rings."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:49:49.658814Z","overall_status":"in progress","detailed_status":{"projects/cckm-project-1/locations/us-west1/keyrings/cckm-ring-1":"in progress"},"cloud":"GoogleCloud","key_rings":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a synchronization process with the given id.","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:50:01.676264Z","overall_status":"in progress","detailed_status":{"projects/cckm-project-1/locations/us-west1/keyrings/cckm-ring-1":"in progress"},"cloud":"GoogleCloud","key_rings":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}}}}}},"/v1/cckm/google/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels the synchronization job\n","tags":["CCKM/Google Cloud Keys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:50:08.968859976Z","overall_status":"in progress","detailed_status":{"projects/cckm-project-1/locations/us-west1/keyrings/cckm-ring-1":"in progress"},"cloud":"GoogleCloud","key_rings":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/get-key-rings":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get Google Cloud KeyRings","description":"Returns the list of Key Rings.\n","tags":["CCKM/Google Cloud Key Rings"],"parameters":[{"name":"body","in":"body","description":"Get Key Rings.","schema":{"type":"object","title":"get Key Rings.","required":["project_id","location","connection"],"properties":{"project_id":{"type":"string","description":"Name of the project ID."},"location":{"type":"string","description":"Name of the location."},"connection":{"type":"string","description":"Name or ID of the Google Cloud connection."},"page_size":{"type":"integer","description":"Number of the KeyRings to view."},"page_token":{"type":"string","description":"page_token is used to get the remaining KeyRings left in the list. For eg. If there are 20 KeyRings and you set the page_size to 11 then to view the remaining 9 KeyRings you need to use page_token."}},"example":{"location":"global","project_id":"project-id","connection":"gcp-connection","page_size":10,"page_token":"eyJuZFUkVWTVJlV3LS0if"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"key_rings":[{"name":"projects/cckm/locations/global/keyRings/ring1","create_time":{"seconds":1613380512,"nanos":116038147}}],"next_page_token":"ALm5f_QBzCCwt-eadWxRf5ffhYY3pMnYpj9rcBQOjQpjXO9FWhTRQZUC7o-lKsfWuufYZu7O","total_size":2,"connection":"gcp-connection"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/add-key-rings":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add Google Cloud KeyRings","description":"Add the list of Key Rings so that it can be used by the CCKM..\n","tags":["CCKM/Google Cloud Key Rings"],"parameters":[{"name":"body","in":"body","description":"Add Key Rings.","schema":{"type":"object","title":"Add Key Rings.","required":["project_id","key_rings","connection"],"properties":{"project_id":{"type":"string","description":"The project id of the key ring."},"connection":{"type":"string","description":"Name or ID of the Google Cloud connection."},"key_rings":{"type":"array","description":"Key Ring parameters.","items":{"type":"object","title":"Key Ring Data.","required":["name"],"properties":{"name":{"type":"string","description":"Name of the key ring."}}}}},"example":{"project_id":"cckm","connection":"gcp-connection","key_rings":[{"name":"projects/cckm/locations/global/keyRings/ring1"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"5e112e62-7078-4312-a21e-f08d715a700e","uri":"kylo:kylo:cckm:gcp-ring:5e112e62-7078-4312-a21e-f08d715a700e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-04-20T13:41:30.855831151Z","updatedAt":"2021-04-20T13:41:30.855831308Z","key_rings_data":[{"name":"projects/cckm/locations/global/keyRings/Cckm-test","key_ring_id":"Cckm-test","location":"global","project_id":"cckm","project_name":"projects/cckm","connection":"gcp-connection","cloud_name":"gcp","organization_name":"organizations/123456789012","organization_display_name":"123456789012"}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/key-rings":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Key Rings","description":"Returns the list of Google Cloud Key Rings.\n","tags":["CCKM/Google Cloud Key Rings"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"name","in":"query","type":"string","description":"Filter the results by name."},{"name":"connection","in":"query","type":"string","description":"Filter the results by connection."},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud name."},{"name":"organization_name","in":"query","type":"string","description":"Filter the results by organization name.","collectionFormat":"multi"},{"name":"organization_display_name","in":"query","type":"string","description":"Filter the results by organization display name.","collectionFormat":"multi"},{"name":"location","in":"query","type":"string","description":"Filter the results by location of key ring.","collectionFormat":"multi"},{"name":"project_id","in":"query","type":"string","description":"Filter the results by project id."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"2d483a63-7f01-4805-88a7-44982512abc7","uri":"kylo:kylo:cckm:gcp-key-ring:2d483a63-7f01-4805-88a7-44982512abc7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-09T07:31:29.458054Z","updatedAt":"2021-07-09T07:31:29.456128Z","name":"projects/cckm/locations/global/keyRings/Cckm-test","key_ring_id":"Cckm-test","location":"global","project_id":"cckm","project_name":"cckm","connection":"gcp-connection","cloud_name":"gcp","organization_name":"organizations/123456789012","organization_display_name":"123456789012"}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/key-rings/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a Google Cloud key ring with the given `id`.","tags":["CCKM/Google Cloud Key Rings"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"2d483a63-7f01-4805-88a7-44982512abc7","uri":"kylo:kylo:cckm:gcp-key-ring:2d483a63-7f01-4805-88a7-44982512abc7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-09T07:31:29.458054Z","updatedAt":"2021-07-09T07:31:29.456128Z","name":"projects/cckm/locations/global/keyRings/Cckm-test","key_ring_id":"Cckm-test","location":"global","project_id":"cckm","project_name":"cckm","connection":"gcp-connection","cloud_name":"gcp","organization_name":"organizations/123456789012","organization_display_name":"123456789012"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the connection in Google Cloud Key Ring. This operation requires connection to have appropriate access permissions on the key ring.\n","tags":["CCKM/Google Cloud Key Rings"],"parameters":[{"name":"body","in":"body","description":"Updates a Key Ring.","schema":{"type":"object","title":"Updates a Key Ring.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the connection.."}}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"2d483a63-7f01-4805-88a7-44982512abc7","uri":"kylo:kylo:cckm:gcp-key-ring:2d483a63-7f01-4805-88a7-44982512abc7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-09T07:31:29.458054Z","updatedAt":"2021-07-09T07:31:29.456128Z","name":"projects/cckm/locations/global/keyRings/Cckm-test","key_ring_id":"Cckm-test","location":"global","project_id":"cckm","project_name":"cckm","connection":"gcp-connection","cloud_name":"gcp","organization_name":"organizations/123456789012","organization_display_name":"123456789012"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/key-rings/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Key Ring ACLS","description":"Grants permissions to users or group to perform specific actions on Google Cloud Key Ring. User ID and group are mutually exclusive – specify either of the two.\n\nFor the first time users or group, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.\n\nFor example, a user or group is permitted actions, keycreate, keyupdate, and keydestroy. Now, to permit one more action \"keydestroy\" to the user or group, set \"permit\":true and \"actions\": \"keydestroy\" and run the API. Similarly, now to deny permission to the action \"keycreate\", set \"permit\":false, \"actions\": \"keycreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n APIs | Actions Required | Description\n ----------------------------- | --------------------- | ---------------------------------------------------\n Create | keycreate | Permission to create a Google Cloud Key.\n Synchronize | keysynchronize | Permission to synchronize Google Cloud keys.\n Cancel | keysynchronize | Permission to cancel the synchronization job.\n Update | keyupdate | Permission to updates the key attributes, tags and key operations.\n Enable key | keyupdate | Permission to enable the Google Cloud key.\n Disable key | keyupdate | Permission to disable the Google Cloud key.\n Schedule Destroy | keydestroy | Permission to schedule destroy Google Cloud key.\n Cancel destroy | keycanceldestroy | Permission to cancel destroy Google Cloud key.\n Upload | keyupload | Permission to upload the key to the Google Cloud Key Ring.\n List | view | Permission to view Google Cloud key rings and its keys.\n Get (Google Cloud Keys) | view | Permission to get the details of a Google Cloud key with the given id.\n List Key Ring | view | Permission to view Google Cloud key rings and its keys.\n Get (Google Cloud Key Rings) | view | Permission to get the details of the Google Cloud Key Rings with the given id.\n Create Report | reportcreate | Permission to create report\n Delete Report | reportdelete | Permission to delete report\n Download Report | reportdownload | Permission to download report\n View Report | reportview | Permission to view report content\n","tags":["CCKM/Google Cloud Key Rings"],"parameters":[{"name":"body","in":"body","description":"Providing permission to Users.","schema":{"type":"object","title":"Adding a ACL.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit, false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keyupdate","keysynchronize","view","keydestroy","keycanceldestroy","keyupload","reportcreate","reportdelete","reportview","reportdownload"]}}}}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"2d483a63-7f01-4805-88a7-44982512abc7","uri":"kylo:kylo:cckm:gcp-key-ring:2d483a63-7f01-4805-88a7-44982512abc7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-09T07:31:29.458054Z","updatedAt":"2021-07-09T07:36:52.264002291Z","name":"projects/cckm/locations/global/keyRings/Cckm-test","key_ring_id":"Cckm-test","location":"global","project_id":"cckm","project_name":"cckm","connection":"gcp-connection","cloud_name":"gcp","acls":[{"group":"CCKM Users","actions":["view"]}],"organization_name":"organizations/123456789012","organization_display_name":"123456789012"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/key-rings/{id}/remove-key-ring":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Delete","description":"Deletes a Google Cloud key ring from the CCKM.","tags":["CCKM/Google Cloud Key Rings"],"responses":{"204":{"description":"No Content | Google Cloud key ring was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/get-locations":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get Google Cloud Locations","description":"Returns the list of Locations.\n","tags":["CCKM/Google Cloud Locations"],"parameters":[{"name":"body","in":"body","description":"get Locations.","schema":{"type":"object","title":"Get Locations.","required":["project_id"],"properties":{"project_id":{"type":"string","description":"Name of the project ID."},"connection":{"type":"string","description":"Name or ID of the Google Cloud connection."},"page_size":{"type":"integer","description":"Number of Locations to view."},"page_token":{"type":"string","description":"Token that you can use to get the list of remaining locations beyond the number set in page_size. For eg. If there are 20 Locations and you set the page_size to 11 then to view the remaining 9 Locations you need to use page_token."}},"example":{"project_id":"cckm","connection":"gcp-connection","page_size":1,"page_token":"eyJuZFUkVWTVJlV3LS0if"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"locations":[{"name":"projects/cckm/locations/asia","locationId":"asia","labels":{"cloud.googleapis.com/country":"SG","cloud.googleapis.com/location":"asia"},"metadata":{"@type":"type.googleapis.com/google.cloud.kms.v1.LocationMetadata","ekmAvailable":true,"hsmAvailable":true}},{"name":"projects/cckm/locations/asia-east1","locationId":"asia-east1","displayName":"Taiwan","labels":{"cloud.googleapis.com/country":"TW","cloud.googleapis.com/location":"asia-east1","cloud.googleapis.com/region":"asia-east1"},"metadata":{"@type":"type.googleapis.com/google.cloud.kms.v1.LocationMetadata","ekmAvailable":true,"hsmAvailable":true}}],"nextPageToken":"ALm5f_RCmnY9lYPVgBGAfAD9h7RWqvF21oYxxnSx5l0LeoKHFOr0jtM4XfuNAA","connection":"gcp-connection"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/projects":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Projects","description":"Returns the list of Google Cloud projects.\n","tags":["CCKM/Google Cloud Projects"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"name","in":"query","type":"string","description":"Filter the results by name."},{"name":"connection","in":"query","type":"string","description":"Filter the results by connection."},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"03b24ef3-0078-4dbb-9444-a4242f992d69","uri":"kylo:kylo:cckm:gcp-project:03b24ef3-0078-4dbb-9444-a4242f992d69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-25T07:54:14.945148Z","updatedAt":"2021-02-25T07:54:14.943021Z","create_time":"2018-03-19T17:42:03.596Z","lifecycle_state":"ACTIVE","name":"cckm","parent_id":"1234567891234","parent_type":"folder","project_id":"cckm-project","project_number":"12345678912","connection":"gcp-connection","cloud_name":"gcp","acls":[{"group":"CCKM Users","actions":["cryptospaceview","cryptospacecreate","cryptospaceekmenable","cryptospaceekmdisable"]}]}]}},"404":{"description":"Resource not found."}}},"post":{"summary":"Add","description":"Add a Google Cloud Project.","tags":["CCKM/Google Cloud Projects"],"parameters":[{"name":"body","in":"body","description":"Google Cloud project parameters.","schema":{"type":"object","description":"Add Google Cloud a project.","required":["project_id"],"properties":{"project_id":{"type":"string","title":"Google Cloud project ID.","description":"project_id of the Google Cloud Project to add."},"connection":{"type":"string","description":"Name of the connection associated with the project.\n(This field is applicable only if connection is used to add the project.)\n"}},"example":{"project_id":"a12ewd3423e32","connection":"gcp-connection"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"03b24ef3-0078-4dbb-9444-a4242f992d69","uri":"kylo:kylo:cckm:gcp-project:03b24ef3-0078-4dbb-9444-a4242f992d69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-25T07:54:14.945148Z","updatedAt":"2021-02-25T07:54:14.943021Z","name":"projects/a12ewd3423e32","project_id":"a12ewd3423e32","cloud_name":"gcp","organization_name":"","organization_display_name":""}}}}}},"/v1/cckm/google/projects/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a Google Cloud Project with the given id.","tags":["CCKM/Google Cloud Projects"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"03b24ef3-0078-4dbb-9444-a4242f992d69","uri":"kylo:kylo:cckm:gcp-project:03b24ef3-0078-4dbb-9444-a4242f992d69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-25T07:54:14.945148Z","updatedAt":"2021-02-25T07:54:14.943021Z","create_time":"2018-03-19T17:42:03.596Z","lifecycle_state":"ACTIVE","name":"cckm","parent_id":"1234567891234","parent_type":"folder","project_id":"cckm-project","project_number":"12345678912","connection":"gcp-connection","cloud_name":"gcp","acls":[{"group":"CCKM Users","actions":["cryptospaceview","cryptospacecreate","cryptospaceekmenable","cryptospaceekmdisable"]}]}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Delete a Google Cloud Project.","tags":["CCKM/Google Cloud Projects"],"responses":{"204":{"description":"No Content | Google Cloud project is removed successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/projects/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Project ACLS","description":"Grants permissions to users or group to perform specific actions on Google Cloud project. User ID and group are mutually exclusive – specify either of the two.\n\nFor the first time users or group, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.\n\nFor example, a user or group is permitted actions like cryptospacecreate, cryptospaceupdate, and cryptospacedelete. \nNow, to permit one more action \"cryptospaceblock\" to the user or group, set \"permit\":true and \"actions\": \"cryptospaceblock\" and run the API. \nSimilarly, now to deny permission to the action \"cryptospacecreate\", set \"permit\":false, \"actions\": \"cryptospacecreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n APIs | Actions Required | Description\n --------------------------------- | --------------------- | ---------------------------------------------------\n Create Cryptospace | cryptospacecreate | Permission to create a Google Cryptospace.\n Update Cryptospace | cryptospaceupdate | Permission to update the Google Cryptospace attributes.\n Block Cryptospace | cryptospaceblock | Permission to block operations on EKM endpoints in a Google Cryptospace.\n Unblock Cryptospace | cryptospaceunblock | Permission to unblock operations on EKM endpoints in a Google Cryptospace.\n Delete Cryptospace | cryptospacedelete | Permission to delete a Google Cryptospace.\n List Cryptospaces | cryptospaceview | Permission to view Google Cryptospaces.\n Get Cryptospace | cryptospaceview | Permission to get the details of a Google Cryptospace with the given id.\n Enable Cryptospace EKM endpoints | cryptospaceekmenable | Permission to enable operations on EKM endpoints in a Google Cryptospace.\n Disable Cryptospace EKM endpoints | cryptospaceekmdisable | Permission to disable operations on EKM endpoints in a Google Cryptospace.\n","tags":["CCKM/Google Cloud Projects"],"parameters":[{"name":"body","in":"body","description":"Providing permission to Users.","schema":{"type":"object","title":"Adding a ACL.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit, false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["cryptospacecreate","cryptospaceupdate","cryptospaceblock","cryptospaceunblock","cryptospacedelete","cryptospaceview","cryptospaceekmenable","cryptospaceekmdisable"]}}}}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"03b24ef3-0078-4dbb-9444-a4242f992d69","uri":"kylo:kylo:cckm:gcp-project:03b24ef3-0078-4dbb-9444-a4242f992d69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-25T07:54:14.945148Z","updatedAt":"2021-02-25T07:54:14.943021Z","create_time":"2018-03-19T17:42:03.596Z","lifecycle_state":"ACTIVE","name":"cckm","parent_id":"1234567891234","parent_type":"folder","project_id":"cckm-project","project_number":"12345678912","connection":"gcp-connection","cloud_name":"gcp","acls":[{"group":"CCKM Users","actions":["cryptospaceview","cryptospacecreate","cryptospaceekmenable","cryptospaceekmdisable"]}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/google/get-projects":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get projects from Google Cloud","description":"Fetches Google Cloud projects based on the connection.\n","tags":["CCKM/Google Cloud Projects"],"parameters":[{"name":"body","in":"body","description":"Fetches Google Cloud projects based on the connection","schema":{"type":"object","title":"get projects.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name of the connection based on which projects are to be fetched."}},"example":{"connection":"gcp-connection"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"projects":[{"createTime":"2018-03-19T17:42:03.596Z","lifecycleState":"ACTIVE","name":"cckm","parent":{"id":"1234567891234","type":"folder"},"projectId":"cckm-project","projectNumber":"12345678912"}],"connection":"gcp-connection"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/templates":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an AWS key policy.\n- Policy is mutually exclusive to all other policy parameters.\n- If no policy parameters are specified the default policy is created.\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Creates an AWS policy template.","schema":{"type":"object","title":"Creates an AWS policy template.","required":["name","kms"],"properties":{"name":{"type":"string","description":"Unique name of the policy template."},"kms":{"type":"string","description":"Name or ID of the KMS to be used to create the key policy."},"external_accounts":{"type":"array","description":"AWS accounts that can use this key. External accounts are mutually exclusive to policy. If no policy parameters are specified the default policy is created.","items":{"type":"string"}},"key_admins":{"type":"array","description":"IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy. If no policy parameters are specified the default policy is created.","items":{"type":"string"}},"key_admins_roles":{"type":"array","description":"IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy. If no policy parameters are specified the default policy is created.","items":{"type":"string"}},"key_users":{"type":"array","description":"IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy. If no policy parameters are specified the default policy is created.","items":{"type":"string"}},"key_users_roles":{"type":"array","description":"IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy. If no policy parameters are specified the default policy is created.","items":{"type":"string"}},"policy":{"type":"object","description":"Key policy to attach to the KMS key. Policy is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is created."}},"example":{"name":"","kms":"","key_users":[],"key_admins":[],"external_accounts":[],"policy":{}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"6b9f2043-0a99-4041-a62d-4f6eaa408fb5","name":"demo-policy-template","uri":"kylo:kylo:cckm:aws-template:642aafda","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-05-17T11:01:08.226051365Z","updatedAt":"2021-05-17T11:01:08.218122217Z","key_users":["aws-user"],"key_users_roles":["iam-role"],"key_admins":["aws-user"],"key_admins_roles":["iam-role"],"external_accounts":null,"policy":{"Id":"key-consolepolicy-3","Version":"2012-10-17","Statement":[{"Sid":"Enable IAM UserName Permissions","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::123456789012:root"]},"Action":["kms:*"],"Resource":"*"},{"Sid":"Allow access for Key Administrators","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user","arn:aws:iam::123456789012:role/iam-role"]},"Action":["kms:Create*","kms:Describe*","kms:Enable*","kms:List*","kms:Put*","kms:Update*","kms:Revoke*","kms:Disable*","kms:Get*","kms:Delete*","kms:TagResource","kms:UntagResource","kms:ScheduleKeyDeletion","kms:CancelKeyDeletion"],"Resource":"*"},{"Sid":"Allow use of the key","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user","arn:aws:iam::123456789012:role/iam-role"]},"Action":["kms:Encrypt","kms:Decrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:DescribeKey"],"Resource":"*"},{"Sid":"Allow attachment of persistent resources","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user","arn:aws:iam::123456789012:role/iam-role"]},"Action":["kms:CreateGrant","kms:ListGrants","kms:RevokeGrant"],"Resource":"*","Condition":{"Bool":{"kms:GrantIsForAWSResource":"true"}}}]},"kms_name":"aws-kms","kms":"3ed28894-b9f8-4c5e-bc26-daed0c3bda26","account_id":123456789012,"cloud":"aws","is_verified":false}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List","description":"Returns the list of AWS key policy templates. The results can be filtered using the query parameters.\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of the AWS key policy template."},{"name":"name","in":"query","type":"string","description":"Filter the results by policy template name."},{"name":"kms_name","in":"query","type":"string","description":"Filter the results by Kms name.","collectionFormat":"multi"},{"name":"account_id","in":"query","type":"string","description":"Filter the results by account IDs."},{"name":"cloud","in":"query","type":"string","description":"Filter the results by cloud name.","collectionFormat":"multi"},{"name":"is_verified","in":"query","type":"string","description":"Filter the results by whether policy is verified or not."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"6b9f2043-0a99-4041-a62d-4f6eaa408fb5","name":"demo-policy-template-1","uri":"kylo:kylo:cckm:aws-template:8e104422","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-05-20T03:22:06.715624Z","updatedAt":"2021-05-20T03:22:06.714583Z","key_users":["aws-user"],"key-admins":["aws-user"],"policy":{"Id":"key-consolepolicy-3","Version":"2012-10-17","Statement":[{"Sid":"Enable IAM UserName Permissions","Action":["kms:*"],"Effect":"Allow","Resource":"*","Principal":{"AWS":["arn:aws:iam::123456789012:root"]}},{"Sid":"Allow access for Key Administrators","Action":["kms:Create*","kms:Describe*","kms:Enable*","kms:List*","kms:Put*","kms:Update*","kms:Revoke*","kms:Disable*","kms:Get*","kms:Delete*","kms:TagResource","kms:UntagResource","kms:ScheduleKeyDeletion","kms:CancelKeyDeletion"],"Effect":"Allow","Resource":"*","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user"]}},{"Sid":"Allow use of the key","Action":["kms:Encrypt","kms:Decrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:DescribeKey"],"Effect":"Allow","Resource":"*","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user"]}},{"Sid":"Allow attachment of persistent resources","Action":["kms:CreateGrant","kms:ListGrants","kms:RevokeGrant"],"Effect":"Allow","Resource":"*","Condition":{"Bool":{"kms:GrantIsForAWSResource":"true"}},"Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user"]}}]},"kms_name":"aws-kms","kms":"3ed28894-b9f8-4c5e-bc26-daed0c3bda26","account_id":123456789012,"cloud":"aws","is_verified":false},{"id":"6b9f2043-0a99-4041-a62d-4f6eaa408fb6","name":"demo-policy-template-2","uri":"kylo:kylo:cckm:aws-template:e53f41eb","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-05-20T03:19:15.369859Z","updatedAt":"2021-05-20T03:19:15.364818Z","key_admins":["aws-user"],"key_admins_roles":["iam-role"],"key_users":["aws-user"],"key_users_roles":["iam-role"],"policy":{"Id":"key-consolepolicy-3","Version":"2012-10-17","Statement":[{"Sid":"Enable IAM UserName Permissions","Action":["kms:*"],"Effect":"Allow","Resource":"*","Principal":{"AWS":["arn:aws:iam::123456789012:root"]}},{"Sid":"Allow access for Key Administrators","Action":["kms:Create*","kms:Describe*","kms:Enable*","kms:List*","kms:Put*","kms:Update*","kms:Revoke*","kms:Disable*","kms:Get*","kms:Delete*","kms:TagResource","kms:UntagResource","kms:ScheduleKeyDeletion","kms:CancelKeyDeletion"],"Effect":"Allow","Resource":"*","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user","arn:aws:iam::123456789012:role/iam-role"]}},{"Sid":"Allow use of the key","Action":["kms:Encrypt","kms:Decrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:DescribeKey"],"Effect":"Allow","Resource":"*","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user","arn:aws:iam::123456789012:role/iam-role"]}},{"Sid":"Allow attachment of persistent resources","Action":["kms:CreateGrant","kms:ListGrants","kms:RevokeGrant"],"Effect":"Allow","Resource":"*","Condition":{"Bool":{"kms:GrantIsForAWSResource":"true"}},"Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user","arn:aws:iam::123456789012:role/iam-role"]}}]},"kms_name":"aws-kms","kms":"3ed28894-b9f8-4c5e-bc26-daed0c3bda26","account_id":123456789012,"cloud":"aws","is_verified":false}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/templates/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an AWS key policy template with the given `id`.","tags":["CCKM/AWSKeys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"6b9f2043-0a99-4041-a62d-4f6eaa408fb5","name":"demo-policy-template","uri":"kylo:kylo:cckm:aws-template:642aafda","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-05-17T11:01:08.226051365Z","updatedAt":"2021-05-17T11:01:08.218122217Z","key_users":["aws-user"],"key-admins":["aws-user"],"external_accounts":null,"policy":{"Id":"key-consolepolicy-3","Version":"2012-10-17","Statement":[{"Sid":"Enable IAM UserName Permissions","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::123456789012:root"]},"Action":["kms:*"],"Resource":"*"},{"Sid":"Allow use of the key","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user","arn:aws:iam::123456789012:role/iam-role"]},"Action":["kms:Encrypt","kms:Decrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:DescribeKey"],"Resource":"*"},{"Sid":"Allow attachment of persistent resources","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user","arn:aws:iam::123456789012:role/iam-role"]},"Action":["kms:CreateGrant","kms:ListGrants","kms:RevokeGrant"],"Resource":"*","Condition":{"Bool":{"kms:GrantIsForAWSResource":"true"}}}],"kms_name":"aws-kms","kms":"3ed28894-b9f8-4c5e-bc26-daed0c3bda26","account_id":123456789012,"cloud":"aws","is_verified":false}}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes an AWS key policy template from the CCKM.","tags":["CCKM/AWSKeys"],"responses":{"204":{"description":"No Content | AWS key policy template was deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates an existing AWS key policy template.\n- Policy is mutually exclusive to all other policy parameters.\n- If no policy parameters are specified the default policy is created.\n- An unverified template remains unverified after update.\n- A verified but not-in-use template turns unverified after update.\n- Changes to a verified & in-use template mandatorily pushes the template changes to all associated keys & template remains verified - provided, the changes are valid.\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Updates an existing AWS policy template.","schema":{"type":"object","title":"Updates an existing AWS policy template.","properties":{"external_accounts":{"type":"array","description":"AWS accounts that can use this key. External accounts are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins":{"type":"array","description":"IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins_roles":{"type":"array","description":"IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_users":{"type":"array","description":"IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_users_roles":{"type":"array","description":"IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"policy":{"type":"object","description":"Key policy to attach to the KMS key. Policy is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"auto_push":{"type":"boolean","description":"Pushes the verified policy template to all the associated keys. Mandatorily required to update a 'verified' policy-template."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":[{"id":"6b9f2043-0a99-4041-a62d-4f6eaa408fb5","name":"demo-policy-template","uri":"kylo:kylo:cckm:aws-template:8e104422","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-05-20T03:22:06.715624Z","updatedAt":"2021-05-20T03:22:06.714583Z","key_users":["aws-user"],"key-admins":["aws-user"],"policy":{"Id":"key-consolepolicy-3","Version":"2012-10-17","Statement":[{"Sid":"Enable IAM UserName Permissions","Action":["kms:*"],"Effect":"Allow","Resource":"*","Principal":{"AWS":["arn:aws:iam::123456789012:root"]}},{"Sid":"Allow access for Key Administrators","Action":["kms:Create*","kms:Describe*","kms:Enable*","kms:List*","kms:Put*","kms:Update*","kms:Revoke*","kms:Disable*","kms:Get*","kms:Delete*","kms:TagResource","kms:UntagResource","kms:ScheduleKeyDeletion","kms:CancelKeyDeletion"],"Effect":"Allow","Resource":"*","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user"]}},{"Sid":"Allow use of the key","Action":["kms:Encrypt","kms:Decrypt","kms:ReEncrypt*","kms:GenerateDataKey*","kms:DescribeKey"],"Effect":"Allow","Resource":"*","Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user"]}},{"Sid":"Allow attachment of persistent resources","Action":["kms:CreateGrant","kms:ListGrants","kms:RevokeGrant"],"Effect":"Allow","Resource":"*","Condition":{"Bool":{"kms:GrantIsForAWSResource":"true"}},"Principal":{"AWS":["arn:aws:iam::123456789012:user/aws-user"]}}]},"kms_name":"aws-kms","kms":"3ed28894-b9f8-4c5e-bc26-daed0c3bda26","account_id":123456789012,"cloud":"aws","is_verified":true,"job_id":"8e2c8400-be19-4da7-80b9-9beb51e03650\"","job_status":"in_progress"}]}},"400":{"description":"Bad HTTP request."},"404":{"description":"Resource not found."},"405":{"description":"Verified policy templates can't be modified."}}}},"/v1/cckm/aws/keys/{id}/replicate-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Replicate multi region primary key","description":"Creates a replica of an AWS multi region primary key. Specify the following details.\n- Region where the KMS key needs to be created\n- Parameters for the KMS key such as Alias, etc.\n- IAM users and roles that can use the KMS key in cryptographic operations.\n- IAM users and roles that can administer this key using the KMS API.\n- AWS accounts that can use this key.\n- Name or ID of the Key Management Service (KMS)\n","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Replicate an AWS key.","schema":{"type":"object","title":"Replicate an AWS key.","required":["replica_region"],"properties":{"replica_region":{"type":"string","description":"Name of the available regions."},"policytemplate":{"type":"string","description":"ID of the policy template to apply. Policy template is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"key_users":{"type":"array","description":"IAM users who can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_users_roles":{"type":"array","description":"IAM roles that can use the KMS key in cryptographic operations. Key users are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins":{"type":"array","description":"IAM users who can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"key_admins_roles":{"type":"array","description":"IAM roles that can administer this key using the KMS API. Key admins are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"external_accounts":{"type":"array","description":"AWS accounts that can use this key. External accounts are mutually exclusive to policy and policy template. If no policy parameters are specified the default policy is used.","items":{"type":"string"}},"aws_param":{"type":"object","description":"AWS key parameters.","properties":{"Description":{"type":"string","description":"Description of the key."},"Alias":{"type":"string","description":"Alias for the KMS key."},"Tags":{"type":"array","items":{"type":"object","title":"Tags","properties":{"TagKey":{"description":"key for the tag.","type":"string"},"TagValue":{"description":"value corresponding to key of the tag.","type":"string"}}}},"Origin":{"type":"string","description":"Source of the KMS key's key material. The origin cannot be changed after the KMS key is created.","enum":["AWS_KMS","EXTERNAL"]},"Policy":{"type":"object","description":"Key policy to attach to the KMS key. Policy is mutually exclusive to all other policy parameters. If no policy parameters are specified the default policy is used."},"BypassPolicyLockoutSafetyCheck":{"type":"boolean","description":"Whether to bypass the key policy lockout safety check."}}}},"example":{"replica_region":"","aws_param":{"Tags":[{"TagKey":"key","TagValue":"value"}]}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"56533d4f-3694-4f0e-b568-568e0ac0dcd7","uri":"kylo:kylo:cckm:aws-key:56533d4f-3694-4f0e-b568-568e0ac0dcd7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-27T11:51:09.331331Z","updatedAt":"2021-07-27T11:52:21.242898Z","kms_id":"d14b78e4-2030-4916-9c1c-5584e0893103","kms":"MyTestKms","synced_at":"2021-07-27T11:51:09.304605Z","rotation_status":"","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"us-east-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:us-east-1:123456789012:key/mrk-2a145e2b67944be5bd6c3303cac74529","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"mrk-2a145e2b67944be5bd6c3303cac74529","KeyManager":"CUSTOMER","KeyState":"Updating","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2021-07-27T11:51:07.493Z","Policy":{"Id":"key-default-1","Version":"2012-10-17","Statement":[{"Sid":"Enable IAM User Permissions","Action":"kms:*","Effect":"Allow","Resource":"*","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}]},"Alias":["alias/MRKey6"],"KeyRotationEnabled":false,"MultiRegion":true,"MultiRegionConfiguration":{"PrimaryKey":{"Arn":"arn:aws:kms:us-east-1:123456789012:key/mrk-2a145e2b67944be5bd6c3303cac74529","Region":"us-east-1"},"ReplicaKeys":[{"Arn":"arn:aws:kms:us-east-2:123456789012:key/mrk-2a145e2b67944be5bd6c3303cac74529","Region":"us-east-2"}],"MultiRegionKeyType":"PRIMARY"}}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/aws/keys/{id}/update-primary-region":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Changes the primary key of a multi-region key.","description":"This operation changes the replica key in the specified region to a primary key and changes the former primary key to a replica key","tags":["CCKM/AWSKeys"],"parameters":[{"name":"body","in":"body","description":"Changes the primary key of a multi-region key.","schema":{"type":"object","title":"Changes the primary key of a multi-region key.","required":["PrimaryRegion"],"properties":{"PrimaryRegion":{"type":"string","description":"The AWS Region of the new primary key.Enter the region ID, such as us-east-1 ap-southeast-2. There must be an existing replica key in this region."}},"example":{"PrimaryRegion":"us-east-1"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"56533d4f-3694-4f0e-b568-568e0ac0dcd7","uri":"kylo:kylo:cckm:aws-key:56533d4f-3694-4f0e-b568-568e0ac0dcd7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-07-27T11:51:09.331331Z","updatedAt":"2021-07-27T11:52:21.242898Z","kms_id":"d14b78e4-2030-4916-9c1c-5584e0893103","kms":"MyTestKms","synced_at":"2021-07-27T11:51:09.304605Z","rotation_status":"","cloud_name":"aws","key_type":"symmetric","basic_view_enabled":false,"region":"us-east-1","gone":false,"key_material_origin":"native","aws_param":{"AWSAccountId":"123456789012","Arn":"arn:aws:kms:us-east-1:123456789012:key/mrk-2a145e2b67944be5bd6c3303cac74529","CustomerMasterKeySpec":"SYMMETRIC_DEFAULT","Enabled":true,"EncryptionAlgorithms":["SYMMETRIC_DEFAULT"],"KeyID":"mrk-2a145e2b67944be5bd6c3303cac74529","KeyManager":"CUSTOMER","KeyState":"Updating","KeyUsage":"ENCRYPT_DECRYPT","Origin":"AWS_KMS","CreationDate":"2021-07-27T11:51:07.493Z","Policy":{"Id":"key-default-1","Version":"2012-10-17","Statement":[{"Sid":"Enable IAM User Permissions","Action":"kms:*","Effect":"Allow","Resource":"*","Principal":{"AWS":"arn:aws:iam::123456789012:root"}}]},"Alias":["alias/MRKey6"],"KeyRotationEnabled":false,"MultiRegion":true,"MultiRegionConfiguration":{"PrimaryKey":{"Arn":"arn:aws:kms:us-east-1:123456789012:key/mrk-2a145e2b67944be5bd6c3303cac74529","Region":"us-east-1"},"ReplicaKeys":[{"Arn":"arn:aws:kms:us-east-2:123456789012:key/mrk-2a145e2b67944be5bd6c3303cac74529","Region":"us-east-2"},{"Arn":"arn:aws:kms:us-west-1:123456789012:key/mrk-2a145e2b67944be5bd6c3303cac74529","Region":"us-west-1"}],"MultiRegionKeyType":"PRIMARY"}}}}}}}},"/v1/cckm/azure/certificates":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an Azure certificate. Specify the following details:\n- Name for the certificate.\n- Name or ID of the key vault where the certificate will be created.\n","tags":["CCKM/AzureCertificates"],"parameters":[{"name":"body","in":"body","description":"Creates an Azure certificate.","schema":{"type":"object","title":"Creates an Azure certificate.","required":["cert_name","key_vault","azure_param"],"properties":{"cert_name":{"type":"string","description":"Name for the certificate on Azure. Certificate names can only contain alphanumeric characters and hyphens (`-`)."},"key_vault":{"type":"string","description":"ID or name of the Azure vault where the certificate will be created."},"azure_param":{"type":"object","description":"Azure certificate parameters.","required":["policy"],"properties":{"policy":{"type":"object","required":["issuer","key_props","x509_props"],"properties":{"attributes":{"type":"object","description":"Attributes for the certificate like `exp`, `enabled`, and `nbf` (optional).","enum":["nbf - Activation date for the certificate in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","exp - Expiration date for the certificate in Unix Epoch time format. For example, the corresponding epoch time for September 9, 2022, 5:52:20 AM is 1662702740.","enabled - Whether certificate is enabled or disabled (true/false)."]},"issuer":{"type":"object","description":"Parameters for the issuer of the X509 component of a certificate.","required":["name"],"properties":{"name":{"type":"string","description":"Name for the referenced issuer object or reserved names. Set to Self for a self-signed certificate."},"cty":{"type":"string","description":"Type of the certificate supported by the provider. For example, OV-SSL or EV-SSL. Not valid for self-signed certificates.."},"cert_transparency":{"type":"boolean","description":"Whether the certificates generated under this policy should be published to certificate transparency logs. Not valid for self-signed certificates."}}},"key_props":{"type":"object","description":"Properties of the key backing a certificate.","required":["kty"],"properties":{"kty":{"type":"string","description":"The type of key to create.","enum":["EC- \"Soft\" Elliptic Curve key.","EC-HSM- \"Hard\" Elliptic Curve key (only for premium key vaults).","RSA- \"Soft\" RSA key.","RSA-HSM- \"Hard\" RSA key (only for premium key vaults)."]},"crv":{"type":"string","description":"Elliptical curve name for the key.","enum":["P-256","P-384","P-521","SECP256K1"]},"exportable":{"type":"boolean","description":"Whether the private key can be exported. Not valid for RSA-HSM and EC-HSM keys."},"key_size":{"type":"integer","description":"Size for the RSA and RSA-HSM keys.","enum":[2048,3072,4096]},"reuse_key":{"type":"boolean","description":"Whether the same key pair will be used on certificate renewal."}}},"lifetime_actions":{"type":"array","description":"The action to perform on the certificate. Specify action_type, which can be AutoRenew or EmailContacts.","items":{"type":"object","properties":{"trigger":{"type":"object","description":"The condition that will execute the action.","properties":{"lifetime_percentage":{"type":"integer","description":"Percentage of lifetime at which to trigger. Value should be between 1 and 99. lifetime_percentage and days_before_expiry are mutually exclusive. Select either lifetime_percentage or days_before_expiry."},"days_before_expiry":{"type":"integer","description":"Days before expiry to attempt renewal. Value should be between 1 and validity_in_months multiplied by 27. If validity_in_months is 36, then value should be between 1 and 972 (36 * 27). lifetime_percentage and days_before_expiry are mutually exclusive. Select either lifetime_percentage or days_before_expiry."}}},"action":{"type":"object","properties":{"action_type":{"type":"string","description":"The action that will be executed.","enum":["AutoRenew","EmailContacts"]}}}}}},"secret_props":{"type":"object","properties":{"contentType":{"type":"string","description":"Content type of the secret backing the certificate.","enum":["application/x-pkcs12","application/x-pem-file"]}}},"x509_props":{"type":"object","description":"Properties of the X509 component of a certificate.","required":["subject"],"properties":{"subject":{"type":"string","description":"The subject name. Should be a valid X509 distinguished name."},"ekus":{"type":"array","items":{"type":"string"},"description":"Enhanced key usage. For example, \"1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2\""},"key_usage":{"type":"array","items":{"type":"string"},"description":"Allowed key usages.","enum":["CRLSign","DataEncipherment","DecipherOnly","DigitalSignature","EncipherOnly","KeyAgreement","KeyCertSign","KeyEncipherment","NonRepudiation"]},"sans":{"type":"object","description":"Subject alternative names (SANs). Specify dns_names, emails, and User Principal Names (upns).","properties":{"dns_names":{"type":"array","description":"Domain names.","items":{"type":"string"}},"emails":{"type":"array","description":"Email addresses.","items":{"type":"string"}},"upns":{"type":"array","description":"User principal names.","items":{"type":"string"}}}},"validity_months":{"type":"integer","description":"Duration (in months) for which the certificate is valid."}}}}},"tags":{"type":"object","description":"Application specific metadata in the form of key-value pair."}}}},"example":{"cert_name":"","key_vault":"","azure_param":{"policy":{"attributes":{"nbf":1662702740,"exp":1662702740,"enabled":true},"issuer":{"name":"Self","cert_transparency":false},"key_props":{"exportable":true,"key_size":2048,"kty":"RSA","reuse_key":false},"lifetime_actions":[{"action":{"action_type":"AutoRenew"},"trigger":{"days_before_expiry":80}}],"secret_props":{"contentType":"application/x-pkcs12"},"x509_props":{"ekus":["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"],"key_usage":["digitalSignature","keyEncipherment"],"subject":"C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co","sans":{"dns_names":["hr.contoso.com","m.contoso.com"],"emails":["hello@contoso.com"]},"validity_months":12}},"tags":{"tagkey1":"tagval1","tagkey2":"tagval2"}}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:cckm:azure-cert:democert1-3604b51e-17d7-4d85-abc5-a414114955f1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T03:44:51.478526847Z","updatedAt":"2022-06-27T03:44:51.476574077Z","synced_at":"2022-06-27T03:42:48Z","cloud_name":"AzureCloud","key_vault":"cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","key_vault_id":"ae2eabc8-21fc-4369-a576-4b081455830e","region":"northcentralus","tenant":"1bb66909-82a2-4aec-b262-20eecd392da7","azure_created_at":"2022-06-27T03:42:48Z","azure_expire_at":"2023-06-27T03:42:48Z","azure_updated_at":"2022-06-27T03:42:48Z","backup":"eb50c192fa3d4a83923b142b6e0d82ae16732484282b49ce9eb6184d954172a5","backup_at":"2022-06-27T03:44:51.473237131Z","cert_name":"democert1","cert_soft_deleted_in_azure":false,"deleted":false,"gone":false,"cert_material_origin":"native","cert_source":"native","soft_delete_enabled":true,"status":"AVAILABLE","version":"3352be3f37f040c3bbb0661e158689e0","azure_param":{"cert":"MIIEHTCCAwWgAwIBAgIQQsRGzx1lQPeUYA2+GG+DIzANBgkqhkiG9w0BAQsFADBsMRcwFQYDVQQDEw53d3cuY29udG9zby5jbzETMBEGA1UECxMKQ29udG9zbyBIUjEQMA4GA1UEChMHQ29udG9zbzEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIyMDYyNzAzMzI0OFoXDTIzMDYyNzAzNDI0OFowbDEXMBUGA1UEAxMOd3d3LmNvbnRvc28uY28xEzARBgNVBAsTCkNvbnRvc28gSFIxEDAOBgNVBAoTB0NvbnRvc28xEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNVBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJhLHVgNZezLFbFjvG5VEzS7m2OHsSg4UOZC6+Ln25cmkjz4DEKnA4XVajVyV2c9WfO6bOeIooeW/0sRHzxf8j7bf1af35ipFFcbYZYq503asaZkSfJljliYF+LHn1pRGh10xMxPEZaU2G8/XUojZj7bBP6zbdNYF6CcixgAHdRttzRKlGTrksh50tsU1IEdWx9Jg/xMdgu6KyOJZxAsBX/bHpT399WCeRzKL5XrFBEzSacxyKn/TmWUf5q4BAqUCZJtiehE65FMObudXMDhHLwymaoCqGDyxbIoPAGLxNPd5A7lay4CVuGgfS59FoxkFF5GHabYeQaI2FfgM/hKdECAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoERaGVsbG9AY29udG9zby5jb22CDmhyLmNvbnRvc28uY29tgg1tLmNvbnRvc28uY29tMB8GA1UdIwQYMBaAFC4GkrokJCu6L7pZlzNuX1bSwVHgMB0GA1UdDgQWBBQuBpK6JCQrui+6WZczbl9W0sFR4DANBgkqhkiG9w0BAQsFAAOCAQEAYs4qfIQpLCehdBwbQlnJYsLIGIwyCp6lKSqriERKMr+sxDzrtwZgwcQ3nDZnmn+THDpLkXXEFlIgx6ngMYqsPnPWc7Ih/waQq8oYPv16cReRYK7wLMXDz8AVGZKqSHi4OQkNpQ74LzXAZzw8oKCewqHaBDf6QqlHgXuNo/pZzn4817HfYzNVkd53TjgaRpzwPn8V4J+W19WUcUahDbNOARIJ4PaIh/VLjbGwCu21GNUH36HoReBge39PYvX2iPcPHlaAXIwPuj117qaw4nEDdc2Ehirbw8SQXhkqPrYT2WPVIWr1ttvcaRXUgKP7hhzFH56uQ33RE2Fiw6FrNE/fEw==","cid":"https://cckm-vault.vault.azure.net/certificates/democert1/3352be3f37f040c3bbb0661e158689e0","kid":"https://cckm-vault.vault.azure.net/keys/democert1/3352be3f37f040c3bbb0661e158689e0","sid":"https://cckm-vault.vault.azure.net/secrets/democert1/3352be3f37f040c3bbb0661e158689e0","x5t":"Dc-6OSTyl04QChX6FDW8sCPukH0","lifetime_actions":[{"trigger":{"days_before_expiry":80},"action":{"action_type":"AutoRenew"}}],"exportable":true,"key_size":2048,"kty":"RSA","content_type":"application/x-pkcs12","ekus":["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"],"key_usage":["digitalSignature","keyEncipherment"],"sans":{"emails":["hello@contoso.com"],"dns_names":["hr.contoso.com","m.contoso.com"]},"subject":"C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co","validity_months":12,"issuer_name":"Self","attributes":{"created":1656301368,"enabled":true,"exp":1687837368,"nbf":1656300768,"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","updated":1656301368},"tags":{"tagkey1":"tagval1","tagkey2":"tagval2"}}}},"400":{"description":"BadRequest"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"404":{"description":"Resource not found."},"405":{"description":"MethodNotAllowed"},"408":{"description":"Operation timed out."},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}},"get":{"summary":"List","description":"Returns a list of Azure certificates. The results can be filtered using the query parameters.\n","tags":["CCKM/AzureCertificates"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal ID of Azure certificate."},{"name":"key_vault","in":"query","type":"string","description":"Filter the results by key vault name.","collectionFormat":"multi"},{"name":"key_vault_id","in":"query","type":"string","description":"Filter the results by vault ID.","collectionFormat":"multi"},{"name":"cert_name","in":"query","type":"string","collectionFormat":"multi","description":"Filter the results by Azure certificate name."},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud name.","collectionFormat":"multi"},{"name":"region","in":"query","type":"string","description":"Filter the results by region.","collectionFormat":"multi"},{"name":"crv","in":"query","type":"string","description":"Filter the results by EC curve.","collectionFormat":"multi"},{"name":"status","in":"query","type":"string","description":"Filter the results by status.","collectionFormat":"multi"},{"name":"backup","in":"query","type":"string","description":"Filter the results by backup."},{"name":"enabled","in":"query","type":"boolean","description":"Filter the results by enabled attribute."},{"name":"key_size","in":"query","type":"integer","description":"Filter the results by key size."},{"name":"job_config_id","in":"query","type":"string","description":"Filter the results by id of the scheduler configuration job."},{"name":"deleted_in_azure","in":"query","type":"boolean","description":"Filter the keys which are available in Azure."},{"name":"algorithm","in":"query","type":"string","description":"Filter the keys by algorithm type.","collectionFormat":"multi"},{"name":"cid","in":"query","type":"string","description":"Filter the results by Azure certificate ID."},{"name":"kid","in":"query","type":"string","description":"Filter the results by Azure key ID."},{"name":"sid","in":"query","type":"string","description":"Filter the results by Azure secret ID."},{"name":"gone","in":"query","type":"boolean","description":"Filter the results by gone."},{"name":"version","in":"query","type":"string","description":"Filters the results by matching version. If version is specified as -1, only latest version of the\nkeys is returned.\n"},{"name":"rotation_job_enabled","in":"query","type":"boolean","description":"Filter the results if rotation job is enabled or disabled."},{"name":"tags","in":"query","type":"string","description":"A valid JSON value. Keys whose 'tags' attribute contains the JSON value will be returned.\nExamples of JSON containment:\n\n- Values contain themselves: `[{\"TagKey\": \"Name\", \"TagValue\": \"TestTag\"}]` contains `[{\"TagKey\": \"Name\", \"TagValue\": \"TestTag\"}]`\n- Values contain subsets: `[{\"TagKey\": \"Name\", \"TagValue\": \"test\"},{\"TagKey\": \"cloud\", \"TagValue\": \"aws\"}]` contains `{\"Name\":\"test\"}` and `{\"cloud\":\"aws\"}`, but not `{\"cloud\":\"azure\"}`\n- Values contains only TagKey: [{\"TagKey\": \"Name\"}]`\n"},{"name":"cert_material_origin","in":"query","type":"string","description":"Filter the results by cert_material_origin.","collectionFormat":"multi"},{"name":"managed","in":"query","type":"boolean","description":"Filter the results based on certificate managed by AzureVaults."},{"name":"cert_source","in":"query","type":"string","description":"Filter the results by certificate source.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:cckm:azure-cert:democert1-3604b51e-17d7-4d85-abc5-a414114955f1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T03:44:51.478527Z","updatedAt":"2022-06-27T03:44:51.480372Z","synced_at":"2022-06-27T03:42:48Z","cloud_name":"AzureCloud","key_vault":"cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","key_vault_id":"ae2eabc8-21fc-4369-a576-4b081455830e","region":"northcentralus","tenant":"1bb66909-82a2-4aec-b262-20eecd392da7","azure_created_at":"2022-06-27T03:42:48Z","azure_expire_at":"2023-06-27T03:42:48Z","azure_updated_at":"2022-06-27T03:42:48Z","backup":"eb50c192fa3d4a83923b142b6e0d82ae16732484282b49ce9eb6184d954172a5","backup_at":"2022-06-27T03:44:51.473237Z","cert_name":"democert1","cert_soft_deleted_in_azure":false,"deleted":false,"gone":false,"cert_material_origin":"native","cert_source":"native","soft_delete_enabled":true,"status":"AVAILABLE","version":"3352be3f37f040c3bbb0661e158689e0","azure_param":{"cert":"MIIEHTCCAwWgAwIBAgIQQsRGzx1lQPeUYA2+GG+DIzANBgkqhkiG9w0BAQsFADBsMRcwFQYDVQQDEw53d3cuY29udG9zby5jbzETMBEGA1UECxMKQ29udG9zbyBIUjEQMA4GA1UEChMHQ29udG9zbzEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIyMDYyNzAzMzI0OFoXDTIzMDYyNzAzNDI0OFowbDEXMBUGA1UEAxMOd3d3LmNvbnRvc28uY28xEzARBgNVBAsTCkNvbnRvc28gSFIxEDAOBgNVBAoTB0NvbnRvc28xEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNVBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJhLHVgNZezLFbFjvG5VEzS7m2OHsSg4UOZC6+Ln25cmkjz4DEKnA4XVajVyV2c9WfO6bOeIooeW/0sRHzxf8j7bf1af35ipFFcbYZYq503asaZkSfJljliYF+LHn1pRGh10xMxPEZaU2G8/XUojZj7bBP6zbdNYF6CcixgAHdRttzRKlGTrksh50tsU1IEdWx9Jg/xMdgu6KyOJZxAsBX/bHpT399WCeRzKL5XrFBEzSacxyKn/TmWUf5q4BAqUCZJtiehE65FMObudXMDhHLwymaoCqGDyxbIoPAGLxNPd5A7lay4CVuGgfS59FoxkFF5GHabYeQaI2FfgM/hKdECAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoERaGVsbG9AY29udG9zby5jb22CDmhyLmNvbnRvc28uY29tgg1tLmNvbnRvc28uY29tMB8GA1UdIwQYMBaAFC4GkrokJCu6L7pZlzNuX1bSwVHgMB0GA1UdDgQWBBQuBpK6JCQrui+6WZczbl9W0sFR4DANBgkqhkiG9w0BAQsFAAOCAQEAYs4qfIQpLCehdBwbQlnJYsLIGIwyCp6lKSqriERKMr+sxDzrtwZgwcQ3nDZnmn+THDpLkXXEFlIgx6ngMYqsPnPWc7Ih/waQq8oYPv16cReRYK7wLMXDz8AVGZKqSHi4OQkNpQ74LzXAZzw8oKCewqHaBDf6QqlHgXuNo/pZzn4817HfYzNVkd53TjgaRpzwPn8V4J+W19WUcUahDbNOARIJ4PaIh/VLjbGwCu21GNUH36HoReBge39PYvX2iPcPHlaAXIwPuj117qaw4nEDdc2Ehirbw8SQXhkqPrYT2WPVIWr1ttvcaRXUgKP7hhzFH56uQ33RE2Fiw6FrNE/fEw==","cid":"https://cckm-vault.vault.azure.net/certificates/democert1/3352be3f37f040c3bbb0661e158689e0","kid":"https://cckm-vault.vault.azure.net/keys/democert1/3352be3f37f040c3bbb0661e158689e0","sid":"https://cckm-vault.vault.azure.net/secrets/democert1/3352be3f37f040c3bbb0661e158689e0","x5t":"Dc-6OSTyl04QChX6FDW8sCPukH0","lifetime_actions":[{"action":{"action_type":"AutoRenew"},"trigger":{"days_before_expiry":80}}],"exportable":true,"key_size":2048,"kty":"RSA","content_type":"application/x-pkcs12","ekus":["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"],"key_usage":["digitalSignature","keyEncipherment"],"sans":{"emails":["hello@contoso.com"],"dns_names":["hr.contoso.com","m.contoso.com"]},"subject":"C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co","validity_months":12,"issuer_name":"Self","attributes":{"created":1656301368,"enabled":true,"exp":1687837368,"nbf":1656300768,"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","updated":1656301368},"tags":{"tagkey1":"tagval1","tagkey2":"tagval2"}}}]}},"401":{"description":"Unauthorized"},"422":{"description":"UnprocessableEntity"}}}},"/v1/cckm/azure/certificates/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an Azure certificate with the given `ID`.","tags":["CCKM/AzureCertificates"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:cckm:azure-cert:democert1-3604b51e-17d7-4d85-abc5-a414114955f1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T03:44:51.478527Z","updatedAt":"2022-06-27T03:44:51.480372Z","synced_at":"2022-06-27T03:42:48Z","cloud_name":"AzureCloud","key_vault":"cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","key_vault_id":"ae2eabc8-21fc-4369-a576-4b081455830e","region":"northcentralus","tenant":"1bb66909-82a2-4aec-b262-20eecd392da7","azure_created_at":"2022-06-27T03:42:48Z","azure_expire_at":"2023-06-27T03:42:48Z","azure_updated_at":"2022-06-27T03:42:48Z","backup":"eb50c192fa3d4a83923b142b6e0d82ae16732484282b49ce9eb6184d954172a5","backup_at":"2022-06-27T03:44:51.473237Z","cert_name":"democert1","cert_soft_deleted_in_azure":false,"deleted":false,"gone":false,"cert_material_origin":"native","cert_source":"native","soft_delete_enabled":true,"status":"AVAILABLE","version":"3352be3f37f040c3bbb0661e158689e0","azure_param":{"cert":"MIIEHTCCAwWgAwIBAgIQQsRGzx1lQPeUYA2+GG+DIzANBgkqhkiG9w0BAQsFADBsMRcwFQYDVQQDEw53d3cuY29udG9zby5jbzETMBEGA1UECxMKQ29udG9zbyBIUjEQMA4GA1UEChMHQ29udG9zbzEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIyMDYyNzAzMzI0OFoXDTIzMDYyNzAzNDI0OFowbDEXMBUGA1UEAxMOd3d3LmNvbnRvc28uY28xEzARBgNVBAsTCkNvbnRvc28gSFIxEDAOBgNVBAoTB0NvbnRvc28xEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNVBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJhLHVgNZezLFbFjvG5VEzS7m2OHsSg4UOZC6+Ln25cmkjz4DEKnA4XVajVyV2c9WfO6bOeIooeW/0sRHzxf8j7bf1af35ipFFcbYZYq503asaZkSfJljliYF+LHn1pRGh10xMxPEZaU2G8/XUojZj7bBP6zbdNYF6CcixgAHdRttzRKlGTrksh50tsU1IEdWx9Jg/xMdgu6KyOJZxAsBX/bHpT399WCeRzKL5XrFBEzSacxyKn/TmWUf5q4BAqUCZJtiehE65FMObudXMDhHLwymaoCqGDyxbIoPAGLxNPd5A7lay4CVuGgfS59FoxkFF5GHabYeQaI2FfgM/hKdECAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoERaGVsbG9AY29udG9zby5jb22CDmhyLmNvbnRvc28uY29tgg1tLmNvbnRvc28uY29tMB8GA1UdIwQYMBaAFC4GkrokJCu6L7pZlzNuX1bSwVHgMB0GA1UdDgQWBBQuBpK6JCQrui+6WZczbl9W0sFR4DANBgkqhkiG9w0BAQsFAAOCAQEAYs4qfIQpLCehdBwbQlnJYsLIGIwyCp6lKSqriERKMr+sxDzrtwZgwcQ3nDZnmn+THDpLkXXEFlIgx6ngMYqsPnPWc7Ih/waQq8oYPv16cReRYK7wLMXDz8AVGZKqSHi4OQkNpQ74LzXAZzw8oKCewqHaBDf6QqlHgXuNo/pZzn4817HfYzNVkd53TjgaRpzwPn8V4J+W19WUcUahDbNOARIJ4PaIh/VLjbGwCu21GNUH36HoReBge39PYvX2iPcPHlaAXIwPuj117qaw4nEDdc2Ehirbw8SQXhkqPrYT2WPVIWr1ttvcaRXUgKP7hhzFH56uQ33RE2Fiw6FrNE/fEw==","cid":"https://cckm-vault.vault.azure.net/certificates/democert1/3352be3f37f040c3bbb0661e158689e0","kid":"https://cckm-vault.vault.azure.net/keys/democert1/3352be3f37f040c3bbb0661e158689e0","sid":"https://cckm-vault.vault.azure.net/secrets/democert1/3352be3f37f040c3bbb0661e158689e0","x5t":"Dc-6OSTyl04QChX6FDW8sCPukH0","lifetime_actions":[{"action":{"action_type":"AutoRenew"},"trigger":{"days_before_expiry":80}}],"exportable":true,"key_size":2048,"kty":"RSA","content_type":"application/x-pkcs12","ekus":["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"],"key_usage":["digitalSignature","keyEncipherment"],"sans":{"emails":["hello@contoso.com"],"dns_names":["hr.contoso.com","m.contoso.com"]},"subject":"C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co","validity_months":12,"issuer_name":"Self","attributes":{"created":1656301368,"enabled":true,"exp":1687837368,"nbf":1656300768,"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","updated":1656301368},"tags":{"tagkey1":"tagval1","tagkey2":"tagval2"}},"version_count":2}}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes an Azure certificate along with its backup from CM and its versions from the CCKM.","tags":["CCKM/AzureCertificates"],"responses":{"204":{"description":"No Content | Azure Certificate deleted successfully."},"404":{"description":"Resource not found."},"405":{"description":"MethodNotAllowed."},"422":{"description":"UnprocessableEntity"},"500":{"description":"Internal server error."}}},"patch":{"summary":"Update","description":"Updates an Azure certificate attributes like certificate enabled parameter and tags\n","tags":["CCKM/AzureCertificates"],"parameters":[{"name":"body","in":"body","description":"Updates an Azure certificate.","schema":{"type":"object","title":"Updates an Azure certificate.","properties":{"attributes":{"type":"object","description":"Secret attributes to be updated.","properties":{"enabled":{"type":"boolean","description":"Enables/Disables the Azure certificate."}}},"tags":{"type":"object","description":"Application specific metadata in the form of key-value pair."}},"example":{"attributes":{"enabled":false},"tags":{"tagKey":"tagValue"}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:cckm:azure-cert:democert1-3604b51e-17d7-4d85-abc5-a414114955f1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T03:44:51.478527Z","updatedAt":"2022-06-27T03:57:08.504114348Z","synced_at":"2022-06-27T03:42:48Z","cloud_name":"AzureCloud","key_vault":"cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","key_vault_id":"ae2eabc8-21fc-4369-a576-4b081455830e","region":"northcentralus","tenant":"1bb66909-82a2-4aec-b262-20eecd392da7","azure_created_at":"2022-06-27T03:42:48Z","azure_expire_at":"2023-06-27T03:42:48Z","azure_updated_at":"2022-06-27T03:42:48Z","backup":"eb50c192fa3d4a83923b142b6e0d82ae16732484282b49ce9eb6184d954172a5","backup_at":"2022-06-27T03:44:51.473237Z","cert_name":"democert1","cert_soft_deleted_in_azure":false,"deleted":false,"gone":false,"cert_material_origin":"native","cert_source":"native","soft_delete_enabled":true,"status":"AVAILABLE","version":"3352be3f37f040c3bbb0661e158689e0","azure_param":{"cert":"MIIEHTCCAwWgAwIBAgIQQsRGzx1lQPeUYA2+GG+DIzANBgkqhkiG9w0BAQsFADBsMRcwFQYDVQQDEw53d3cuY29udG9zby5jbzETMBEGA1UECxMKQ29udG9zbyBIUjEQMA4GA1UEChMHQ29udG9zbzEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIyMDYyNzAzMzI0OFoXDTIzMDYyNzAzNDI0OFowbDEXMBUGA1UEAxMOd3d3LmNvbnRvc28uY28xEzARBgNVBAsTCkNvbnRvc28gSFIxEDAOBgNVBAoTB0NvbnRvc28xEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNVBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJhLHVgNZezLFbFjvG5VEzS7m2OHsSg4UOZC6+Ln25cmkjz4DEKnA4XVajVyV2c9WfO6bOeIooeW/0sRHzxf8j7bf1af35ipFFcbYZYq503asaZkSfJljliYF+LHn1pRGh10xMxPEZaU2G8/XUojZj7bBP6zbdNYF6CcixgAHdRttzRKlGTrksh50tsU1IEdWx9Jg/xMdgu6KyOJZxAsBX/bHpT399WCeRzKL5XrFBEzSacxyKn/TmWUf5q4BAqUCZJtiehE65FMObudXMDhHLwymaoCqGDyxbIoPAGLxNPd5A7lay4CVuGgfS59FoxkFF5GHabYeQaI2FfgM/hKdECAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoERaGVsbG9AY29udG9zby5jb22CDmhyLmNvbnRvc28uY29tgg1tLmNvbnRvc28uY29tMB8GA1UdIwQYMBaAFC4GkrokJCu6L7pZlzNuX1bSwVHgMB0GA1UdDgQWBBQuBpK6JCQrui+6WZczbl9W0sFR4DANBgkqhkiG9w0BAQsFAAOCAQEAYs4qfIQpLCehdBwbQlnJYsLIGIwyCp6lKSqriERKMr+sxDzrtwZgwcQ3nDZnmn+THDpLkXXEFlIgx6ngMYqsPnPWc7Ih/waQq8oYPv16cReRYK7wLMXDz8AVGZKqSHi4OQkNpQ74LzXAZzw8oKCewqHaBDf6QqlHgXuNo/pZzn4817HfYzNVkd53TjgaRpzwPn8V4J+W19WUcUahDbNOARIJ4PaIh/VLjbGwCu21GNUH36HoReBge39PYvX2iPcPHlaAXIwPuj117qaw4nEDdc2Ehirbw8SQXhkqPrYT2WPVIWr1ttvcaRXUgKP7hhzFH56uQ33RE2Fiw6FrNE/fEw==","cid":"https://cckm-vault.vault.azure.net/certificates/democert1/3352be3f37f040c3bbb0661e158689e0","kid":"https://cckm-vault.vault.azure.net/keys/democert1/3352be3f37f040c3bbb0661e158689e0","sid":"https://cckm-vault.vault.azure.net/secrets/democert1/3352be3f37f040c3bbb0661e158689e0","x5t":"Dc-6OSTyl04QChX6FDW8sCPukH0","lifetime_actions":[{"action":{"action_type":"AutoRenew"},"trigger":{"days_before_expiry":80}}],"exportable":true,"key_size":2048,"kty":"RSA","content_type":"application/x-pkcs12","ekus":["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"],"key_usage":["digitalSignature","keyEncipherment"],"sans":{"emails":["hello@contoso.com"],"dns_names":["hr.contoso.com","m.contoso.com"]},"subject":"C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co","validity_months":12,"issuer_name":"Self","attributes":{"created":1656301368,"exp":1687837368,"nbf":1656300768,"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","updated":1656301368},"tags":{"tagKey":"tagValue"}}}},"400":{"description":"BadRequest"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"404":{"description":"Resource not found."},"405":{"description":"MethodNotAllowed"},"408":{"description":"Operation timed out."},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/azure/certificates/{id}/soft-delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Soft Delete","description":"Soft deletes an Azure certificate from the vault.","tags":["CCKM/AzureCertificates"],"responses":{"200":{"description":"No Content | Azure certificate soft-deleted from the vault.","examples":{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:cckm:azure-cert:democert1-3604b51e-17d7-4d85-abc5-a414114955f1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T03:44:51.478527Z","updatedAt":"2022-06-27T03:57:09.458588Z","synced_at":"2022-06-27T03:42:48Z","cloud_name":"AzureCloud","key_vault":"cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","key_vault_id":"ae2eabc8-21fc-4369-a576-4b081455830e","region":"northcentralus","tenant":"1bb66909-82a2-4aec-b262-20eecd392da7","azure_created_at":"2022-06-27T03:42:48Z","azure_expire_at":"2023-06-27T03:42:48Z","azure_updated_at":"2022-06-27T03:42:48Z","backup":"22804cc3e99e472c9d8b3320332524af57d9fd1f38064671bf4c374a8d7a2c11","backup_at":"2022-06-27T03:57:09.458205Z","cert_name":"democert1","cert_soft_deleted_in_azure":true,"deleted":false,"gone":false,"cert_material_origin":"native","cert_source":"native","soft_delete_enabled":true,"status":"SOFT-DELETED","version":"3352be3f37f040c3bbb0661e158689e0","azure_param":{"cert":"MIIEHTCCAwWgAwIBAgIQQsRGzx1lQPeUYA2+GG+DIzANBgkqhkiG9w0BAQsFADBsMRcwFQYDVQQDEw53d3cuY29udG9zby5jbzETMBEGA1UECxMKQ29udG9zbyBIUjEQMA4GA1UEChMHQ29udG9zbzEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIyMDYyNzAzMzI0OFoXDTIzMDYyNzAzNDI0OFowbDEXMBUGA1UEAxMOd3d3LmNvbnRvc28uY28xEzARBgNVBAsTCkNvbnRvc28gSFIxEDAOBgNVBAoTB0NvbnRvc28xEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNVBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJhLHVgNZezLFbFjvG5VEzS7m2OHsSg4UOZC6+Ln25cmkjz4DEKnA4XVajVyV2c9WfO6bOeIooeW/0sRHzxf8j7bf1af35ipFFcbYZYq503asaZkSfJljliYF+LHn1pRGh10xMxPEZaU2G8/XUojZj7bBP6zbdNYF6CcixgAHdRttzRKlGTrksh50tsU1IEdWx9Jg/xMdgu6KyOJZxAsBX/bHpT399WCeRzKL5XrFBEzSacxyKn/TmWUf5q4BAqUCZJtiehE65FMObudXMDhHLwymaoCqGDyxbIoPAGLxNPd5A7lay4CVuGgfS59FoxkFF5GHabYeQaI2FfgM/hKdECAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoERaGVsbG9AY29udG9zby5jb22CDmhyLmNvbnRvc28uY29tgg1tLmNvbnRvc28uY29tMB8GA1UdIwQYMBaAFC4GkrokJCu6L7pZlzNuX1bSwVHgMB0GA1UdDgQWBBQuBpK6JCQrui+6WZczbl9W0sFR4DANBgkqhkiG9w0BAQsFAAOCAQEAYs4qfIQpLCehdBwbQlnJYsLIGIwyCp6lKSqriERKMr+sxDzrtwZgwcQ3nDZnmn+THDpLkXXEFlIgx6ngMYqsPnPWc7Ih/waQq8oYPv16cReRYK7wLMXDz8AVGZKqSHi4OQkNpQ74LzXAZzw8oKCewqHaBDf6QqlHgXuNo/pZzn4817HfYzNVkd53TjgaRpzwPn8V4J+W19WUcUahDbNOARIJ4PaIh/VLjbGwCu21GNUH36HoReBge39PYvX2iPcPHlaAXIwPuj117qaw4nEDdc2Ehirbw8SQXhkqPrYT2WPVIWr1ttvcaRXUgKP7hhzFH56uQ33RE2Fiw6FrNE/fEw==","cid":"https://cckm-vault.vault.azure.net/certificates/democert1/3352be3f37f040c3bbb0661e158689e0","kid":"https://cckm-vault.vault.azure.net/keys/democert1/3352be3f37f040c3bbb0661e158689e0","sid":"https://cckm-vault.vault.azure.net/secrets/democert1/3352be3f37f040c3bbb0661e158689e0","x5t":"Dc-6OSTyl04QChX6FDW8sCPukH0","lifetime_actions":[{"action":{"action_type":"AutoRenew"},"trigger":{"days_before_expiry":80}}],"exportable":true,"key_size":2048,"kty":"RSA","content_type":"application/x-pkcs12","ekus":["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"],"key_usage":["digitalSignature","keyEncipherment"],"sans":{"emails":["hello@contoso.com"],"dns_names":["hr.contoso.com","m.contoso.com"]},"subject":"C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co","validity_months":12,"issuer_name":"Self","attributes":{"created":1656301368,"exp":1687837368,"nbf":1656300768,"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","updated":1656301368},"tags":{"tagKey":"tagValue"}},"version_count":2}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"}}}},"/v1/cckm/azure/certificates/{id}/hard-delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Purge","description":"Permanently deletes the Azure certificate.","tags":["CCKM/AzureCertificates"],"responses":{"200":{"description":"No Content | Deleted Azure certificate purged from the vault.","examples":{"id":"3604b51e-17d7-4d85-abc5-a414114955f1","uri":"kylo:kylo:cckm:azure-cert:democert1-3604b51e-17d7-4d85-abc5-a414114955f1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T03:44:51.478527Z","updatedAt":"2022-06-27T04:00:22.483106Z","synced_at":"2022-06-27T03:42:48Z","cloud_name":"AzureCloud","key_vault":"cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","key_vault_id":"ae2eabc8-21fc-4369-a576-4b081455830e","region":"northcentralus","tenant":"1bb66909-82a2-4aec-b262-20eecd392da7","azure_created_at":"2022-06-27T03:42:48Z","azure_expire_at":"2023-06-27T03:42:48Z","azure_updated_at":"2022-06-27T03:42:48Z","backup":"22804cc3e99e472c9d8b3320332524af57d9fd1f38064671bf4c374a8d7a2c11","backup_at":"2022-06-27T03:57:09.458205Z","cert_name":"democert1","cert_soft_deleted_in_azure":true,"deleted":true,"gone":false,"cert_material_origin":"native","cert_source":"native","soft_delete_enabled":true,"status":"DELETED","version":"3352be3f37f040c3bbb0661e158689e0","azure_param":{"cert":"MIIEHTCCAwWgAwIBAgIQQsRGzx1lQPeUYA2+GG+DIzANBgkqhkiG9w0BAQsFADBsMRcwFQYDVQQDEw53d3cuY29udG9zby5jbzETMBEGA1UECxMKQ29udG9zbyBIUjEQMA4GA1UEChMHQ29udG9zbzEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIyMDYyNzAzMzI0OFoXDTIzMDYyNzAzNDI0OFowbDEXMBUGA1UEAxMOd3d3LmNvbnRvc28uY28xEzARBgNVBAsTCkNvbnRvc28gSFIxEDAOBgNVBAoTB0NvbnRvc28xEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNVBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJhLHVgNZezLFbFjvG5VEzS7m2OHsSg4UOZC6+Ln25cmkjz4DEKnA4XVajVyV2c9WfO6bOeIooeW/0sRHzxf8j7bf1af35ipFFcbYZYq503asaZkSfJljliYF+LHn1pRGh10xMxPEZaU2G8/XUojZj7bBP6zbdNYF6CcixgAHdRttzRKlGTrksh50tsU1IEdWx9Jg/xMdgu6KyOJZxAsBX/bHpT399WCeRzKL5XrFBEzSacxyKn/TmWUf5q4BAqUCZJtiehE65FMObudXMDhHLwymaoCqGDyxbIoPAGLxNPd5A7lay4CVuGgfS59FoxkFF5GHabYeQaI2FfgM/hKdECAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoERaGVsbG9AY29udG9zby5jb22CDmhyLmNvbnRvc28uY29tgg1tLmNvbnRvc28uY29tMB8GA1UdIwQYMBaAFC4GkrokJCu6L7pZlzNuX1bSwVHgMB0GA1UdDgQWBBQuBpK6JCQrui+6WZczbl9W0sFR4DANBgkqhkiG9w0BAQsFAAOCAQEAYs4qfIQpLCehdBwbQlnJYsLIGIwyCp6lKSqriERKMr+sxDzrtwZgwcQ3nDZnmn+THDpLkXXEFlIgx6ngMYqsPnPWc7Ih/waQq8oYPv16cReRYK7wLMXDz8AVGZKqSHi4OQkNpQ74LzXAZzw8oKCewqHaBDf6QqlHgXuNo/pZzn4817HfYzNVkd53TjgaRpzwPn8V4J+W19WUcUahDbNOARIJ4PaIh/VLjbGwCu21GNUH36HoReBge39PYvX2iPcPHlaAXIwPuj117qaw4nEDdc2Ehirbw8SQXhkqPrYT2WPVIWr1ttvcaRXUgKP7hhzFH56uQ33RE2Fiw6FrNE/fEw==","cid":"https://cckm-vault.vault.azure.net/certificates/democert1/3352be3f37f040c3bbb0661e158689e0","kid":"https://cckm-vault.vault.azure.net/keys/democert1/3352be3f37f040c3bbb0661e158689e0","sid":"https://cckm-vault.vault.azure.net/secrets/democert1/3352be3f37f040c3bbb0661e158689e0","x5t":"Dc-6OSTyl04QChX6FDW8sCPukH0","lifetime_actions":[{"action":{"action_type":"AutoRenew"},"trigger":{"days_before_expiry":80}}],"exportable":true,"key_size":2048,"kty":"RSA","content_type":"application/x-pkcs12","ekus":["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"],"key_usage":["digitalSignature","keyEncipherment"],"sans":{"emails":["hello@contoso.com"],"dns_names":["hr.contoso.com","m.contoso.com"]},"subject":"C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co","validity_months":12,"issuer_name":"Self","attributes":{"created":1656301368,"exp":1687837368,"nbf":1656300768,"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","updated":1656301368},"tags":{"tagKey":"tagValue"}},"version_count":2}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"}}}},"/v1/cckm/azure/certificates/{id}/restore":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Restore","description":"Restores a backed up Certificate to a vault.\n","tags":["CCKM/AzureCertificates"],"parameters":[{"name":"body","in":"body","description":"Restores a backed up Certificate to a vault.","schema":{"type":"object","title":"Restore Certificate","properties":{"key_vault":{"type":"string","description":"ID or name of the vault where the Certificate will be restored. By default, the secret will be restored to the vault from where it was deleted."}}}}],"responses":{"200":{"description":"OK","examples":{"id":"9ee86d71-0b3e-4efa-be7c-8fac46e9f9d4","uri":"kylo:kylo:cckm:azure-cert:7f48b010-0ced-48d3-99b1-c56ec3d86f22","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T04:08:58.974101Z","updatedAt":"2022-06-27T04:13:42.157718Z","synced_at":"2022-06-27T04:06:57Z","cloud_name":"AzureCloud","key_vault":"cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863","key_vault_id":"fec986fb-06ed-49ab-b01f-1a63963f1057","region":"northcentralus","tenant":"1bb66909-82a2-4aec-b262-20eecd392da7","azure_created_at":"2022-06-27T04:06:57Z","azure_expire_at":"2023-06-27T04:06:57Z","azure_updated_at":"2022-06-27T04:06:57Z","backup":"9ad0ff6b704a4adf874b7c408ac96a8a353d33ae40374fddacbe3eb74cb2a3f1","backup_at":"2022-06-27T04:12:08.531219Z","cert_name":"testdemocert1","cert_soft_deleted_in_azure":false,"deleted":false,"gone":false,"cert_material_origin":"native","cert_source":"native","soft_delete_enabled":true,"status":"AVAILABLE","version":"a8b9e3256ed7465185d9f226c01664d9","azure_param":{"cert":"MIIEHTCCAwWgAwIBAgIQc0hlbRDGTlCPRHQ3WKQcITANBgkqhkiG9w0BAQsFADBsMRcwFQYDVQQDEw53d3cuY29udG9zby5jbzETMBEGA1UECxMKQ29udG9zbyBIUjEQMA4GA1UEChMHQ29udG9zbzEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIyMDYyNzAzNTY1N1oXDTIzMDYyNzA0MDY1N1owbDEXMBUGA1UEAxMOd3d3LmNvbnRvc28uY28xEzARBgNVBAsTCkNvbnRvc28gSFIxEDAOBgNVBAoTB0NvbnRvc28xEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNVBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPaAE6BjcTlgDOzInFT8yZQfbQgFwqIpotYVqXfJ6WzSKPdWqDfznAea0FgZaGpU4p3ZcyDRLzLo4eJ3ETozIKdWxUHqxAkR8gc5qB4Sof07RtzgGVycPW29T9UIaHODgSTkF+L0lCifHKx5mUoFO8hKFxHtLKFcmhBbdbT7HOLmtVvWTMmwlNAXLTSI3KdDadynQ5b9u/ufAz/7Y0dV0+OhNM0s+4GmjHmqvtvE2GLUQLJLN9BtJcQoGGMtDb36duPMX/YHZsBgd6wC7vze1kL101NTGx75FL/RpMzFZU08KPgiylQGZkAZDXN0IGfF/LL20IQhOh2A+7kxBGveDs0CAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoERaGVsbG9AY29udG9zby5jb22CDmhyLmNvbnRvc28uY29tgg1tLmNvbnRvc28uY29tMB8GA1UdIwQYMBaAFBlr2AT2L+ZONcK5qr1/G9zmLs3LMB0GA1UdDgQWBBQZa9gE9i/mTjXCuaq9fxvc5i7NyzANBgkqhkiG9w0BAQsFAAOCAQEAAoyU8xJsHTmztp7jKVkINbxyFS3MH9wh5hRKUH7CLvdPOT2DMavwwm+5vqNrqxWDh1Ba7An5RRMK38v5AWFzQWEArnYOePY3CnFSCU0dp7oLJUyMbvtkMnCFmxczUWuVagYfntlbCPiqTB8O3LSwULPe5OXzqPYssChjktsj2wlJyypfSJZOQM2TjeuvY10MjylyjTk6701dO8JJKCRCDTfR5yIDinKAa76Xby6r3ZEc4bQTkYlH+rXAvVa4rXRwTt3qxK+4KzVHpwatxj8xGbExcluGfoA+sn6BkIU/beILDhkwJ1cRFYPLPgPWW83+ruvAHzCEBGSeO8NyQyLdZw==","kid":"https://cckm-demo-vault.vault.azure.net/keys/testdemocert1/a8b9e3256ed7465185d9f226c01664d9","sid":"https://cckm-demo-vault.vault.azure.net/secrets/testdemocert1/a8b9e3256ed7465185d9f226c01664d9","x5t":"cQD8iz-BHMXRSGCbOkmDDjzEYdU","lifetime_actions":[{"trigger":{"days_before_expiry":80},"action":{"action_type":"AutoRenew"}}],"exportable":true,"key_size":2048,"kty":"RSA","content_type":"application/x-pkcs12","ekus":["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"],"key_usage":["digitalSignature","keyEncipherment"],"sans":{"emails":["hello@contoso.com"],"dns_names":["hr.contoso.com","m.contoso.com"]},"subject":"C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co","validity_months":12,"issuer_name":"Self","attributes":{"created":1656302817,"enabled":true,"exp":1687838817,"nbf":1656302217,"recoverable_days":90,"recovery_level":"Recoverable+Purgeable","updated":1656302817},"tags":{"tagkey1":"tagval1","tagkey2":"tagval2"}}}},"401":{"description":"Authorization failed."},"404":{"description":"Resource not found."},"422":{"description":"Unprocessable entity. In case, record has missing backup or is not in 'deleted' state."},"500":{"description":"Internal server error."}}}},"/v1/cckm/azure/certificates/{id}/recover":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Recover","description":"Recovers a soft-deleted Azure certificate.","tags":["CCKM/AzureCertificates"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"9ee86d71-0b3e-4efa-be7c-8fac46e9f9d4","uri":"kylo:kylo:cckm:azure-cert:7f48b010-0ced-48d3-99b1-c56ec3d86f22","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T04:08:58.974101Z","updatedAt":"2022-06-27T04:16:47.966969Z","synced_at":"2022-06-27T04:06:57Z","cloud_name":"AzureCloud","key_vault":"cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863","key_vault_id":"fec986fb-06ed-49ab-b01f-1a63963f1057","region":"northcentralus","tenant":"1bb66909-82a2-4aec-b262-20eecd392da7","azure_created_at":"2022-06-27T04:06:57Z","azure_expire_at":"2023-06-27T04:06:57Z","azure_updated_at":"2022-06-27T04:06:57Z","backup":"9ad0ff6b704a4adf874b7c408ac96a8a353d33ae40374fddacbe3eb74cb2a3f1","backup_at":"2022-06-27T04:12:08.531219Z","cert_name":"testdemocert1","cert_soft_deleted_in_azure":false,"deleted":false,"gone":false,"cert_material_origin":"native","cert_source":"native","soft_delete_enabled":true,"status":"AVAILABLE","version":"a8b9e3256ed7465185d9f226c01664d9","azure_param":{"kid":"https://cckm-vault.vault.azure.net/keys/testdemocert1/a8b9e3256ed7465185d9f226c01664d9","sid":"https://cckm-vault.vault.azure.net/secrets/testdemocert1/a8b9e3256ed7465185d9f226c01664d9","attributes":{"created":1656302817,"exp":1687838817,"nbf":1656302217,"recoverable_days":7,"recovery_level":"CustomizedRecoverable+Purgeable","updated":1656302817},"tags":{"tagkey1":"tagval1","tagkey2":"tagval2"}},"version_count":1}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"500":{"description":"InternalServerError"}}}},"/v1/cckm/azure/certificates/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronizes Azure certificates.\n","tags":["CCKM/AzureCertificates","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"Synchronize Azure certificates of the given key vaults","schema":{"type":"object","title":"List of key vaults name and ID.","properties":{"key_vaults":{"type":"array","items":{"type":"string"},"description":"Name or ID of key vaults from which Azure secrets will be synchronized. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all certificates from all vaults. synchronize_all and key_vaults are mutually exclusive. Specify either the synchronize_all or key_vaults."}},"example":{"key_vaults":[],"synchronize_all":false}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"51550607-e6fe-44f8-998a-c1455f0ecf50","uri":"kylo:kylo-36b619e0-7aed-4de7-958a-6d670b85ee71:cckm:synchronize:51550607-e6fe-44f8-998a-c1455f0ecf50","account":"kylo:kylo-36b619e0-7aed-4de7-958a-6d670b85ee71:admin:accounts:kylo-36b619e0-7aed-4de7-958a-6d670b85ee71","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-17T09:28:11.503990939Z","updatedAt":"2022-05-17T09:28:11.509727986Z","overall_status":"in_progress","cloud":"AzureCloud","key_vaults":["cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863"],"abort":false,"sync_item":"azure-certificate"}}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized."},"403":{"description":"Forbidden."},"409":{"description":"There is a conflict."},"422":{"description":"UnprocessableEntity."},"500":{"description":"Internal Server Error"}}},"get":{"summary":"Status","description":"Returns a list of updated certificates synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/AzureCertificates","Tech Preview"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal ID of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by synchronization overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"key_vaults","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results of synchronization by key vaults."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":2,"resources":[{"id":"c90bfb5f-6ed0-4e94-b5b1-541577d83f30","uri":"kylo:kylo-36b619e0-7aed-4de7-958a-6d670b85ee71:cckm:synchronize:c90bfb5f-6ed0-4e94-b5b1-541577d83f30","account":"kylo:kylo-36b619e0-7aed-4de7-958a-6d670b85ee71:admin:accounts:kylo-36b619e0-7aed-4de7-958a-6d670b85ee71","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-17T09:40:35.546384Z","updatedAt":"2022-05-17T09:41:01.959323Z","completed_at":"2022-05-17T09:41:01.958222Z","overall_status":"completed","detailed_status":{"northcentralus/cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863":"vault synchronized successfully","northcentralus/cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863":"vault synchronized successfully"},"cloud":"AzureCloud","key_vaults":["cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863"],"abort":false,"sync_item":"azure-certificate"},{"id":"51550607-e6fe-44f8-998a-c1455f0ecf50","uri":"kylo:kylo-36b619e0-7aed-4de7-958a-6d670b85ee71:cckm:synchronize:51550607-e6fe-44f8-998a-c1455f0ecf50","account":"kylo:kylo-36b619e0-7aed-4de7-958a-6d670b85ee71:admin:accounts:kylo-36b619e0-7aed-4de7-958a-6d670b85ee71","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-17T09:28:11.503991Z","updatedAt":"2022-05-17T09:28:26.999821Z","completed_at":"2022-05-17T09:28:26.999593Z","overall_status":"completed","detailed_status":{"northcentralus/cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863":"vault synchronized successfully","northcentralus/cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863":"vault synchronized successfully"},"cloud":"AzureCloud","key_vaults":["cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863"],"abort":false,"sync_item":"azure-certificate"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/certificates/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a certificate synchronization process with the given ID.","tags":["CCKM/AzureCertificates","Tech Preview"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"1f413972-499e-498c-9543-77c2da7d71e4","uri":"kylo:kylo:cckm:synchronize:1f413972-499e-498c-9543-77c2da7d71e4","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-12T07:00:52.032722Z","updatedAt":"2022-05-12T07:01:17.698896Z","completed_at":"2022-05-12T07:01:17.698624Z","overall_status":"failed","detailed_status":{"northcentralus/cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863":"vault synchronized successfully","northcentralus/cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863":"vault synchronized successfully"},"cloud":"AzureCloud","key_vaults":["cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863"],"abort":false,"sync_item":"azure-certificate"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/certificates/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels the synchronization job\n","tags":["CCKM/AzureCertificates","Tech Preview"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"6a5b8f4c-e377-4019-b77a-cad68061af4d","uri":"kylo:kylo:cckm:synchronize:6a5b8f4c-e377-4019-b77a-cad68061af4d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-05-12T08:35:28.927391Z","updatedAt":"2022-05-12T08:35:28.929992Z","overall_status":"in_progress","cloud":"AzureCloud","key_vaults":["cckm-vault::260ecbe7-777b-4d3c-84ea-887620498863","cckm-demo-vault::260ecbe7-777b-4d3c-84ea-887620498863"],"abort":true,"sync_item":"azure-certificate"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/azure/certificates/import":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Import","description":"Imports certificate to a vault.","tags":["CCKM/AzureCertificates"],"parameters":[{"name":"body","in":"body","description":"Imports a certificate to a vault.","schema":{"type":"object","title":"Import Certificate","required":["cert_name","key_vault","source_cert_identifier","caid","private_key_pem"],"properties":{"cert_name":{"type":"string","description":"Name for the certificate on Azure. Certificate names can only contain alphanumeric characters and hyphens (-)."},"caid":{"type":"string","description":"ID or name of the certificate authority."},"source_cert_identifier":{"type":"string","description":"ID of the certificate that will be imported into the Azure vault."},"key_vault":{"type":"string","description":"ID or Name of the vault into which the certificate will be imported."},"private_key_pem":{"type":"string","description":"Private key in PEM format."},"password":{"type":"string","description":"Password of the private key, if encrypted."},"azure_param":{"type":"object","description":"Azure certificate parameters.","properties":{"tags":{"type":"object","description":"Application specific metadata in the form of key-value pair."}}}},"example":{"cert_name":"","key_vault":"","source_cert_identifier":"","caid":"","private_key_pem":"","password":"","azure_param":{"tags":{"tagkey1":"tagval1","tagkey2":"tagval2"}}}}}],"responses":{"201":{"description":"OK","examples":{"id":"71655dbf-5e71-4cf3-a773-9c31e828a4d3","uri":"kylo:kylo:cckm:azure-cert:abcdefg-71655dbf-5e71-4cf3-a773-9c31e828a4d3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-05-09T10:46:37.988945Z","updatedAt":"2022-05-09T10:58:36.64513732Z","synced_at":"2022-05-09T10:46:32Z","cloud_name":"AzureCloud","key_vault":"azure-vault::260ecbe7-777b-4d3c-84ea-887620498863","key_vault_id":"5fb27dcd-9a6f-4508-ba9c-5dc630162a83","region":"northcentralus","tenant":"1bb66909-82a2-4aec-b262-20eecd392da7","azure_created_at":"2022-05-09T10:46:32Z","azure_expire_at":"2023-05-09T10:46:32Z","azure_updated_at":"2022-05-09T10:46:32Z","backup":"ac1b43d844a742d9a0081f93d65bf9ec58077b9e2a224df798a794c694d1e197","backup_at":"2022-05-09T10:46:37.985596Z","cert_name":"test-cert","cert_soft_deleted_in_azure":false,"deleted":false,"gone":false,"cert_material_origin":"native","cert_source":"native","operation":"","soft_delete_enabled":true,"status":"AVAILABLE","version":"02e3b1cf6b9e48a5b514b8315d62f369","azure_param":{"cert":"MIIEHTCCAwWgAwIBAgIQB4ugjHs/RQCEw4Toeoy10jANBgkqhkiG9w0BAQsFADBsMRcwFQYDVQQDEw53d3cuY29udG9zby5jbzETMBEGA1UECxMKQ29udG9zbyBIUjEQMA4GA1UEChMHQ29udG9zbzEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIyMDUwOTEwMzYzMloXDTIzMDUwOTEwNDYzMlowbDEXMBUGA1UEAxMOd3d3LmNvbnRvc28uY28xEzARBgNVBAsTCkNvbnRvc28gSFIxEDAOBgNVBAoTB0NvbnRvc28xEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNVBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa67roT9b/RWzqEwqp0InWVR2z8a27J9j1tEioSx3JJfH1mliZA5JG4vq77jv1t2C0KM8ChRhG9l+rd5wSQ7Gogt+Qt7Mq6+2YbxLyvx+ookQIvu7CZT7ZWSQiKNwdzklVe/b29aBclCSAzGJR3+90ZkLT2xTBx6QYFGqPyLavRSk4+TfYVj+s5cdEm/ZcfPFS478LXSTQaCMaiIOmBOdbIrepCh3zUz3uhCjtuWTgUTgssadCbjh3Qwa4YThoB6vQsdeUJ9rqZXtnWr8aIAEG1WGAHuknrIxJxFH4rQcuWX+B/c/4h40/tkwbZO6QPrALSxrqVe+4nS8tgggoCf30CAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0RBDQwMoERaGVsbG9AY29udG9zby5jb22CDmhyLmNvbnRvc28uY29tgg1tLmNvbnRvc28uY29tMB8GA1UdIwQYMBaAFLiRr8LhYyUC/KV7W1SeFHrj0j/GMB0GA1UdDgQWBBS4ka/C4WMlAvyle1tUnhR649I/xjANBgkqhkiG9w0BAQsFAAOCAQEAzg5xO6w0GLfbNKu/RFoynj632yMJNerpjYjwGNcbEaMVNEt2LH0BJyIGpGEdnhfpoHfxSubPRGvcFsUc2E9VvDqan6sGalqQn1INUQnuF2joj+Tg75f+VuQZEh/JyzWKKxmrcymmSUdE8uYC1ssBkcGAcpPPb0fZIT37ohd0DZv+J+KXabM4Bu1IaiCZ6ObynNee3rNuKroNCIln361JsAdqJ5bdsTVFXY38tob1guN2ch6cYHH3TUoEkOqbyu0Z/UwHKCe7deIcZV2AIqD+H/9iii2+v9Hl0va7YMaXoPY/i2oe77VebtNhjARzCXzD/6an1vZb6lGByMY0BKaILQ==","kid":"https://azure-vault.vault.azure.net/keys/abcdefg/02e3b1cf6b9e48a5b514b8315d62f369","sid":"https://azure-vault.vault.azure.net/secrets/abcdefg/02e3b1cf6b9e48a5b514b8315d62f369","x5t":"8abSuIEC7VXk00Wtl7-3TQMAw-4","lifetime_actions":[{"action":{"action_type":"AutoRenew"},"trigger":{"lifetime_percentage":80}}],"crv":"","exportable":true,"key_size":2048,"kty":"RSA","content_type":"application/x-pkcs12","ekus":["1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.7.3.2"],"key_usage":["digitalSignature","keyEncipherment"],"sans":{"emails":["hello@contoso.com"],"dns_names":["hr.contoso.com","m.contoso.com"]},"subject":"C=US, ST=WA, L=Redmond, O=Contoso, OU=Contoso HR, CN=www.contoso.co","validity_months":12,"issuer_name":"Self","attributes":{"created":1652093192,"enabled":true,"exp":1683629192,"nbf":1652092592,"recovery_level":"Purgeable","updated":1652093192}}}},"400":{"description":"BadRequest"},"401":{"description":"Unauthorized"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/sfdc/get-organizations":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get SFDC organizations","description":"Fetches SFDC Cloud organizations based on the connection.\n","tags":["CCKM/SFDC Cloud Organizations"],"parameters":[{"name":"body","in":"body","description":"Fetches SFDC Cloud organizations based on the connection","schema":{"type":"object","title":"get organiations.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the SFDC connection."}},"example":{"connection":"sfdc-connection"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"name":"Thales","sfdc_org_id":"00DB000000012ABCDE","connection":"sfdc-connection","cloud_name":"sfdc","organization_type":"Regular"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/add-organizations":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add SFDC organization","description":"Add a SFDC organization.","tags":["CCKM/SFDC Cloud Organizations"],"parameters":[{"name":"body","in":"body","description":"SFDC organization parameters.","schema":{"type":"object","description":"Add SFDC organization.","required":["sfdc_org_id","connection"],"properties":{"sfdc_org_id":{"type":"string","title":"SFDC organization ID.","description":"ID of the SFDC organization to be added."},"connection":{"type":"string","description":"Name or ID of the SFDC connection."}},"example":{"connection":"sfdc-connection","sfdc_org_id":"00DB000000012ABCDE"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"03b24ef3-0078-4dbb-9444-a4242f992d69","uri":"kylo:kylo:cckm:gcp-project:03b24ef3-0078-4dbb-9444-a4242f992d69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-25T07:54:14.945148Z","updatedAt":"2021-02-25T07:54:14.943021Z","name":"projects/a12ewd3423e32","sfdc_org_id":"00DB000000012ABCDE","cloud_name":"sfdc","organization_type":"Regular","connection":"sfdc-connection"}}}}}},"/v1/cckm/sfdc/organizations":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Organizations","description":"Returns the list of SFDC organizations.\n","tags":["CCKM/SFDC Cloud Organizations"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"name","in":"query","type":"string","description":"Filter the results by name."},{"name":"connection","in":"query","type":"string","description":"Filter the results by connection."},{"name":"sfdc_org_id","in":"query","type":"string","description":"Filter the results by SFDC organization id."},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud name."},{"name":"organization_type","in":"query","type":"string","description":"Filter the results by organization type."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"03b24ef3-0078-4dbb-9444-a4242f992d69","uri":"kylo:kylo:cckm:gcp-project:03b24ef3-0078-4dbb-9444-a4242f992d69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-25T07:54:14.945148Z","updatedAt":"2021-02-25T07:54:14.943021Z","name":"projects/a12ewd3423e32","sfdc_org_id":"00DB000000012ABCDE","cloud_name":"sfdc","organization_type":"Regular","connection":"sfdc-connection"}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/organizations/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a SFDC Organization with the given id.","tags":["CCKM/SFDC Cloud Organizations"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"03b24ef3-0078-4dbb-9444-a4242f992d69","uri":"kylo:kylo:cckm:gcp-project:03b24ef3-0078-4dbb-9444-a4242f992d69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-25T07:54:14.945148Z","updatedAt":"2021-02-25T07:54:14.943021Z","name":"projects/a12ewd3423e32","sfdc_org_id":"00DB000000012ABCDE","cloud_name":"sfdc","organization_type":"Regular","connection":"sfdc-connection"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update a SFDC organization.","tags":["CCKM/SFDC Cloud Organizations"],"parameters":[{"name":"body","in":"body","description":"SFDC oganization parameters.","schema":{"type":"object","description":"Update SFDC organization.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the SFDC connection."}},"example":{"connection":"new-sfdc-connection"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"03b24ef3-0078-4dbb-9444-a4242f992d69","uri":"kylo:kylo:cckm:gcp-project:03b24ef3-0078-4dbb-9444-a4242f992d69","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-25T07:54:14.945148Z","updatedAt":"2021-02-25T07:54:14.943021Z","name":"projects/a12ewd3423e32","sfdc_org_id":"00DB000000012ABCDE","cloud_name":"sfdc","organization_type":"Regular","connection":"new-sfdc-connection"}}}}},"delete":{"summary":"Delete","description":"Delete a SFDC Cloud Organization.","tags":["CCKM/SFDC Cloud Organizations"],"responses":{"204":{"description":"No Content | SFDC Cloud organization is removed successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/organizations/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"User ACLS","description":"Grants permissions to users or group to perform specific actions on the SFDC Organization. User ID and group are mutually exclusive – specify either of the two.\n\nFor the first time users or group, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.\n\nFor example, a user or group is permitted actions, keycreate, and keyimport. Now, to permit one more action \"keydestroy\" to the user or group, set \"permit\":true and \"actions\": \"keydestroy\" and run the API. Similarly, now to deny permission to the action \"keycreate\", set \"permit\":false, \"actions\": \"keycreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n Apis | Actions Required | Description\n ------------------------------- | ---------------------------- | ---------------------------------------------------\n Create | keycreate | Permission to create SFDC keys.\n Upload | keyrotatetobyok | Permission to upload keys to SFDC.\n Destroy key | keydestroynative | Permission to destroy native SFDC keys.\n Destroy key | keydestroybyok | Permission to destroy BYOK SFDC keys.\n Import | keyimportnative | Permission to import a destroyed native SFDC keys.\n Import | keyimportbyok | Permission to import a destroyed byok SFDC keys.\n Synchronize | keysynchronize | Permission to synchronize SFDC keyss.\n Cancel | keysynchronize | Permission to cancel a synchronization job.\n Update | keyupdate | Permission to updates cache only key attributes (certificate and named credential).\n List | view | Permission to view SFDC keys.\n Get (SFDC Keys) | view | Permission to get the details of an SFDC key with the given id.\n List SFDC Organization | view | Permission to view SFDC organizations.\n Get (SFDC Organizations) | view | Permission to get the details of SFDC Organization with given id.\n Create cache only key endpoint | endpointcreate | Permission to create cache only key endpoint.\n Update cache only key endpoint | endpointupdate | Permission to update cache only key endpoint.\n Delete cache only key endpoint | endpointdelete | Permission to delete cache only key endpoint.\n Activate cache only key | cacheonlykeyactivate | Permission to activate cache only key.\n Upload cache only key | cacheonlykeyupload | Permission to upload cache only key.\n Update cache only key | cacheonlykeyupdate | Permission to update cache only key.\n Destroy cache only key | cacheonlykeydestroy | Permission to destroy cache only key.\n Create certificate | certificatecreate | Permission to create certificate to be used to encrypt tenant secret.\n Delete certificate | certificatedelete | Permission to delete certificate.\n Synchronize certificate | certificatesync | Permission to synchronize certificate from SFDC to CM.\n Delete Backup | deletebackupnative | Permission to deletes a SFDC native key backup from CCKM.\n Delete Backup | deletebackupbyok | Permission to deletes a SFDC byok key backup from CCKM.\n Create Report | reportcreate | Permission to create report\n Delete Report | reportdelete | Permission to delete report\n Download Report | reportdownload | Permission to download report\n View Report | reportview | Permission to view report content\n","tags":["CCKM/SFDC Cloud Organizations"],"parameters":[{"name":"body","in":"body","description":"Providing permissions to Users.","schema":{"type":"object","title":"Adding a User.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit, false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keyupload","keydestroy","keyimport","keyrotate","keysynchronize","keyupdate","view","endpointcreate","endpointupdate","endpointdelete","cacheonlykeyactivate","cacheonlykeyupload","cacheonlykeyupdate","cacheonlykeydestroy","certificatecreate","certificatedelete","certificatesync","deletebackup","reportview","reportcreate","reportdelete","reportdownload"]}}}}},"example":{"acls":[{"group":"CCKM Users","actions":["view"],"permit":true}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"ce0ffe4b-fbda-4e87-88af-4b9b4e6484f9","uri":"kylo:kylo:cckm:sfdc-organization:ce0ffe4b-fbda-4e87-88af-4b9b4e6484f9","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-08-25T04:30:47.915696Z","updatedAt":"2021-08-25T10:04:24.415596321Z","name":"orgnisation name","sfdc_org_id":"00DB000000012ABCDE","connection":"sfdc","cloud_name":"sfdc","organization_type":"Sandbox","refreshed_at":"2021-08-25T04:31:24.089748Z","acls":[{"user_id":"local|624b6c12-21d4-489a-ab8b-982f91f2f3aa","actions":["view","keydestroy"]},{"group":"CCKM Users","actions":["view"]}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/endpoints":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create sfdc endpoint entity in CCKM\n","tags":["CCKM/SFDC Cache Only Key Endpoints"],"parameters":[{"name":"body","in":"body","description":"endpoint parameters","schema":{"type":"object","title":"Create endpoint","required":["name","url_hostname","password_authentication","organization_id"],"properties":{"name":{"type":"string","description":"name for endpoint."},"url_hostname":{"type":"string","description":"Base hostname of url"},"password_authentication":{"type":"object","description":"endpoint password Authentication details.","properties":{"username":{"type":"string","description":"Username for endpoint."},"password":{"type":"string","description":"Password for endpoint."}}},"organization_id":{"type":"string","description":"SFDC Organization ID to which this endpoint should belong to."}},"example":{"name":"nc1","url_hostname":"ekm.thales.com","password_authentication":{"username":"ncadmin","password":"ncpassword"},"organization_id":"04f63144-940c-4c4f-8426-111111111111"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"04f63144-940c-4c4f-8426-222222222222","uri":"kylo:kylo:cckm:kacls-sfdc:nc1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"nc1","updatedAt":"2021-02-10T00:20:25.036189Z","url_hostname":"thales.com","url":"https://thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/","organization_id":"04f63144-940c-4c4f-8426-111111111111","organization_name":"Thales","password_authentication":{"username":"ncadmin"}}}}},"get":{"summary":"List","description":"Returns a list of endpoints. The results can be filtered using the query parameters.","tags":["CCKM/SFDC Cache Only Key Endpoints"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the result based endpoint ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on endpoint name."},{"name":"organization_name","in":"query","type":"string","description":"Filter the results by organization name.","collectionFormat":"multi"},{"name":"organization_id","in":"query","type":"string","description":"Filter the results by organization resource id.","collectionFormat":"multi"},{"name":"sfdc_organization_id","in":"query","type":"string","description":"Filter the results by sfdc organization id.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"Named credential name.","type":"string"},"url_hostname":{"type":"string","description":"Base hostname of url"},"password_authentication":{"type":"object","description":"named credential password Authentication details.","properties":{"username":{"type":"string","description":"Username for named credential."},"password":{"type":"string","description":"Password for named credential."}}},"organization_id":{"type":"string","description":"Organization ID to which this named credential should belong to."},"sfdc_name_credential_id":{"type":"string","description":"sfdc Name credential ID."},"synced_at":{"type":"string","format":"date-time","description":"Date/time when named credential was last synced"}}}]}}}}]},"examples":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"04f63144-940c-4c4f-8426-222222222222","uri":"kylo:kylo:cckm:kacls-sfdc:nc1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"nc1","updatedAt":"2021-02-10T00:20:25.036189Z","url_hostname":"thales.com","url":"https://thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/","organization_id":"04f63144-940c-4c4f-8426-111111111111","organization_name":"Thales","password_authentication":{"username":"ncadmin"}}]}}}}},"/v1/cckm/sfdc/endpoints/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a endpoint with the given `id`.","tags":["CCKM/SFDC Cache Only Key Endpoints"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"04f63144-940c-4c4f-8426-222222222222","uri":"kylo:kylo:cckm:kacls-sfdc:nc1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"nc1","updatedAt":"2021-02-10T00:20:25.036189Z","url_hostname":"thales.com","url":"https://thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/","organization_id":"04f63144-940c-4c4f-8426-111111111111","organization_name":"Thales","password_authentication":{"username":"ncadmin"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update Endpoint.\n","tags":["CCKM/SFDC Cache Only Key Endpoints"],"parameters":[{"name":"body","in":"body","description":"Endpoint parameters","schema":{"type":"object","title":"Update Endpoint.","properties":{"url_hostname":{"type":"string","description":"Base hostname of url"},"password_authentication":{"type":"object","description":"Endpoint password Authentication details.","properties":{"username":{"type":"string","description":"Username for endpoint."},"password":{"type":"string","description":"Password for endpoint."}}}},"example":{"url_hostname":"cckm.thales.com","password_authentication":{"username":"updateUser","password":"updatedPwd"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"04f63144-940c-4c4f-8426-222222222222","uri":"kylo:kylo:cckm:kacls-sfdc:nc1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-02-10T00:19:40.321138Z","name":"nc1","updatedAt":"2021-02-10T00:20:25.036189Z","url_hostname":"cckm.thales.com","url":"https://cckm.thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/","organization_id":"04f63144-940c-4c4f-8426-111111111111","organization_name":"Thales","password_authentication":{"username":"ncadmin"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"SFDC endpoint will be deleted.","tags":["CCKM/SFDC Cache Only Key Endpoints"],"responses":{"204":{"description":"Endpoint deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/get-named-credentials":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"List","description":"Fetch the list of named credentials from sfdc\n","tags":["CCKM/SFDC Cloud Named Credentials"],"parameters":[{"name":"body","in":"body","description":"Fetch named credential parameters","schema":{"type":"object","title":"Fetch named credentials","required":["organization_id"],"properties":{"organization_id":{"type":"string","description":"Organization ID from which named credentials should be fetched."}},"example":{"organization_id":"04f63144-940c-4c4f-8426-111111111111"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"totalSize":2,"done":true,"records":[{"attributes":{"type":"NamedCredential","url":"/services/data/v52.0/sobjects/NamedCredential/0XA6h000000L0D7GAK"},"Endpoint":"https://test.com/kmaas/byok/00D7X000000EM3TEA8/","id":"0XA3h000000L0D5GAK","IsDeleted":false,"MasterLabel":"test-namedcredential-1","DeveloperName":"test-namedcredential-1"},{"attributes":{"type":"NamedCredential","url":"/services/data/v52.0/sobjects/NamedCredential/0XA5F0000030wCiWAI"},"Endpoint":"https://test.com/kmaas/byok/00D7X000000EA7TEA3","id":"0XA5G0000010wCiWAI","IsDeleted":false,"MasterLabel":"test-namedcredential-2","DeveloperName":"test-namedcredential-2"}],"organizationId":"a916ba75-242b-4f29-b886-52bf51d70e16"}}}}},"/v1/cckm/sfdc/certificates":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create sfdc certificate (4096-bit key size RSA certificate with Platform Encryption enabled,\nand without Exportable Private Key option)\n","tags":["CCKM/SFDC Cloud Certificates"],"parameters":[{"name":"body","in":"body","description":"certificate parameters","schema":{"type":"object","title":"Create certificate","required":["name","organization_id"],"properties":{"name":{"type":"string","description":"name for certificate."},"organization_id":{"type":"string","description":"Organization ID to which this certificate should belong to."}},"example":{"name":"sfdc_cert","organization_id":"04f63144-940c-4c4f-8426-111111111111"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"137e43bd-79a6-4019-97a1-9f5a10360266","uri":"kylo:kylo:cckm:certificate:sfdc-cert-137e43bd-79a6-4019-97a1-9f5a10360266","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T01:28:09.3978Z","updatedAt":"2021-09-22T01:28:09.396535Z","organization_id":"f7d5c526-872f-451e-b119-634b376ac5ac","sfdc_organization_id":"00D030000008olxEAA","organization_name":"Sample Org","ca_signed":false,"keysize":4096,"version":3,"subject":"CN=sfdc_cert,OU=00D030000008olx,O=Salesforce.com,L=San Francisco,ST=CA,C=USA","signature_algorithm_name":"SHA256-RSA","serial_number":"30111193961490128631138561580454","subject_key_identifier":"4494f581699e9c7aef14f183289c0935df9a3f55","authority_key_identifier":"4494f581699e9c7aef14f183289c0935df9a3f55","subject_key":"30820222300d06092a864886f70d01010105000382020f003082020a028202010086d32e969ce4d595e2b07b6206061548d687b250b50f1cc8d89d32e2bcfd1aa77f65e9b8d0c08ffad11c9324230edf97243b91ac03d9414744e3a487e02e246ba809eda6d3010893fb9118ccdd0c5a658054014e3b688c66d332312277f130b92ac6aa35efed884250b9f93cb09fcb78d2b7cfbfe08de108084ef421db71ccb1f3a04ab27ab7db3ec63500e50225e5211d5cc4a84aeff74f24f0a44b365131302375747d07cab90c2ee6df48f09e21635143fc106750339e03b039e803fed3952ffe40469acb16ecdfa41139692fa7f400966e4f8de1842645714c4dbffd0d12e8c319ba0def960a5d1fae834ca8f2423dde28f2edd34b95fa8d147b4d89f0a28e1efc34500d85f7073ad07453141d6d54b63d2221e525b560abfd8816652a51d018c343d7f1afe535c2c6411d27a1d95745dab4e60cbff320cbe1eef1b4a5bb05c851802330158f302dee03fb6f4fd44f39f0a3d838ba8cf992459bf104608129026f346fc2b6062dd753547959dc1bf5b27abbd30ed76975213049f1de8ec085f09235b05bb5d9a29a079bf5c2d9d7d470c35f39ea76e1f61b2935ccad39785735341b8b8979bae5a7b43c531861a8cbb3dab5a369ed8ba9bb23cb94742bfa0bbb1a5ecf83dc547c4a48634c771b0e1d268d2ab23c51e3a2448cec1665270185e6beea387d55f278e150be8119f003606bc96340aa06252aa348cf27ea00890203010001","valid_to":"2023-09-22 12:00:00 +0000 UTC","issuer":"CN=sfdc_cert,OU=00D030000008olx,O=Salesforce.com,L=San Francisco,ST=CA,C=USA","valid_from":"2021-09-22 17:18:15 +0000 UTC","public_key_name":"30820222300d06092a864886f70d01010105000382020f003082020a028202010086d32e969ce4d595e2b07b6206061548d687b250b50f1cc8d89d32e2bcfd1aa77f65e9b8d0c08ffad11c9324230edf97243b91ac03d9414744e3a487e02e246ba809eda6d3010893fb9118ccdd0c5a658054014e3b688c66d332312277f130b92ac6aa35efed884250b9f93cb09fcb78d2b7cfbfe08de108084ef421db71ccb1f3a04ab27ab7db3ec63500e50225e5211d5cc4a84aeff74f24f0a44b365131302375747d07cab90c2ee6df48f09e21635143fc106750339e03b039e803fed3952ffe40469acb16ecdfa41139692fa7f400966e4f8de1842645714c4dbffd0d12e8c319ba0def960a5d1fae834ca8f2423dde28f2edd34b95fa8d147b4d89f0a28e1efc34500d85f7073ad07453141d6d54b63d2221e525b560abfd8816652a51d018c343d7f1afe535c2c6411d27a1d95745dab4e60cbff320cbe1eef1b4a5bb05c851802330158f302dee03fb6f4fd44f39f0a3d838ba8cf992459bf104608129026f346fc2b6062dd753547959dc1bf5b27abbd30ed76975213049f1de8ec085f09235b05bb5d9a29a079bf5c2d9d7d470c35f39ea76e1f61b2935ccad39785735341b8b8979bae5a7b43c531861a8cbb3dab5a369ed8ba9bb23cb94742bfa0bbb1a5ecf83dc547c4a48634c771b0e1d268d2ab23c51e3a2448cec1665270185e6beea387d55f278e150be8119f003606bc96340aa06252aa348cf27ea00890203010001","signature":"554ec2e14175b569b38a9a8a04f01dff34226365dafb8eca4ca98171dc04504fce37d9e7a3a7182bb2f64b05d2b0c4de64692c60a4cfbce564233e2966a168e1bd1b4561a87d398f6a1e213faa959c43b6ad614ffba65a401befae383071820868671cfc466db6cfa86f0e90b9395dce97ddce6c49e6544bd0768a0636d067ac20818458e519ae7a05cbf4ec653b9b4806ee2c226a9b259b5b65c8341a6b826849eccb0014f1501ab7dddbd8151732eef6f3440a0812b23121871963141a77d93786028cf032232674edb43b173f70487c56eab8bfb02246b973278f0f25f16453761690dda70a6083dcc9be587a6ab84e80e605a69dea7f3179a1bcf9f2fa221cd105d921c4ae64aa842f570f142d65dd6427fcd8dad28536f50a36db8afda9f630f75d6eab36909bade47a66fc6780e65de8c2cc2360ae2fec87ff122700c74736526dc947ade6220f5b70d81c993c7b47cb2c3c3b5b32fd08233b008f0f94b921e721eb84a0d3b6d0dcc1e7b69a6e75979738df83b165e80ff06e46fd1e3d0d73c8034947e5448fff63414bbdb428f0871ec8808d30e0f4fedfb2f6de9b0350f7741382b4194519e6bbb1f2864a47b6ef7c1cbb3e685405b17a5c3a5c0f434dc18804001147b31e99cdc58622cb1a8e37dd42534548b49fb3f72c5b580cbd55a86fc11e226859c1225c686169c8e5e8fa84360a0d9d58d38690d70af3666c","public_key":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAhtMulpzk1ZXisHtiBgYV\nSNaHslC1DxzI2J0y4rz9Gqd/Zem40MCP+tEckyQjDt+XJDuRrAPZQUdE46SH4C4k\na6gJ7abTAQiT+5EYzN0MWmWAVAFOO2iMZtMyMSJ38TC5KsaqNe/tiEJQufk8sJ/L\neNK3z7/gjeEICE70IdtxzLHzoEqyerfbPsY1AOUCJeUhHVzEqErv908k8KRLNlEx\nMCN1dH0HyrkMLubfSPCeIWNRQ/wQZ1AzngOwOegD/tOVL/5ARprLFuzfpBE5aS+n\n9ACWbk+N4YQmRXFMTb/9DRLowxm6De+WCl0froNMqPJCPd4o8u3TS5X6jRR7TYnw\noo4e/DRQDYX3BzrQdFMUHW1Utj0iIeUltWCr/YgWZSpR0BjDQ9fxr+U1wsZBHSeh\n2VdF2rTmDL/zIMvh7vG0pbsFyFGAIzAVjzAt7gP7b0/UTznwo9g4uoz5kkWb8QRg\ngSkCbzRvwrYGLddTVHlZ3Bv1snq70w7XaXUhMEnx3o7AhfCSNbBbtdmimgeb9cLZ\n19Rww1856nbh9hspNcytOXhXNTQbi4l5uuWntDxTGGGoy7PataNp7YupuyPLlHQr\n+gu7Gl7Pg9xUfEpIY0x3Gw4dJo0qsjxR46JEjOwWZScBhea+6jh9VfJ44VC+gRnw\nA2BryWNAqgYlKqNIzyfqAIkCAwEAAQ==\n-----END PUBLIC KEY-----\n","content":"-----BEGIN CERTIFICATE-----\nMIIGZDCCBEygAwIBAgIOAXwOg92jAAAAAF4MXaYwDQYJKoZIhvcNAQELBQAwejES\nMBAGA1UEAwwJc2ZkY19jZXJ0MRgwFgYDVQQLDA8wMEQwMzAwMDAwMDhvbHgxFzAV\nBgNVBAoMDlNhbGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQsw\nCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNBMB4XDTIxMDkyMjE3MTgxNVoXDTIzMDky\nMjEyMDAwMFowejESMBAGA1UEAwwJc2ZkY19jZXJ0MRgwFgYDVQQLDA8wMEQwMzAw\nMDAwMDhvbHgxFzAVBgNVBAoMDlNhbGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4g\nRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNBMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEAhtMulpzk1ZXisHtiBgYVSNaHslC1DxzI2J0y\n4rz9Gqd/Zem40MCP+tEckyQjDt+XJDuRrAPZQUdE46SH4C4ka6gJ7abTAQiT+5EY\nzN0MWmWAVAFOO2iMZtMyMSJ38TC5KsaqNe/tiEJQufk8sJ/LeNK3z7/gjeEICE70\nIdtxzLHzoEqyerfbPsY1AOUCJeUhHVzEqErv908k8KRLNlExMCN1dH0HyrkMLubf\nSPCeIWNRQ/wQZ1AzngOwOegD/tOVL/5ARprLFuzfpBE5aS+n9ACWbk+N4YQmRXFM\nTb/9DRLowxm6De+WCl0froNMqPJCPd4o8u3TS5X6jRR7TYnwoo4e/DRQDYX3BzrQ\ndFMUHW1Utj0iIeUltWCr/YgWZSpR0BjDQ9fxr+U1wsZBHSeh2VdF2rTmDL/zIMvh\n7vG0pbsFyFGAIzAVjzAt7gP7b0/UTznwo9g4uoz5kkWb8QRggSkCbzRvwrYGLddT\nVHlZ3Bv1snq70w7XaXUhMEnx3o7AhfCSNbBbtdmimgeb9cLZ19Rww1856nbh9hsp\nNcytOXhXNTQbi4l5uuWntDxTGGGoy7PataNp7YupuyPLlHQr+gu7Gl7Pg9xUfEpI\nY0x3Gw4dJo0qsjxR46JEjOwWZScBhea+6jh9VfJ44VC+gRnwA2BryWNAqgYlKqNI\nzyfqAIkCAwEAAaOB5zCB5DAdBgNVHQ4EFgQURJT1gWmenHrvFPGDKJwJNd+aP1Uw\nDwYDVR0TAQH/BAUwAwEB/zCBsQYDVR0jBIGpMIGmgBRElPWBaZ6ceu8U8YMonAk1\n35o/VaF+pHwwejESMBAGA1UEAwwJc2ZkY19jZXJ0MRgwFgYDVQQLDA8wMEQwMzAw\nMDAwMDhvbHgxFzAVBgNVBAoMDlNhbGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4g\nRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNBgg4BfA6D3aMAAAAA\nXgxdpjANBgkqhkiG9w0BAQsFAAOCAgEAVU7C4UF1tWmzipqKBPAd/zQiY2Xa+47K\nTKmBcdwEUE/ON9nno6cYK7L2SwXSsMTeZGksYKTPvOVkIz4pZqFo4b0bRWGofTmP\nah4hP6qVnEO2rWFP+6ZaQBvvrjgwcYIIaGcc/EZtts+obw6QuTldzpfdzmxJ5lRL\n0HaKBjbQZ6wggYRY5RmuegXL9OxlO5tIBu4sImqbJZtbZcg0GmuCaEnsywAU8VAa\nt93b2BUXMu7280QKCBKyMSGHGWMUGnfZN4YCjPAyIyZ07bQ7Fz9wSHxW6ri/sCJG\nuXMnjw8l8WRTdhaQ3acKYIPcyb5Yemq4ToDmBaad6n8xeaG8+fL6IhzRBdkhxK5k\nqoQvVw8ULWXdZCf82NrShTb1Cjbbiv2p9jD3XW6rNpCbreR6ZvxngOZd6MLMI2Cu\nL+yH/xInAMdHNlJtyUet5iIPW3DYHJk8e0fLLDw7WzL9CCM7AI8PlLkh5yHrhKDT\nttDcwee2mm51l5c434OxZegP8G5G/R49DXPIA0lH5USP/2NBS720KPCHHsiAjTDg\n9P7fsvbemwNQ93QTgrQZRRnmu7HyhkpHtu98HLs+aFQFsXpcOlwPQ03BiAQAEUez\nHpnNxYYiyxqON91CU0VItJ+z9yxbWAy9VahvwR4iaFnBIlxoYWnI5ej6hDYKDZ1Y\n04aQ1wrzZmw=\n-----END CERTIFICATE-----\n","master_label":"sfdc_cert","created_by_id":"0053h000000r5rKABQ","created_by_name":"John Doe","created_date":"2021-09-22T17:18:15Z","file_name":"certs/sfdc_cert.crt","full_name":"sfdc_cert","salesforce_id":"0P10300000000u0CBA","last_modified_by_id":"0053h000000r5rKABQ","last_modified_by_name":"John Doe","last_modified_date":"1970-01-01T00:00:00Z","type":"Certificate","name":"sfdc_cert"}}}},"get":{"summary":"List","description":"Returns a list of certificates. The results can be filtered using the query parameters.","tags":["CCKM/SFDC Cloud Certificates"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the result based certificate id"},{"name":"name","in":"query","type":"string","description":"Filter the result based on certificate name."},{"name":"organization_name","in":"query","type":"string","description":"Filter the results by organization name."},{"name":"organization_id","in":"query","type":"string","description":"Filter the results by organization resource id."},{"name":"sfdc_organization_id","in":"query","type":"string","description":"Filter the results by the SFDC organization id."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application to which this resource belongs."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated."},"name":{"description":"Certificate name.","type":"string"},"organization_id":{"type":"string","description":"Organization ID to which this named credential should belong to."},"ca_signed":{"description":"Flag to denote if self-signed.","type":"boolean"},"key_size":{"description":"Size","type":"integer"},"version":{"description":"version","type":"integer"},"signature_algorithm_name":{"description":"Subject","type":"string"},"serial_number":{"description":"Subject","type":"string"},"subject_key_identifier":{"description":"Subject","type":"string"},"authority_key_identifier":{"description":"Subject","type":"string"},"path_len_constraint":{"description":"Subject","type":"string"},"valid_to":{"description":"Subject","type":"string","format":"date-time"},"valid_from":{"description":"Subject","type":"string","format":"date-time"},"issuer":{"description":"Subject","type":"string"},"public_key_name":{"description":"Subject","type":"string"},"signature":{"description":"Subject","type":"string"},"public_key":{"description":"Subject","type":"string"}}}]}}}}]},"examples":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"137e43bd-79a6-4019-97a1-9f5a10360266","uri":"kylo:kylo:cckm:certificate:sfdc-cert-137e43bd-79a6-4019-97a1-9f5a10360266","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T01:28:09.3978Z","updatedAt":"2021-09-22T01:28:09.396535Z","organization_id":"f7d5c526-872f-451e-b119-634b376ac5ac","sfdc_organization_id":"00D030000008olxEAA","organization_name":"Sample Org","ca_signed":false,"keysize":4096,"version":3,"subject":"CN=sfdc_cert,OU=00D030000008olx,O=Salesforce.com,L=San Francisco,ST=CA,C=USA","signature_algorithm_name":"SHA256-RSA","serial_number":"30111193961490128631138561580454","subject_key_identifier":"4494f581699e9c7aef14f183289c0935df9a3f55","authority_key_identifier":"4494f581699e9c7aef14f183289c0935df9a3f55","subject_key":"30820222300d06092a864886f70d01010105000382020f003082020a028202010086d32e969ce4d595e2b07b6206061548d687b250b50f1cc8d89d32e2bcfd1aa77f65e9b8d0c08ffad11c9324230edf97243b91ac03d9414744e3a487e02e246ba809eda6d3010893fb9118ccdd0c5a658054014e3b688c66d332312277f130b92ac6aa35efed884250b9f93cb09fcb78d2b7cfbfe08de108084ef421db71ccb1f3a04ab27ab7db3ec63500e50225e5211d5cc4a84aeff74f24f0a44b365131302375747d07cab90c2ee6df48f09e21635143fc106750339e03b039e803fed3952ffe40469acb16ecdfa41139692fa7f400966e4f8de1842645714c4dbffd0d12e8c319ba0def960a5d1fae834ca8f2423dde28f2edd34b95fa8d147b4d89f0a28e1efc34500d85f7073ad07453141d6d54b63d2221e525b560abfd8816652a51d018c343d7f1afe535c2c6411d27a1d95745dab4e60cbff320cbe1eef1b4a5bb05c851802330158f302dee03fb6f4fd44f39f0a3d838ba8cf992459bf104608129026f346fc2b6062dd753547959dc1bf5b27abbd30ed76975213049f1de8ec085f09235b05bb5d9a29a079bf5c2d9d7d470c35f39ea76e1f61b2935ccad39785735341b8b8979bae5a7b43c531861a8cbb3dab5a369ed8ba9bb23cb94742bfa0bbb1a5ecf83dc547c4a48634c771b0e1d268d2ab23c51e3a2448cec1665270185e6beea387d55f278e150be8119f003606bc96340aa06252aa348cf27ea00890203010001","valid_to":"2023-09-22 12:00:00 +0000 UTC","issuer":"CN=sfdc_cert,OU=00D030000008olx,O=Salesforce.com,L=San Francisco,ST=CA,C=USA","valid_from":"2021-09-22 17:18:15 +0000 UTC","public_key_name":"30820222300d06092a864886f70d01010105000382020f003082020a028202010086d32e969ce4d595e2b07b6206061548d687b250b50f1cc8d89d32e2bcfd1aa77f65e9b8d0c08ffad11c9324230edf97243b91ac03d9414744e3a487e02e246ba809eda6d3010893fb9118ccdd0c5a658054014e3b688c66d332312277f130b92ac6aa35efed884250b9f93cb09fcb78d2b7cfbfe08de108084ef421db71ccb1f3a04ab27ab7db3ec63500e50225e5211d5cc4a84aeff74f24f0a44b365131302375747d07cab90c2ee6df48f09e21635143fc106750339e03b039e803fed3952ffe40469acb16ecdfa41139692fa7f400966e4f8de1842645714c4dbffd0d12e8c319ba0def960a5d1fae834ca8f2423dde28f2edd34b95fa8d147b4d89f0a28e1efc34500d85f7073ad07453141d6d54b63d2221e525b560abfd8816652a51d018c343d7f1afe535c2c6411d27a1d95745dab4e60cbff320cbe1eef1b4a5bb05c851802330158f302dee03fb6f4fd44f39f0a3d838ba8cf992459bf104608129026f346fc2b6062dd753547959dc1bf5b27abbd30ed76975213049f1de8ec085f09235b05bb5d9a29a079bf5c2d9d7d470c35f39ea76e1f61b2935ccad39785735341b8b8979bae5a7b43c531861a8cbb3dab5a369ed8ba9bb23cb94742bfa0bbb1a5ecf83dc547c4a48634c771b0e1d268d2ab23c51e3a2448cec1665270185e6beea387d55f278e150be8119f003606bc96340aa06252aa348cf27ea00890203010001","signature":"554ec2e14175b569b38a9a8a04f01dff34226365dafb8eca4ca98171dc04504fce37d9e7a3a7182bb2f64b05d2b0c4de64692c60a4cfbce564233e2966a168e1bd1b4561a87d398f6a1e213faa959c43b6ad614ffba65a401befae383071820868671cfc466db6cfa86f0e90b9395dce97ddce6c49e6544bd0768a0636d067ac20818458e519ae7a05cbf4ec653b9b4806ee2c226a9b259b5b65c8341a6b826849eccb0014f1501ab7dddbd8151732eef6f3440a0812b23121871963141a77d93786028cf032232674edb43b173f70487c56eab8bfb02246b973278f0f25f16453761690dda70a6083dcc9be587a6ab84e80e605a69dea7f3179a1bcf9f2fa221cd105d921c4ae64aa842f570f142d65dd6427fcd8dad28536f50a36db8afda9f630f75d6eab36909bade47a66fc6780e65de8c2cc2360ae2fec87ff122700c74736526dc947ade6220f5b70d81c993c7b47cb2c3c3b5b32fd08233b008f0f94b921e721eb84a0d3b6d0dcc1e7b69a6e75979738df83b165e80ff06e46fd1e3d0d73c8034947e5448fff63414bbdb428f0871ec8808d30e0f4fedfb2f6de9b0350f7741382b4194519e6bbb1f2864a47b6ef7c1cbb3e685405b17a5c3a5c0f434dc18804001147b31e99cdc58622cb1a8e37dd42534548b49fb3f72c5b580cbd55a86fc11e226859c1225c686169c8e5e8fa84360a0d9d58d38690d70af3666c","public_key":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAhtMulpzk1ZXisHtiBgYV\nSNaHslC1DxzI2J0y4rz9Gqd/Zem40MCP+tEckyQjDt+XJDuRrAPZQUdE46SH4C4k\na6gJ7abTAQiT+5EYzN0MWmWAVAFOO2iMZtMyMSJ38TC5KsaqNe/tiEJQufk8sJ/L\neNK3z7/gjeEICE70IdtxzLHzoEqyerfbPsY1AOUCJeUhHVzEqErv908k8KRLNlEx\nMCN1dH0HyrkMLubfSPCeIWNRQ/wQZ1AzngOwOegD/tOVL/5ARprLFuzfpBE5aS+n\n9ACWbk+N4YQmRXFMTb/9DRLowxm6De+WCl0froNMqPJCPd4o8u3TS5X6jRR7TYnw\noo4e/DRQDYX3BzrQdFMUHW1Utj0iIeUltWCr/YgWZSpR0BjDQ9fxr+U1wsZBHSeh\n2VdF2rTmDL/zIMvh7vG0pbsFyFGAIzAVjzAt7gP7b0/UTznwo9g4uoz5kkWb8QRg\ngSkCbzRvwrYGLddTVHlZ3Bv1snq70w7XaXUhMEnx3o7AhfCSNbBbtdmimgeb9cLZ\n19Rww1856nbh9hspNcytOXhXNTQbi4l5uuWntDxTGGGoy7PataNp7YupuyPLlHQr\n+gu7Gl7Pg9xUfEpIY0x3Gw4dJo0qsjxR46JEjOwWZScBhea+6jh9VfJ44VC+gRnw\nA2BryWNAqgYlKqNIzyfqAIkCAwEAAQ==\n-----END PUBLIC KEY-----\n","content":"-----BEGIN CERTIFICATE-----\nMIIGZDCCBEygAwIBAgIOAXwOg92jAAAAAF4MXaYwDQYJKoZIhvcNAQELBQAwejES\nMBAGA1UEAwwJc2ZkY19jZXJ0MRgwFgYDVQQLDA8wMEQwMzAwMDAwMDhvbHgxFzAV\nBgNVBAoMDlNhbGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQsw\nCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNBMB4XDTIxMDkyMjE3MTgxNVoXDTIzMDky\nMjEyMDAwMFowejESMBAGA1UEAwwJc2ZkY19jZXJ0MRgwFgYDVQQLDA8wMEQwMzAw\nMDAwMDhvbHgxFzAVBgNVBAoMDlNhbGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4g\nRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNBMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEAhtMulpzk1ZXisHtiBgYVSNaHslC1DxzI2J0y\n4rz9Gqd/Zem40MCP+tEckyQjDt+XJDuRrAPZQUdE46SH4C4ka6gJ7abTAQiT+5EY\nzN0MWmWAVAFOO2iMZtMyMSJ38TC5KsaqNe/tiEJQufk8sJ/LeNK3z7/gjeEICE70\nIdtxzLHzoEqyerfbPsY1AOUCJeUhHVzEqErv908k8KRLNlExMCN1dH0HyrkMLubf\nSPCeIWNRQ/wQZ1AzngOwOegD/tOVL/5ARprLFuzfpBE5aS+n9ACWbk+N4YQmRXFM\nTb/9DRLowxm6De+WCl0froNMqPJCPd4o8u3TS5X6jRR7TYnwoo4e/DRQDYX3BzrQ\ndFMUHW1Utj0iIeUltWCr/YgWZSpR0BjDQ9fxr+U1wsZBHSeh2VdF2rTmDL/zIMvh\n7vG0pbsFyFGAIzAVjzAt7gP7b0/UTznwo9g4uoz5kkWb8QRggSkCbzRvwrYGLddT\nVHlZ3Bv1snq70w7XaXUhMEnx3o7AhfCSNbBbtdmimgeb9cLZ19Rww1856nbh9hsp\nNcytOXhXNTQbi4l5uuWntDxTGGGoy7PataNp7YupuyPLlHQr+gu7Gl7Pg9xUfEpI\nY0x3Gw4dJo0qsjxR46JEjOwWZScBhea+6jh9VfJ44VC+gRnwA2BryWNAqgYlKqNI\nzyfqAIkCAwEAAaOB5zCB5DAdBgNVHQ4EFgQURJT1gWmenHrvFPGDKJwJNd+aP1Uw\nDwYDVR0TAQH/BAUwAwEB/zCBsQYDVR0jBIGpMIGmgBRElPWBaZ6ceu8U8YMonAk1\n35o/VaF+pHwwejESMBAGA1UEAwwJc2ZkY19jZXJ0MRgwFgYDVQQLDA8wMEQwMzAw\nMDAwMDhvbHgxFzAVBgNVBAoMDlNhbGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4g\nRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNBgg4BfA6D3aMAAAAA\nXgxdpjANBgkqhkiG9w0BAQsFAAOCAgEAVU7C4UF1tWmzipqKBPAd/zQiY2Xa+47K\nTKmBcdwEUE/ON9nno6cYK7L2SwXSsMTeZGksYKTPvOVkIz4pZqFo4b0bRWGofTmP\nah4hP6qVnEO2rWFP+6ZaQBvvrjgwcYIIaGcc/EZtts+obw6QuTldzpfdzmxJ5lRL\n0HaKBjbQZ6wggYRY5RmuegXL9OxlO5tIBu4sImqbJZtbZcg0GmuCaEnsywAU8VAa\nt93b2BUXMu7280QKCBKyMSGHGWMUGnfZN4YCjPAyIyZ07bQ7Fz9wSHxW6ri/sCJG\nuXMnjw8l8WRTdhaQ3acKYIPcyb5Yemq4ToDmBaad6n8xeaG8+fL6IhzRBdkhxK5k\nqoQvVw8ULWXdZCf82NrShTb1Cjbbiv2p9jD3XW6rNpCbreR6ZvxngOZd6MLMI2Cu\nL+yH/xInAMdHNlJtyUet5iIPW3DYHJk8e0fLLDw7WzL9CCM7AI8PlLkh5yHrhKDT\nttDcwee2mm51l5c434OxZegP8G5G/R49DXPIA0lH5USP/2NBS720KPCHHsiAjTDg\n9P7fsvbemwNQ93QTgrQZRRnmu7HyhkpHtu98HLs+aFQFsXpcOlwPQ03BiAQAEUez\nHpnNxYYiyxqON91CU0VItJ+z9yxbWAy9VahvwR4iaFnBIlxoYWnI5ej6hDYKDZ1Y\n04aQ1wrzZmw=\n-----END CERTIFICATE-----\n","master_label":"sfdc_cert","created_by_id":"0053h000000r5rKABQ","created_by_name":"John Doe","created_date":"2021-09-22T17:18:15Z","file_name":"certs/sfdc_cert.crt","full_name":"sfdc_cert","salesforce_id":"0P10300000000u0CBA","last_modified_by_id":"0053h000000r5rKABQ","last_modified_by_name":"John Doe","last_modified_date":"1970-01-01T00:00:00Z","type":"Certificate","name":"sfdc_cert"}]}}}}},"/v1/cckm/sfdc/certificates/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a Certificate with the given `id`.","tags":["CCKM/SFDC Cloud Certificates"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"137e43bd-79a6-4019-97a1-9f5a10360266","uri":"kylo:kylo:cckm:certificate:sfdc-cert-137e43bd-79a6-4019-97a1-9f5a10360266","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T01:28:09.3978Z","updatedAt":"2021-09-22T01:28:09.396535Z","organization_id":"f7d5c526-872f-451e-b119-634b376ac5ac","sfdc_organization_id":"00D030000008olxEAA","organization_name":"Sample Org","ca_signed":false,"keysize":4096,"version":3,"subject":"CN=sfdc_cert,OU=00D030000008olx,O=Salesforce.com,L=San Francisco,ST=CA,C=USA","signature_algorithm_name":"SHA256-RSA","serial_number":"30111193961490128631138561580454","subject_key_identifier":"4494f581699e9c7aef14f183289c0935df9a3f55","authority_key_identifier":"4494f581699e9c7aef14f183289c0935df9a3f55","subject_key":"30820222300d06092a864886f70d01010105000382020f003082020a028202010086d32e969ce4d595e2b07b6206061548d687b250b50f1cc8d89d32e2bcfd1aa77f65e9b8d0c08ffad11c9324230edf97243b91ac03d9414744e3a487e02e246ba809eda6d3010893fb9118ccdd0c5a658054014e3b688c66d332312277f130b92ac6aa35efed884250b9f93cb09fcb78d2b7cfbfe08de108084ef421db71ccb1f3a04ab27ab7db3ec63500e50225e5211d5cc4a84aeff74f24f0a44b365131302375747d07cab90c2ee6df48f09e21635143fc106750339e03b039e803fed3952ffe40469acb16ecdfa41139692fa7f400966e4f8de1842645714c4dbffd0d12e8c319ba0def960a5d1fae834ca8f2423dde28f2edd34b95fa8d147b4d89f0a28e1efc34500d85f7073ad07453141d6d54b63d2221e525b560abfd8816652a51d018c343d7f1afe535c2c6411d27a1d95745dab4e60cbff320cbe1eef1b4a5bb05c851802330158f302dee03fb6f4fd44f39f0a3d838ba8cf992459bf104608129026f346fc2b6062dd753547959dc1bf5b27abbd30ed76975213049f1de8ec085f09235b05bb5d9a29a079bf5c2d9d7d470c35f39ea76e1f61b2935ccad39785735341b8b8979bae5a7b43c531861a8cbb3dab5a369ed8ba9bb23cb94742bfa0bbb1a5ecf83dc547c4a48634c771b0e1d268d2ab23c51e3a2448cec1665270185e6beea387d55f278e150be8119f003606bc96340aa06252aa348cf27ea00890203010001","valid_to":"2023-09-22 12:00:00 +0000 UTC","issuer":"CN=sfdc_cert,OU=00D030000008olx,O=Salesforce.com,L=San Francisco,ST=CA,C=USA","valid_from":"2021-09-22 17:18:15 +0000 UTC","public_key_name":"30820222300d06092a864886f70d01010105000382020f003082020a028202010086d32e969ce4d595e2b07b6206061548d687b250b50f1cc8d89d32e2bcfd1aa77f65e9b8d0c08ffad11c9324230edf97243b91ac03d9414744e3a487e02e246ba809eda6d3010893fb9118ccdd0c5a658054014e3b688c66d332312277f130b92ac6aa35efed884250b9f93cb09fcb78d2b7cfbfe08de108084ef421db71ccb1f3a04ab27ab7db3ec63500e50225e5211d5cc4a84aeff74f24f0a44b365131302375747d07cab90c2ee6df48f09e21635143fc106750339e03b039e803fed3952ffe40469acb16ecdfa41139692fa7f400966e4f8de1842645714c4dbffd0d12e8c319ba0def960a5d1fae834ca8f2423dde28f2edd34b95fa8d147b4d89f0a28e1efc34500d85f7073ad07453141d6d54b63d2221e525b560abfd8816652a51d018c343d7f1afe535c2c6411d27a1d95745dab4e60cbff320cbe1eef1b4a5bb05c851802330158f302dee03fb6f4fd44f39f0a3d838ba8cf992459bf104608129026f346fc2b6062dd753547959dc1bf5b27abbd30ed76975213049f1de8ec085f09235b05bb5d9a29a079bf5c2d9d7d470c35f39ea76e1f61b2935ccad39785735341b8b8979bae5a7b43c531861a8cbb3dab5a369ed8ba9bb23cb94742bfa0bbb1a5ecf83dc547c4a48634c771b0e1d268d2ab23c51e3a2448cec1665270185e6beea387d55f278e150be8119f003606bc96340aa06252aa348cf27ea00890203010001","signature":"554ec2e14175b569b38a9a8a04f01dff34226365dafb8eca4ca98171dc04504fce37d9e7a3a7182bb2f64b05d2b0c4de64692c60a4cfbce564233e2966a168e1bd1b4561a87d398f6a1e213faa959c43b6ad614ffba65a401befae383071820868671cfc466db6cfa86f0e90b9395dce97ddce6c49e6544bd0768a0636d067ac20818458e519ae7a05cbf4ec653b9b4806ee2c226a9b259b5b65c8341a6b826849eccb0014f1501ab7dddbd8151732eef6f3440a0812b23121871963141a77d93786028cf032232674edb43b173f70487c56eab8bfb02246b973278f0f25f16453761690dda70a6083dcc9be587a6ab84e80e605a69dea7f3179a1bcf9f2fa221cd105d921c4ae64aa842f570f142d65dd6427fcd8dad28536f50a36db8afda9f630f75d6eab36909bade47a66fc6780e65de8c2cc2360ae2fec87ff122700c74736526dc947ade6220f5b70d81c993c7b47cb2c3c3b5b32fd08233b008f0f94b921e721eb84a0d3b6d0dcc1e7b69a6e75979738df83b165e80ff06e46fd1e3d0d73c8034947e5448fff63414bbdb428f0871ec8808d30e0f4fedfb2f6de9b0350f7741382b4194519e6bbb1f2864a47b6ef7c1cbb3e685405b17a5c3a5c0f434dc18804001147b31e99cdc58622cb1a8e37dd42534548b49fb3f72c5b580cbd55a86fc11e226859c1225c686169c8e5e8fa84360a0d9d58d38690d70af3666c","public_key":"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAhtMulpzk1ZXisHtiBgYV\nSNaHslC1DxzI2J0y4rz9Gqd/Zem40MCP+tEckyQjDt+XJDuRrAPZQUdE46SH4C4k\na6gJ7abTAQiT+5EYzN0MWmWAVAFOO2iMZtMyMSJ38TC5KsaqNe/tiEJQufk8sJ/L\neNK3z7/gjeEICE70IdtxzLHzoEqyerfbPsY1AOUCJeUhHVzEqErv908k8KRLNlEx\nMCN1dH0HyrkMLubfSPCeIWNRQ/wQZ1AzngOwOegD/tOVL/5ARprLFuzfpBE5aS+n\n9ACWbk+N4YQmRXFMTb/9DRLowxm6De+WCl0froNMqPJCPd4o8u3TS5X6jRR7TYnw\noo4e/DRQDYX3BzrQdFMUHW1Utj0iIeUltWCr/YgWZSpR0BjDQ9fxr+U1wsZBHSeh\n2VdF2rTmDL/zIMvh7vG0pbsFyFGAIzAVjzAt7gP7b0/UTznwo9g4uoz5kkWb8QRg\ngSkCbzRvwrYGLddTVHlZ3Bv1snq70w7XaXUhMEnx3o7AhfCSNbBbtdmimgeb9cLZ\n19Rww1856nbh9hspNcytOXhXNTQbi4l5uuWntDxTGGGoy7PataNp7YupuyPLlHQr\n+gu7Gl7Pg9xUfEpIY0x3Gw4dJo0qsjxR46JEjOwWZScBhea+6jh9VfJ44VC+gRnw\nA2BryWNAqgYlKqNIzyfqAIkCAwEAAQ==\n-----END PUBLIC KEY-----\n","content":"-----BEGIN CERTIFICATE-----\nMIIGZDCCBEygAwIBAgIOAXwOg92jAAAAAF4MXaYwDQYJKoZIhvcNAQELBQAwejES\nMBAGA1UEAwwJc2ZkY19jZXJ0MRgwFgYDVQQLDA8wMEQwMzAwMDAwMDhvbHgxFzAV\nBgNVBAoMDlNhbGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQsw\nCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNBMB4XDTIxMDkyMjE3MTgxNVoXDTIzMDky\nMjEyMDAwMFowejESMBAGA1UEAwwJc2ZkY19jZXJ0MRgwFgYDVQQLDA8wMEQwMzAw\nMDAwMDhvbHgxFzAVBgNVBAoMDlNhbGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4g\nRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNBMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEAhtMulpzk1ZXisHtiBgYVSNaHslC1DxzI2J0y\n4rz9Gqd/Zem40MCP+tEckyQjDt+XJDuRrAPZQUdE46SH4C4ka6gJ7abTAQiT+5EY\nzN0MWmWAVAFOO2iMZtMyMSJ38TC5KsaqNe/tiEJQufk8sJ/LeNK3z7/gjeEICE70\nIdtxzLHzoEqyerfbPsY1AOUCJeUhHVzEqErv908k8KRLNlExMCN1dH0HyrkMLubf\nSPCeIWNRQ/wQZ1AzngOwOegD/tOVL/5ARprLFuzfpBE5aS+n9ACWbk+N4YQmRXFM\nTb/9DRLowxm6De+WCl0froNMqPJCPd4o8u3TS5X6jRR7TYnwoo4e/DRQDYX3BzrQ\ndFMUHW1Utj0iIeUltWCr/YgWZSpR0BjDQ9fxr+U1wsZBHSeh2VdF2rTmDL/zIMvh\n7vG0pbsFyFGAIzAVjzAt7gP7b0/UTznwo9g4uoz5kkWb8QRggSkCbzRvwrYGLddT\nVHlZ3Bv1snq70w7XaXUhMEnx3o7AhfCSNbBbtdmimgeb9cLZ19Rww1856nbh9hsp\nNcytOXhXNTQbi4l5uuWntDxTGGGoy7PataNp7YupuyPLlHQr+gu7Gl7Pg9xUfEpI\nY0x3Gw4dJo0qsjxR46JEjOwWZScBhea+6jh9VfJ44VC+gRnwA2BryWNAqgYlKqNI\nzyfqAIkCAwEAAaOB5zCB5DAdBgNVHQ4EFgQURJT1gWmenHrvFPGDKJwJNd+aP1Uw\nDwYDVR0TAQH/BAUwAwEB/zCBsQYDVR0jBIGpMIGmgBRElPWBaZ6ceu8U8YMonAk1\n35o/VaF+pHwwejESMBAGA1UEAwwJc2ZkY19jZXJ0MRgwFgYDVQQLDA8wMEQwMzAw\nMDAwMDhvbHgxFzAVBgNVBAoMDlNhbGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4g\nRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNBgg4BfA6D3aMAAAAA\nXgxdpjANBgkqhkiG9w0BAQsFAAOCAgEAVU7C4UF1tWmzipqKBPAd/zQiY2Xa+47K\nTKmBcdwEUE/ON9nno6cYK7L2SwXSsMTeZGksYKTPvOVkIz4pZqFo4b0bRWGofTmP\nah4hP6qVnEO2rWFP+6ZaQBvvrjgwcYIIaGcc/EZtts+obw6QuTldzpfdzmxJ5lRL\n0HaKBjbQZ6wggYRY5RmuegXL9OxlO5tIBu4sImqbJZtbZcg0GmuCaEnsywAU8VAa\nt93b2BUXMu7280QKCBKyMSGHGWMUGnfZN4YCjPAyIyZ07bQ7Fz9wSHxW6ri/sCJG\nuXMnjw8l8WRTdhaQ3acKYIPcyb5Yemq4ToDmBaad6n8xeaG8+fL6IhzRBdkhxK5k\nqoQvVw8ULWXdZCf82NrShTb1Cjbbiv2p9jD3XW6rNpCbreR6ZvxngOZd6MLMI2Cu\nL+yH/xInAMdHNlJtyUet5iIPW3DYHJk8e0fLLDw7WzL9CCM7AI8PlLkh5yHrhKDT\nttDcwee2mm51l5c434OxZegP8G5G/R49DXPIA0lH5USP/2NBS720KPCHHsiAjTDg\n9P7fsvbemwNQ93QTgrQZRRnmu7HyhkpHtu98HLs+aFQFsXpcOlwPQ03BiAQAEUez\nHpnNxYYiyxqON91CU0VItJ+z9yxbWAy9VahvwR4iaFnBIlxoYWnI5ej6hDYKDZ1Y\n04aQ1wrzZmw=\n-----END CERTIFICATE-----\n","master_label":"sfdc_cert","created_by_id":"0053h000000r5rKABQ","created_by_name":"John Doe","created_date":"2021-09-22T17:18:15Z","file_name":"certs/sfdc_cert.crt","full_name":"sfdc_cert","salesforce_id":"0P10300000000u0CBA","last_modified_by_id":"0053h000000r5rKABQ","last_modified_by_name":"John Doe","last_modified_date":"1970-01-01T00:00:00Z","type":"Certificate","name":"sfdc_cert"}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Certificate will be deleted.","tags":["CCKM/SFDC Cloud Certificates"],"responses":{"204":{"description":"Certificate deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/certificates/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronize sfdc certificates\n","tags":["CCKM/SFDC Cloud Certificates"],"parameters":[{"name":"body","in":"body","description":"Synchronize certificates of the given sfdc organizations","schema":{"type":"object","title":"Synchronize certificates","properties":{"organization_ids":{"type":"array","description":"Organization resource IDs from which certificates will be synchronized. synchronize_all and organization_ids are mutually exclusive. When synchronize_all is set to true, don't specify any organization IDs. If synchronize_all is set to false or not specified, at least one valid organization ID has to be specified."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all certificates from all organizations. synchronize_all and organizations are mutually exclusive. Specify either the synchronize_all or organizations. synchronize_all and organization_ids are mutually exclusive. When synchronize_all is set to true, don't specify any organization IDs. If synchronize_all is set to false or not specified, at least one valid organization ID has to be specified."}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"686f862f-e7b0-4298-807e-690c71c3161d","uri":"kylo:kylo:cckm:certificate-synchronization-job:686f862f-e7b0-4298-807e-690c71c3161d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T01:35:57.186883Z","updatedAt":"2021-09-22T01:35:57.185063Z","synchronize_all":true,"overall_status":"in_progress","cloud":"sfdc","abort":false,"organization_ids":["f7d5c526-872f-451e-b119-634b376ac5ac"],"organization_names":["Sample Org"],"detailed_status":{}}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns a list of updated synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/SFDC Cloud Certificates"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by synchronization overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"organization_ids","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results of synchronization by organizations."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"686f862f-e7b0-4298-807e-690c71c3161d","uri":"kylo:kylo:cckm:certificate-synchronization-job:686f862f-e7b0-4298-807e-690c71c3161d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T01:35:57.186883Z","updatedAt":"2021-09-22T01:35:59.306393Z","synchronize_all":true,"overall_status":"completed","cloud":"sfdc","abort":false,"organization_ids":["f7d5c526-872f-451e-b119-634b376ac5ac"],"organization_names":["Sample Org"],"detailed_status":{"f7d5c526-872f-451e-b119-634b376ac5ac":"completed"}}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/certificates/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a synchronization process with the given id.","tags":["CCKM/SFDC Cloud Certificates"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"686f862f-e7b0-4298-807e-690c71c3161d","uri":"kylo:kylo:cckm:certificate-synchronization-job:686f862f-e7b0-4298-807e-690c71c3161d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T01:35:57.186883Z","updatedAt":"2021-09-22T01:35:59.306393Z","synchronize_all":true,"overall_status":"completed","cloud":"sfdc","abort":false,"organization_ids":["f7d5c526-872f-451e-b119-634b376ac5ac"],"organization_names":["Sample Org"],"detailed_status":{"f7d5c526-872f-451e-b119-634b376ac5ac":"completed"}}}}}}},"/v1/cckm/sfdc/certificates/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels the synchronization job\n","tags":["CCKM/SFDC Cloud Certificates"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"686f862f-e7b0-4298-807e-690c71c3161d","uri":"kylo:kylo:cckm:certificate-synchronization-job:686f862f-e7b0-4298-807e-690c71c3161d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T01:35:57.186883Z","updatedAt":"2021-09-22T01:35:59.306393Z","synchronize_all":true,"overall_status":"in_progress","cloud":"sfdc","abort":true,"organization_ids":["f7d5c526-872f-451e-b119-634b376ac5ac"],"organization_names":["Sample Org"],"detailed_status":{"f7d5c526-872f-451e-b119-634b376ac5ac":"in_progress"}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create a SFDC key. Specify the following details.\n- Resource ID of the Salesforce organization where the key will be created.\n- Type of the SFDC key. The type can be Data, EventBus, SearchIndex, DeterministicData, and Analytics.\n","tags":["CCKM/SFDC Tenant Secret"],"parameters":[{"name":"body","in":"body","description":"SFDC create key parameters.","schema":{"type":"object","description":"Add SFDC key.","required":["organization_id","type"],"properties":{"organization_id":{"type":"string","description":"Resource ID of the Salesforce organization where the key will be created."},"type":{"type":"string","description":"Type of the SFDC key. The type can be","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]}},"example":{"organization_id":"a2c9f01e-48fd-4a82-bf40-918e581b3456","type":"Data"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"7aae293d-d892-4275-8102-b3a1bdb25051","uri":"kylo:kylo:cckm:Tenant_Secret:7aae293d-d892-4275-8102-b3a1bdb25051","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-16T10:33:54.8214788Z","updatedAt":"2021-07-16T10:33:54.817931968Z","cloud_name":"sfdc","name":"Salesforce Data","organization_id":"a2c9f01e-48fd-4a82-bf40-918e581b3456","error_msg":"","sfdc_params":{"SalesforceID":"02G191234569UdzEAE","CreatedDate":"2021-10-01T09:07:39.000+0000","CreatedById":"SFDC User","LastModifiedDate":"2021-10-01T09:07:39.000+0000","LastModifiedById":"0053h012340r5rKAAQ","SystemModstamp":"2021-10-01T09:07:39.000+0000","Version":228,"Status":"ACTIVE","Source":"HSM","Type":"Data","RemoteKeyCertificate":"","RemoteKeyServiceID":"","RemoteKeyIdentifier":""},"backup_key_id":"a0043cbd4d1a4163a20272c77bf0fe21b0c1e586139c409f99b22d54b12bd7ee","backup_key_name":"00DB000000040bIMAQ:Data:2166:02GB0000000HYhZMAW","backup_key_tier":"local","sfdc_org_id":"00DB000000012ABCDE","auto_rotate":false,"origin":"native"}}}},"get":{"summary":"List","description":"Returns a list of SFDC keys. The results can be filtered using the query parameters.","tags":["CCKM/SFDC Tenant Secret"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the result based named credential ID"},{"name":"organization_id","in":"query","type":"string","description":"Filter the results by organization's resource ID.","collectionFormat":"multi"},{"name":"organization_type","in":"query","type":"string","description":"Filter the results by organization type. It can be one of the following - Regular, Sandbox.","collectionFormat":"multi"},{"name":"status","in":"query","type":"string","description":"Filter the results by status of key. The status can be ACTIVE, ARCHIVED, DESTROYED","collectionFormat":"multi"},{"name":"source","in":"query","type":"string","description":"Filter the results source of key.\nIt can be one of the following -\nUPLOADED ( for BYOK key), REMOTE ( for cache only key), HSM (for native key).\n","collectionFormat":"multi"},{"name":"type","in":"query","type":"string","description":"Filter the results on type of key. It can be one of the following:\n- Data, EventBus, SearchIndex, DeterministicData, Analytics\n","collectionFormat":"multi"},{"name":"backup_key_tier","in":"query","type":"string","description":"Filter the results on backup_key_tier.","collectionFormat":"multi"},{"name":"origin","in":"query","type":"string","description":"Filter the results on origin. The origin can be native, cckm, EXTERNAL(UNKNOWN).","collectionFormat":"multi"},{"name":"version","in":"query","type":"integer","description":"Filter the results on version of key.","collectionFormat":"multi"},{"name":"sfdc_org_id","in":"query","type":"string","description":"Filter the results on SFDC organization ID.","collectionFormat":"multi"},{"name":"sfdc_org_name","in":"query","type":"string","description":"Filter the results on SFDC organization Name.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"},"name":{"description":"Tenant secret name.","type":"string"},"sfdcOrganizationId":{"type":"string","description":"SFDC Organization ID this resource should belong to."},"cloudName":{"description":"Cloud Name","type":"string"},"organizationId":{"type":"string","description":"Organization ID this resource should belong to."},"certificateId":{"type":"string","description":"Certificate ID whose public key to be used to encrypt tenant secret."},"keyType":{"description":"Type of Tenant Secret. Options are byok and cache-only. Default is byok.","type":"string"},"source_key_tier":{"description":"Source key tier. Options are local and dsm. Default is local.","type":"string"},"errorMsg":{"description":"Error Message.","type":"string"},"sfdcParams":{"description":"SFDC related params","type":"object","properties":{"createdById":{"description":"ID of the created User","type":"string"},"lastModifiedDate":{"description":"Last Modified Date","type":"string","format":"date-time"},"systemModStamp":{"description":"System Modified TIme stamp","type":"string","format":"date-time"},"version":{"description":"version","type":"integer"},"status":{"description":"Status of the Tenant secret","type":"string"},"source":{"description":"Source of the Tenant secret","type":"string"},"type":{"description":"Data Type of Tenant secret","type":"string"},"remoteKeyCertificate":{"description":"Certificate whose public key to be used to encrypt tenant secret","type":"string"},"remoteKeyServiceId":{"description":"SFDC Named credential ID for this tenant secret","type":"string"},"remoteKeyIdentifier":{"description":"cache-only key identifier.","type":"string"}}},"tenantSecretBackup":{"description":"Backup params details","type":"object","properties":{"backupKeyName":{"description":"Backup Key Name.","type":"string"},"backupKeyTier":{"description":"Backup Key Source.","type":"string"}}},"keyUploadParams":{"description":"Upload params details","type":"object","properties":{"sourceKeyTier":{"description":"Source key tier. Options are local and dsm. Default is local.","type":"string"},"sourceKeyId":{"description":"Source key ID.","type":"string"},"sourceKeyName":{"description":"Source Key Name.","type":"string"}}}}}]}}}}]},"examples":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"7aae293d-d892-4275-8102-b3a1bdb25051","uri":"kylo:kylo:cckm:Tenant_Secret:7aae293d-d892-4275-8102-b3a1bdb25051","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-16T10:33:54.8214788Z","updatedAt":"2021-07-16T10:33:54.817931968Z","cloud_name":"sfdc","name":"Salesforce Data","organization_id":"a2c9f01e-48fd-4a82-bf40-918e581b3456","error_msg":"","sfdc_params":{"SalesforceID":"02G191234569UdzEAE","CreatedDate":"2021-10-01T09:07:39.000+0000","CreatedById":"SFDC User","LastModifiedDate":"2021-10-01T09:07:39.000+0000","LastModifiedById":"0053h012340r5rKAAQ","SystemModstamp":"2021-10-01T09:07:39.000+0000","Version":228,"Status":"ACTIVE","Source":"HSM","Type":"Data","RemoteKeyCertificate":"","RemoteKeyServiceID":"","RemoteKeyIdentifier":""},"backup_key_id":"a0043cbd4d1a4163a20272c77bf0fe21b0c1e586139c409f99b22d54b12bd7ee","backup_key_name":"00DB000000040bIMAQ:Data:2166:02GB0000000HYhZMAW","backup_key_tier":"local","sfdc_org_id":"00DB000000012ABCDE","auto_rotate":false,"origin":"native"}]}}}}},"/v1/cckm/sfdc/upload-cache-only-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload SFDC Cache-only Key.","description":"Upload a SFDC Cache-only Key.","tags":["CCKM/SFDC Tenant Secret"],"parameters":[{"name":"body","in":"body","description":"SFDC upload cache-only key parameters.","schema":{"type":"object","description":"Upload SFDC tenant cache-only key.","required":["organization_id","type","source_key_tier","source_key_identifier","certificate_id","sfdc_named_credential_id"],"properties":{"organization_id":{"type":"string","title":"SFDC organization ID.","description":"organization_id of the SFDC organization where tenant secret will be created."},"type":{"type":"string","title":"Type of tenant secret requested for creation","description":"Type of tenant secret requested for creation and have only these values - Data - EventBus - SearchIndex - DeterministicData - Analytics"},"source_key_tier":{"type":"string","description":"Key source from where the key will be uploaded.Default is local.","enum":["local for the CipherTrust Manager (CM)","dsm for Data Security Manager (DSM)","hsm-luna for Luna HSM -Tech Preview"]},"source_key_identifier":{"type":"string","description":"Source key identifier."},"certificate_id":{"type":"string","description":"certificate id whose public key to be used to encrypt tenant secret.\nCertificate has to be BYOK-compatible.\n(Ensure that certificate is 4096-bit key size RSA certificate with Platform Encryption enabled,\nand without Exportable Private Key option.)\n"},"sfdc_named_credential_id":{"type":"string","description":"sfdc named credential id. Required for cache-only key."}},"example":{"organization_id":"03b24ef3-0078-4dbb-9444-a4242f99abcd","type":"Data","source_key_tier":"local","source_key_identifier":"03b24ef3-0078-4dbb-9444-a4242f992d69","certificate_id":"85d546eb-7d94-4016-b426-da22890ee8ff","sfdc_named_credential_id":"0XAB0000000KyuvOAC"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"a2c9f01e-48fd-4a82-bf40-918e581b3255","uri":"kylo:kylo:cckm:Tenant_Secret:a2c9f01e-48fd-4a82-bf40-918e581b3255","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-03T20:32:31.526936169Z","updatedAt":"2021-07-03T20:32:31.524915269Z","cloud_name":"sfdc","name":"00DB000000030cINBQ-Data","organization_id":"03b24ef3-0078-4dbb-9444-a4242f99abcd","error_msg":"","sfdc_params":{"SalesforceID":"01GB0000000UAK9MAO","CreatedById":"005B00000021BO4IAM","LastModifiedDate":"2021-07-03T20:32:31.000+0000","LastModifiedById":"005B00000021BO4IAM","SystemModstamp":"2021-07-03T20:32:31.000+0000","SecretValueHash":"UNKNOWM=","version":2112,"status":"ACTIVE","source":"REMOTE","SecretValueCertificate":"IsaTest","type":"Data","RemoteKeyCertificate":"cert1","RemoteKeyServiceID":"0XAB0000000KyuvOAC","RemoteKeyIdentifier":"a2c9f01e-48fd-4a82-bf40-918e581b3255"},"source_key_identifier":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","source_key_tier":"local","sfdc_org_id":"00DB000000012ABCDE","auto_rotate":false,"origin":"cckm"}}}}},"/v1/cckm/sfdc/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a SFDC key with the given `id`.","tags":["CCKM/SFDC Tenant Secret"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"7aae293d-d892-4275-8102-b3a1bdb25051","uri":"kylo:kylo:cckm:Tenant_Secret:7aae293d-d892-4275-8102-b3a1bdb25051","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-16T10:33:54.8214788Z","updatedAt":"2021-07-16T10:33:54.817931968Z","cloud_name":"sfdc","name":"Salesforce Data","organization_id":"a2c9f01e-48fd-4a82-bf40-918e581b3456","error_msg":"","sfdc_params":{"SalesforceID":"02G191234569UdzEAE","CreatedDate":"2021-10-01T09:07:39.000+0000","CreatedById":"SFDC User","LastModifiedDate":"2021-10-01T09:07:39.000+0000","LastModifiedById":"0053h012340r5rKAAQ","SystemModstamp":"2021-10-01T09:07:39.000+0000","Version":228,"Status":"ACTIVE","Source":"HSM","Type":"Data","RemoteKeyCertificate":"","RemoteKeyServiceID":"","RemoteKeyIdentifier":""},"backup_key_id":"a0043cbd4d1a4163a20272c77bf0fe21b0c1e586139c409f99b22d54b12bd7ee","backup_key_name":"00DB000000040bIMAQ:Data:2166:02GB0000000HYhZMAW","backup_key_tier":"local","sfdc_org_id":"00DB000000012ABCDE","auto_rotate":false,"origin":"native"}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update Cache-only Key. Not applicable for SFDC BYOK Tenant secret\n","tags":["CCKM/SFDC Tenant Secret"],"parameters":[{"name":"body","in":"body","description":"Update cache-only key parameters","schema":{"type":"object","title":"Update cache-only key.","properties":{"certificate_id":{"type":"string","description":"certificate id whose public key to be used to encrypt cache-only key."},"sfdc_named_credential_id":{"type":"string","description":"sfdc named credential id."}},"example":{"sfdc_named_credential_id":"00DB000000040bIMAQ","certificate_id":"a2c9f01e-48fd-4a82-bf40-918e581b3255"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"a2c9f01e-48fd-4a82-bf40-918e581b3255","uri":"kylo:kylo:cckm:Tenant_Secret:a2c9f01e-48fd-4a82-bf40-918e581b3255","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-03T20:32:31.526936169Z","updatedAt":"2021-07-03T20:32:31.524915269Z","cloud_name":"sfdc","name":"IsaTS","organization_id":"a2c9f01e-48fd-4a82-bf40-918e581b3434","certificate_id":"04f63144-940c-4c4f-8426-333333333333","key_type":"cache-only","error_msg":"","sfdc_params":{"created_by_id":"005B00000021BO4IAM","last_modified_date":"2021-07-03T20:32:31.000+0000","last_modified_by_id":"005B00000021BO4IAM","system_modstamp":"2021-07-03T20:32:31.000+0000","version":2112,"status":"ACTIVE","source":"REMOTE","type":"Data","remote_key_certificate":"cert1","remote_key_service_id":"00DB000000040bIMAQ","remote_key_identifier":"04f63144-940c-4c4f-8426-1917b54e0c33"},"source_key_tier":"local","source_key_id":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","source_key_name":"sfdc_key1"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/keys/{id}/destroy":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Destroy a SFDC key.","description":"It is used to destroy an ARCHIVED SFDC key. The status of the key changes from ARCHIVED to DESTROYED.","tags":["CCKM/SFDC Tenant Secret"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"7aae293d-d892-4275-8102-b3a1bdb25051","uri":"kylo:kylo:cckm:Tenant_Secret:7aae293d-d892-4275-8102-b3a1bdb25051","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-16T10:33:54.8214788Z","updatedAt":"2021-07-16T10:33:54.817931968Z","cloud_name":"sfdc","name":"Salesforce Data","organization_id":"a2c9f01e-48fd-4a82-bf40-918e581b3456","error_msg":"","sfdc_params":{"SalesforceID":"02G191234569UdzEAE","CreatedDate":"2021-10-01T09:07:39.000+0000","CreatedById":"SFDC User","LastModifiedDate":"2021-10-01T09:07:39.000+0000","LastModifiedById":"0053h012340r5rKAAQ","SystemModstamp":"2021-10-01T09:07:39.000+0000","Version":228,"Status":"DESTROYED","Source":"HSM","Type":"Data","RemoteKeyCertificate":"","RemoteKeyServiceID":"","RemoteKeyIdentifier":""},"backup_key_id":"a0043cbd4d1a4163a20272c77bf0fe21b0c1e586139c409f99b22d54b12bd7ee","backup_key_name":"00DB000000040bIMAQ:Data:2166:02GB0000000HYhZMAW","backup_key_tier":"local","sfdc_org_id":"00DB000000012ABCDE","auto_rotate":false,"origin":"native"}}}}},"/v1/cckm/sfdc/keys/{id}/import":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Import","description":"It is used to import a destroyed SFDC key. Only a secret with the status DESTROYED can be imported.\n\nThe status of the key changes from DESTROYED to ARCHIVED.\n","tags":["CCKM/SFDC Tenant Secret"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"7aae293d-d892-4275-8102-b3a1bdb25051","uri":"kylo:kylo:cckm:Tenant_Secret:7aae293d-d892-4275-8102-b3a1bdb25051","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-16T10:33:54.8214788Z","updatedAt":"2021-07-16T10:33:54.817931968Z","cloud_name":"sfdc","name":"Salesforce Data","organization_id":"a2c9f01e-48fd-4a82-bf40-918e581b3456","error_msg":"","sfdc_params":{"SalesforceID":"02G191234569UdzEAE","CreatedDate":"2021-10-01T09:07:39.000+0000","CreatedById":"SFDC User","LastModifiedDate":"2021-10-01T09:07:39.000+0000","LastModifiedById":"0053h012340r5rKAAQ","SystemModstamp":"2021-10-01T09:07:39.000+0000","Version":228,"Status":"ARCHIVED","Source":"HSM","Type":"Data","RemoteKeyCertificate":"","RemoteKeyServiceID":"","RemoteKeyIdentifier":""},"backup_key_id":"a0043cbd4d1a4163a20272c77bf0fe21b0c1e586139c409f99b22d54b12bd7ee","backup_key_name":"00DB000000040bIMAQ:Data:2166:02GB0000000HYhZMAW","backup_key_tier":"local","sfdc_org_id":"00DB000000012ABCDE","auto_rotate":false,"origin":"native"}}}}},"/v1/cckm/sfdc/keys/{id}/activate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Activate Cache-only key","description":"Activate Cache-only key.","tags":["CCKM/SFDC Tenant Secret"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"a2c9f01e-48fd-4a82-bf40-918e581b3255","uri":"kylo:kylo:cckm:Tenant_Secret:a2c9f01e-48fd-4a82-bf40-918e581b3255","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-03T20:32:31.526936169Z","updatedAt":"2021-07-03T20:32:31.524915269Z","cloud_name":"sfdc","name":"IsaTS","organization_id":"a2c9f01e-48fd-4a82-bf40-918e581b2345","certificate_id":"04f63144-940c-4c4f-8426-333333333333","key_type":"cache-only","error_msg":"","sfdc_params":{"created_by_id":"005B00000021BO4IAM","last_modified_date":"2021-07-03T20:32:31.000+0000","last_modified_by_id":"005B00000021BO4IAM","system_modstamp":"2021-07-03T20:32:31.000+0000","version":2112,"status":"ACTIVE","source":"REMOTE","type":"Data","remote_key_certificate":"cert1","remote_key_service_id":"00DB000000040bIMAQ","remote_key_identifier":"04f63144-940c-4c4f-8426-1917b54e0c33"},"source_key_tier":"local","source_key_id":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","source_key_name":"sfdc_key1"}}}}},"/v1/cckm/sfdc/keys/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronize SFDC keys\n","tags":["CCKM/SFDC Tenant Secret"],"parameters":[{"name":"body","in":"body","description":"Synchronize keys of the given sfdc organizations","schema":{"type":"object","title":"Synchronize keys","properties":{"organization_ids":{"type":"array","items":{"type":"string"},"description":"ID of the organization from which keys will be synchronized. Provide resource ID of the Salesforce organization."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all organizations. synchronize_all and organizations are mutually exclusive. Specify either the synchronize_all or organizations."}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"sfdc","organizations":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d","00RT000000060vKLOP"],"abort":false}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns a list of updated synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/SFDC Tenant Secret"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by synchronization overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"organizations","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results of synchronization by organizations."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:49:49.658814Z","overall_status":"in progress","detailed_status":{"northcentralus/vault-1::742f9921-2d91-41fc-97fc-e98ad007f081":"in progress"},"cloud":"sfdc","organizations":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/keys/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a synchronization process with the given id.","tags":["CCKM/SFDC Tenant Secret"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:50:01.676264Z","overall_status":"in progress","detailed_status":{"sfdc1::742f9921-2d91-41fc-97fc-e98ad007f081":"in progress"},"cloud":"sfdc","organizations":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}}}}}},"/v1/cckm/sfdc/keys/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels the synchronization job\n","tags":["CCKM/SFDC Tenant Secret"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:50:08.968859976Z","overall_status":"in progress","detailed_status":{"sfdc1::742f9921-2d91-41fc-97fc-e98ad007f081":"in progress"},"cloud":"sfdc","organizations":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/endpoints/{endpoint_id}/keys/{id}":{"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","security":[{"basicAuth":[]}],"description":"Callout/Fetch the cache-only key for the given id from the corresponding given organization id.","tags":["CCKM/SFDC Tenant Secret"],"parameters":[{"name":"endpoint_id","in":"path","type":"string","required":true,"description":"endpoint id from which the given cache-only key Id will be fetched."},{"name":"id","in":"path","type":"string","required":true,"description":"cache-only key Id."},{"name":"requestId","in":"query","type":"string","description":"request Id sent when replay detection is enabled."}],"responses":{"200":{"description":"OK","examples":{"application/json":{"kid":"982c375b-f46b-4423-8c2d-4d1a69152a0b","jwe":"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00iLCJraWQiOiI5ODJjMzc1Yi1mNDZiLTQ0MjMtOGMyZC00ZDFhNjkxNTJhMGIifQ.l92QA-R7b6Gtjo0tG4GlylJti1-Pf-519YpStYOp28YToMxgUxPmx4NR_myvfT24oBCWkh6hy_dqAL7JlVO449EglAB_i9GRdyVbTKnJQ1OiVKwWUQaZ9jVNxFFUYTWWZ-sVK4pUw0B3lHwWBfpMsl4jf0exP5-5amiTZ5oP0rkW99ugLWJ_7XlyTuMIA6VTLSpL0YqChH1wQjo12TQaWG_tiTwL1SgRd3YohuMVlmCdEmR2TfwTvryLPx4KbFK3Pv5ZSpSIyreFTh12DPpmhLEAVhCBZxR4-HMnZySSs4QorWagOaT8XPjPv46m8mUATZSD4hab8v3Mq4H33CmwngZCJXX-sDHuax2JUejxNC8HT5p6sa_I2gQFMlBC2Sd4yBKyjlDQKcSslCVav4buG8hkOJXY69iW_zhztV3DoJJ90l-EvkMoHpw1llU9lFhJMUQRvvocfghs2kzy5QC8QQt4t4Wu3p7IvzeneL5I81QjQlDJmZhbLLorFHgcAs9_FMwnFYFrgsHP1_v3Iqy7zJJc60fCfDaxAF8Txj_LOeOMkCFl-9PwrULWyRTLMI7CdZIm7jb8v9ALxCmDgqUi1yvEeBJhgMLezAWtxvGGkejc0BdsbWaPFXlI3Uj7C-Mw8LcmpSLKZyEnhj2x-3Vfv5hIVauC6ja1B6Z_UcqXKOc.N2WVMbpAxipAtG9O.63wRVVKX0ZOxu8cKqN1kqN-7EDa_mnmk32DinS_zFo4.HC7Ev5lmsbTgwyGpeGH5Rw"}}},"401":{"description":"Unauthorized."},"403":{"description":"Forbidden."},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/keys/upload":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Uploads a SFDC key from source key. Specify the following details.\n- ID of the certificate whose public key will be used to encrypt the key.\n- Key derivation mode for the key. The options are PBKDF2 and NONE.\n- ID of the Salesforce organization where the key will be created.\n- Source key tier.\n- Source Key Identifier of the key to be uploaded from a key source.\n- Type of the SFDC key. The type can be Data, EventBus, SearchIndex, DeterministicData, and Analytics.\n","tags":["CCKM/SFDC Tenant Secret"],"parameters":[{"name":"body","in":"body","description":"SFDC upload key parameters.","schema":{"type":"object","description":"Upload SFDC key using a source key.","required":["organization_id","source_key_tier","source_key_identifier","type","key_derivation_mode","certificate_id"],"properties":{"organization_id":{"type":"string","description":"Resource ID of the Salesforce organization where the key will be created."},"type":{"type":"string","description":"Type of the SFDC key. The type can be","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"source_key_tier":{"type":"string","description":"Key source from where the key will be uploaded.Default is local.","enum":["local for the CipherTrust Manager (CM)","dsm for Data Security Manager (DSM)","hsm-luna for Luna HSM -Tech Preview"]},"certificate_id":{"type":"string","description":"ID of the certificate whose public key will be used to encrypt the key."},"source_key_identifier":{"type":"string","description":"ID of the source key that will be uploaded to the Salesforce cloud."},"key_derivation_mode":{"type":"string","description":"Key derivation mode for the key. The options are PBKDF2 or NONE."}},"example":{"organization_id":"0bc63e58-7054-44c0-a946-e4ffec04b145","type":"Data","source_key_tier":"local","source_key_identifier":"123","certificate_id":"123","key_derivation_mode":"PBKDF2"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"byok response":{"id":"a2c9f01e-48fd-4a82-bf40-918e581b3255","uri":"kylo:kylo:cckm:Tenant_Secret:a2c9f01e-48fd-4a82-bf40-918e581b3255","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-03T20:32:31.526936169Z","updatedAt":"2021-07-03T20:32:31.524915269Z","cloud_name":"sfdc","name":"IsaTS","organization_id":"0bc63e58-7054-44c0-a946-e4ffec04b145","key_type":"byok","error_msg":"","sfdc_params":{"salesforce_id":"02GB0000000HYQOMA4","created_by_id":"005B00000021BO4IAM","last_modified_date":"2021-07-03T20:32:31.000+0000","last_modified_by_id":"005B00000021BO4IAM","system_modstamp":"2021-07-03T20:32:31.000+0000","secret_value_hash":"UNKNOWM=","secret_value":"CgMyMzISEK021JIPS7SkAxiHU9zDyqIaMNASJMB5cRR6oGnhj2+6zZkXMAVAtpsb7IFI6jjrhh1a9CIBgAuUlTzR4AtiIuKEig==","version":2112,"status":"ACTIVE","source":"HSM","type":"Data"},"tenant_secret_backup":{"backup_key_name":"00DB000000040bIMAQ:Data:2112:02GB0000000HYQOMA4","backup_key_tier":"local"},"key_upload_params":{"source_key_tier":"local","source_key_id":"626fdff442284cf1ad4b9030c21bfcddb2004e1cfd2b420da7c33d7f50e78c91","source_key_name":"sfdc_key1"}}}}}}},"/v1/cckm/sfdc/keys/{id}/delete-backup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Delete Backup","description":"Delete a Salesforce tenant backup from CCKM.","tags":["CCKM/SFDC Tenant Secret"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"2cf88f46-441b-40e2-bc2c-1633f7e4ff4c","uri":"kylo:kylo:cckm:Tenant_Secret:2cf88f46-441b-40e2-bc2c-1633f7e4ff4c","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-25T04:31:20.32725Z","updatedAt":"2021-08-25T05:24:04.200853337Z","cloud_name":"sfdc","name":"12345678901ABCDEFG-DeterministicData","organization_id":"ce0ffe4b-fbda-4e87-88af-4b9b4e6484f9","error_msg":"","sfdc_params":{"SalesforceID":"02G190000009TlEEAU","CreatedDate":"2021-08-19T14:46:44.000+0000","CreatedById":"0053h000000r5rKAAQ","LastModifiedDate":"2021-08-19T16:34:26.000+0000","LastModifiedById":"0053h000000r5rKAAQ","SystemModstamp":"2021-08-19T16:34:26.000+0000","Version":20,"Status":"DESTROYED","Source":"HSM","Type":"DeterministicData","RemoteKeyCertificate":"","RemoteKeyServiceID":"","RemoteKeyIdentifier":""},"sfdc_org_id":"00DB000000012ABCDE","auto_rotate":false,"origin":"native"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/reports":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate a report","description":"Generate a report. Specify the following details.\n- Start time\n- End time\n- SFDC Cloud Param\n- Name\n","tags":["CCKM/SFDC Cloud Reports"],"parameters":[{"name":"body","in":"body","description":"Generate a report.","schema":{"type":"object","title":"Get Key Activity Report.","required":["sfdc_cloud_param","name","report_type"],"properties":{"name":{"type":"string","description":"Name of your report."},"start_time":{"type":"string","description":"Start time from where report to be generated. (Default start_time is end_time-24hrs)."},"end_time":{"type":"string","description":"End time for reports. (Default end_time is the time when you initiate the call)."},"report_type":{"type":"string","description":"Type of report to be generated.","enum":["key-report"]},"sfdc_cloud_param":{"type":"object","description":"SFDC Cloud parameter.","required":["organization"],"properties":{"organization":{"type":"string","description":"ID of the Salesforce organization or resource ID of the organization."}}}},"example":{"start_time":"2021-08-11T06:37:07+00:00","end_time":"2021-08-15T06:37:07+00:00","name":"report-name","report_type":"key-report","sfdc_cloud_param":{"organization":"f6367429-25dc-40aa-aae6-b3aa1bbe3b31"}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"cccab40c-58c9-4c69-8951-a1af9f1ee17c","uri":"kylo:kylo:cckm:reports:report-name8","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-08-16T13:16:10.270086163Z","name":"report-name","updatedAt":"2021-08-16T13:16:10.290677621Z","overall_status":"in_progress","detailed_status":{"f6367429-25dc-40aa-aae6-b3aa1bbe3b31":"in_progress"},"abort":false,"report_type":"key-report","organization":"f6367429-25dc-40aa-aae6-b3aa1bbe3b31","start_time":"2021-08-11T06:37:07Z","end_time":"2021-08-15T06:37:07Z"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List Reports","description":"Returns a list of updated report status. The results can be filtered using the query parameters.\n","tags":["CCKM/SFDC Cloud Reports"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of reports."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by reports overall status."},{"name":"name","in":"query","type":"string","description":"Filter the result by report name.","collectionFormat":"multi"},{"name":"report_type","in":"query","type":"string","description":"Filter the results by reports type.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"cccab40c-58c9-4c69-8951-a1af9f1ee17c","uri":"kylo:kylo:cckm:reports:report-name8","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-08-16T13:16:10.270086Z","name":"report-name","updatedAt":"2021-08-16T13:16:15.041293Z","completed_at":"2021-08-16T13:16:15.04114Z","overall_status":"completed","detailed_status":{"f6367429-25dc-40aa-aae6-b3aa1bbe3b31":"completed"},"abort":false,"report_type":"key-report","organization":"f6367429-25dc-40aa-aae6-b3aa1bbe3b31","start_time":"2021-08-11T06:37:07Z","end_time":"2021-08-15T06:37:07Z"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Report","description":"Get Report\n","tags":["CCKM/SFDC Cloud Reports"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"cccab40c-58c9-4c69-8951-a1af9f1ee17c","uri":"kylo:kylo:cckm:reports:report-name8","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-08-16T13:16:10.270086Z","name":"report-name","updatedAt":"2021-08-16T13:16:15.041293Z","completed_at":"2021-08-16T13:16:15.04114Z","overall_status":"completed","detailed_status":{"f6367429-25dc-40aa-aae6-b3aa1bbe3b31":"completed"},"abort":false,"report_type":"key-report","organization":"f6367429-25dc-40aa-aae6-b3aa1bbe3b31","start_time":"2021-08-11T06:37:07Z","end_time":"2021-08-15T06:37:07Z"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes job and its SFDC Cloud reports from the CCKM.","tags":["CCKM/SFDC Cloud Reports"],"responses":{"204":{"description":"No Content | SFDC Cloud report is deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/reports/{id}/contents":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Contents","description":"Get Contents\n","tags":["CCKM/SFDC Cloud Reports"],"parameters":[{"name":"key_name","in":"query","type":"string","description":"Filter the results by key_name."},{"name":"key_type","in":"query","type":"string","description":"Filter the results by key_type.","collectionFormat":"multi"},{"name":"organization","in":"query","type":"string","description":"Filter the results by name of the Salesforce organization.","collectionFormat":"multi"},{"name":"cckm_operation","in":"query","type":"string","description":"Filter the results by operation performed from CCKM.","collectionFormat":"multi"},{"name":"user_name","in":"query","type":"string","description":"Filter the results by name of the CCKM user who performed the operation."},{"name":"version","in":"query","type":"string","description":"Filter the results by version of the SFDC key.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":1,"total":2,"resources":[{"id":"6e260ac9-ee21-4f15-883a-3c2ba3dad06c","uri":"kylo:kylo:cckm:sfdc-reports:6e260ac9-ee21-4f15-883a-3c2ba3dad06c","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-08-16T13:16:15.02437Z","updatedAt":"2021-08-16T13:16:15.022305Z","key_name":"Data556","organization":"00DB000000040dE","cckm_operation":"TS Generated","modified_time":"2021-08-13T10:53:48.051Z","key_type":"Data","request_id":"4dfNHUgWuJfJc9-qbx5hf-","version":"556","user_name":"Salesforce User"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sfdc/reports/{id}/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get CSV Contents","description":"Get CSV Contents\n","tags":["CCKM/SFDC Cloud Reports"],"produces":["text/csv"],"responses":{"200":{"description":"OK","schema":{"type":"file"},"examples":{"text/csv":"Key Name,Organization,CCKM Operation,Modified Date,Version,SFDC User Data556,00DB000000040dE,TS Generated,2021-08-13 10:53:48.051 +0000 +0000,556,Salesforce User\n"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/get-groups":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get SAP groups","description":"Fetches SAP groups based on the connection.\n","tags":["CCKM/SAP Data Custodian Groups"],"parameters":[{"name":"body","in":"body","description":"Fetches SAP groups based on the connection","schema":{"type":"object","title":"get groups.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the SAP connection."},"top":{"type":"integer","description":"Number of results to return (default is 100)."},"skip":{"type":"integer","description":"Number of results to skip (default is 0)."}},"example":{"connection":"sap-connection","top":100,"skip":0}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"value":[{"application":"GENERAL","id":"0eaab0e2-8673-4d0f-a4bd-14ba8ded8400","keystoreId":"1e40864c-1b58-44b1-8654-a3a893705fb3","meta":{"created":"2021-08-17T05:44:10","creatorId":"171cdee5-947e-4bcd-ae0b-562256624904","creatorName":"sapkeyCreater@xyz.com","totalKeys":5,"totalUsers":2},"name":"SapGroup1","keystore":{}},{"application":"SAPApp2","id":"a42e389b-3d6a-43a6-ab94-9ef13de05785","keystoreId":"1e40864c-1b58-44b1-8654-a3a893705fb3","meta":{"created":"2021-08-31T12:46:31","creatorId":"171cdee5-947e-4bcd-ae0b-562256624904","creatorName":"sapkeyCreater@xyz.com","totalKeys":0,"totalUsers":3},"name":"SapGroup2","keystore":{}}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/add-groups":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add SAP group","description":"Adds a SAP group to the CCKM as a container.","tags":["CCKM/SAP Data Custodian Groups"],"parameters":[{"name":"body","in":"body","description":"SAP group parameters.","schema":{"type":"object","description":"Add SAP group.","required":["group_id","connection"],"properties":{"group_id":{"type":"array","description":"List of IDs of the SAP groups to be added.","items":{"type":"string","description":"SAP group ID."}},"connection":{"type":"string","description":"Name or ID of the SAP connection."}},"example":{"connection":"sap-connection","group_id":["d0c7ad58-27c6-4eac-8f2f-4ae2c3083f79"]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"eb96c5e5-2e9b-4580-947d-7428191e7fc0","uri":"kylo:kylo:cckm:sap-group:eb96c5e5-2e9b-4580-947d-7428191e7fc0","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-01T10:24:12.746537827Z","updatedAt":"2021-10-01T10:24:12.746537979Z","groups":[{"id":"2a8fba3b-0752-496e-86a2-18a4d54eaff6","uri":"kylo:kylo:cckm:sap-group:2a8fba3b-0752-496e-86a2-18a4d54eaff6","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-01T10:24:12.742998302Z","updatedAt":"0001-01-01T00:00:00Z","name":"sap-group-name","group_id":"3d62e129-acbf-4b3e-b1ad-e3b9779be668","sap_application":"GENERAL","description":"This group can be used for sap key","keystore_id":"1e40864c-1b58-44b1-8654-a3a893705fb3","connection":"sap-connection","cloud_name":"sap","keystore_name":"keystore-name","provider":"ESK","region":"amer","tier":"PREMIUM","tenant":"tenant","meta":{"created":"2021-09-30T12:28:29","creator_id":"171cdee5-947e-4bcd-ae0b-562256624904","creator_name":"sapkeyCreater@xyz.com"}}]}}}}}},"/v1/cckm/sap/groups":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List Groups","description":"Returns the list of SAP groups added to the CipherTrust Manager.\n","tags":["CCKM/SAP Data Custodian Groups"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by resource ID of the SAP group."},{"name":"name","in":"query","type":"string","description":"Filter the results by name."},{"name":"connection","in":"query","type":"string","description":"Filter the results by connection."},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud_name."},{"name":"group_id","in":"query","type":"string","description":"Filter the results by SAP group_id.","collectionFormat":"multi"},{"name":"application","in":"query","type":"string","description":"Filter the results by application name.","collectionFormat":"multi"},{"name":"tier","in":"query","type":"string","description":"Filter the results by service tier name.","collectionFormat":"multi"},{"name":"region","in":"query","type":"string","description":"Filter the results by region.","collectionFormat":"multi"},{"name":"provider","in":"query","type":"string","description":"Filter the results by provider.","collectionFormat":"multi"},{"name":"keystore_name","in":"query","type":"string","description":"Filter the results by keystore_name.","collectionFormat":"multi"},{"name":"creator_name","in":"query","type":"string","description":"Filter the results by creator_name."},{"name":"tenant","in":"query","type":"string","description":"Filter the results by tenant."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":2,"resources":[{"id":"2a8fba3b-0752-496e-86a2-18a4d54eaff6","uri":"kylo:kylo:cckm:sap-group:2a8fba3b-0752-496e-86a2-18a4d54eaff6","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-01T10:24:12.742998302Z","updatedAt":"0001-01-01T00:00:00Z","name":"sap-group-name1","group_id":"3d62e129-acbf-4b3e-b1ad-e3b9779be668","sap_application":"GENERAL","description":"This group can be used for sap key","keystore_id":"1e40864c-1b58-44b1-8654-a3a893705fb3","connection":"sap-connection","cloud_name":"sap","keystore_name":"keystore-name","provider":"ESK","region":"amer","tier":"PREMIUM","tenant":"tenant","meta":{"created":"2021-09-30T12:28:29","creator_id":"171cdee5-947e-4bcd-ae0b-562256624904","creator_name":"user@sap.com"}},{"id":"e4b2c2da-4226-4cd8-bbfa-b3ad7a7c05ea","uri":"kylo:kylo:cckm:sap-group:e4b2c2da-4226-4cd8-bbfa-b3ad7a7c05ea","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-01T10:24:12.742998302Z","updatedAt":"0001-01-01T00:00:00Z","name":"sap-group-name2","group_id":"a42e389b-3d6a-43a6-ab94-9ef13de05785","sap_application":"GENERAL","description":"This group can be used for sap key","keystore_id":"1e40864c-1b58-44b1-8654-a3a893705fb3","connection":"sap-connection","cloud_name":"sap","keystore_name":"keystore-name","provider":"ESK","region":"amer","tier":"PREMIUM","tenant":"tenant","meta":{"created":"2021-09-30T12:28:29","creator_id":"171cdee5-947e-4bcd-ae0b-562256624904","creator_name":"user@sap.com"}}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/groups/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a SAP group with the given id.","tags":["CCKM/SAP Data Custodian Groups"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"e4b2c2da-4226-4cd8-bbfa-b3ad7a7c05ea","uri":"kylo:kylo:cckm:sap-group:e4b2c2da-4226-4cd8-bbfa-b3ad7a7c05ea","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-01T10:24:12.742998302Z","updatedAt":"0001-01-01T00:00:00Z","name":"sap-group-name2","group_id":"a42e389b-3d6a-43a6-ab94-9ef13de05785","sap_application":"GENERAL","description":"This group can be used for sap key","keystore_id":"1e40864c-1b58-44b1-8654-a3a893705fb3","connection":"sap-connection","cloud_name":"sap","keystore_name":"keystore-name","provider":"ESK","region":"amer","tier":"PREMIUM","tenant":"tenant","meta":{"created":"2021-09-30T12:28:29","creator_id":"171cdee5-947e-4bcd-ae0b-562256624904","creator_name":"user@sap.com"}}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the connection of a SAP group.\n","tags":["CCKM/SAP Data Custodian Groups"],"parameters":[{"name":"body","in":"body","description":"Updates SAP group.","schema":{"type":"object","title":"Updates SAP group.","properties":{"connection":{"type":"string","description":"Name or ID of the connection that is used to manage the SAP account."}}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"e4b2c2da-4226-4cd8-bbfa-b3ad7a7c05ea","uri":"kylo:kylo:cckm:sap-group:e4b2c2da-4226-4cd8-bbfa-b3ad7a7c05ea","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-01T10:24:12.742998302Z","updatedAt":"0001-01-01T00:00:00Z","name":"sap-group-name2","group_id":"a42e389b-3d6a-43a6-ab94-9ef13de05785","sap_application":"GENERAL","description":"This group can be used for sap key","keystore_id":"1e40864c-1b58-44b1-8654-a3a893705fb3","connection":"sap-connection","cloud_name":"sap","keystore_name":"keystore-name","provider":"ESK","region":"amer","tier":"PREMIUM","tenant":"tenant","meta":{"created":"2021-09-30T12:28:29","creator_id":"171cdee5-947e-4bcd-ae0b-562256624904","creator_name":"user@sap.com"}}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a SAP group from the CCKM.","tags":["CCKM/SAP Data Custodian Groups"],"responses":{"204":{"description":"No Content | SAP group is deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/groups/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"User ACLS","description":"Grants permissions to users or groups to perform specific actions on the SAP groups. User ID and group are mutually exclusive – specify either.\n\nFor the first time users or groups, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to `true` or `false`.\n\nFor example, a user or group is permitted actions, keycreate, keyupload, and keydelete. Now, to permit one more action \"keyrestore\" to the user or group, set \"permit\":true and \"actions\": \"keyrestore\", and run the API. Similarly, now to deny permission to the action \"keycreate\", set \"permit\":false, \"actions\": \"keycreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n APIs | Actions Required | Description\n ----------------------------- | --------------------- | ---------------------------------------------------\n List | view | Permission to view groups and their keys.\n Create | keycreate | Permission to create SAP native keys.\n Upload | keyupload | Permission to upload the CipherTrust Manager keys to SAP.\n Delete | keydelete | Permission to delete SAP keys.\n Restore | keyrestore | Permission to restore backed up keys to groups.\n Update(Edit key) | keyupdate | Permission to update keys, for example, editing properties, enabling/disabling keys, enabling/disabling key version, and editing labels.\n Delete Backup | deletebackup | Permission to delete backups of SAP keys from the CCKM.\n Rotate to Native Key | keyrotatetonative | Permission to rotate keys on SAP groups natively.\n Rotate to BYOK Key | keyrotatetobyok | Permission to rotate keys on SAP groups using BYOK.\n Synchronize | keysynchronize | Permission to synchronize SAP keys.\n Cancel | keysynchronize | Permission to cancel synchronization jobs.\n Remove | keyremove | Permission to remove SAP keys with their versions and backups from the CCKM.\n Create Report | reportcreate | Permission to create report\n Delete Report | reportdelete | Permission to delete report\n Download Report | reportdownload | Permission to download report\n View Report | reportview | Permission to view report content\n","tags":["CCKM/SAP Data Custodian Groups"],"parameters":[{"name":"body","in":"body","description":"Providing permissions to Users.","schema":{"type":"object","title":"Adding a User.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set to true to permit, false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions on SAP keys.","enum":["keycreate","keyupload","keyupdate","view","deletebackup","keydelete","keyrestore","keyremove","keysynchronize","keyrotatetonative","keyrotatetobyok","reportview","reportcreate","reportdelete","reportdownload"]}}}}},"example":{"acls":[{"group":"CCKM Users","actions":["view"],"permit":true}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"e4b2c2da-4226-4cd8-bbfa-b3ad7a7c05ea","uri":"kylo:kylo:cckm:sap-group:e4b2c2da-4226-4cd8-bbfa-b3ad7a7c05ea","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-01T10:24:12.742998302Z","updatedAt":"0001-01-01T00:00:00Z","name":"sap-group-name2","group_id":"a42e389b-3d6a-43a6-ab94-9ef13de05785","sap_application":"GENERAL","description":"This group can be used for sap key","keystore_id":"1e40864c-1b58-44b1-8654-a3a893705fb3","connection":"sap-connection","cloud_name":"sap","keystore_name":"keystore-name","provider":"ESK","region":"amer","tier":"PREMIUM","tenant":"tenant","acls":[{"group":"CCKM Users","actions":["view"]}],"meta":{"created":"2021-09-30T12:28:29","creator_id":"171cdee5-947e-4bcd-ae0b-562256624904","creator_name":"user@sap.com"}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a SAP key. Specify the following details.\n- ID of the SAP group where the CMK needs to be created.\n- Name of the key.\n- Type of the key.\n- Cryptographic operations allowed to the key.\n","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"body","in":"body","description":"Creates a SAP key.","schema":{"type":"object","title":"Creates a SAP key.","required":["group","name","operations","type"],"properties":{"curve":{"type":"string","description":"Elliptic curve to be used to create the key.","enum":["NistP192","NistP224","NistP256","NistP384","NistP521","SecP192K1","SecP224K1","SecP256K1"]},"description":{"type":"string","description":"Description of the key."},"exportable":{"type":"boolean","description":"Whether the key is exportable. Set to true to make the key exportable. Set to false to make the key non-exportable."},"group":{"type":"string","description":"Name or ID of the group where the key is to be created."},"name":{"type":"string","description":"Name for the key."},"type":{"type":"string","description":"Type of the key.","enum":["AES","RSA","EC"]},"size":{"type":"integer","description":"Size for the key."},"operations":{"type":"array","description":"Cryptographics operations allowed to the key.","enum":["ENCRYPT","DECRYPT","SIGN","VERIFY","WRAP","UNWRAP"],"items":{"type":"string"}}},"example":{"group":"cac1153e-cd1b-4558-9ee8-c0ee91611664","name":"TestSapKey","type":"AES","size":256,"operations":["ENCRYPT","DECRYPT"]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"79adda16-607c-482f-adb0-015c1bdb6a03","uri":"kylo:kylo:cckm:sap-key:sapkeytest-79adda16-607c-482f-adb0-015c1bdb6a03","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-12-25T16:00:52.680301316Z","updatedAt":"2021-12-25T16:00:52.675855965Z","cloud_name":"sap","tenant":"tenant","sap_param":{"enabled":true,"exportable":false,"groupId":"520b0cba-dafc-40ef-be48-d02ce74ede38","sap_key_id":"aa8b0b43-3458-45d7-a99a-68b947a95c86","keystoreContext":{"customerHeld":false},"meta":{"created":"2021-12-25T16:00:51.837003","creatorId":"89821582-cc00-48f5-99ea-77b7ab07e9e2","creatorName":"sapkeyCreater@xyz.com","imported":false,"primaryVersion":0,"totalVersions":1},"name":"SapKeytest","operations":["DECRYPT","ENCRYPT"],"role":"UNSPECIFIED","size":256,"type":"AES"},"cckm_group_name":"Sap-group","cckm_group_id":"3f3c7baa-fe2b-4068-a7ce-382960710d3f","gone":false,"origin":"native","auto_rotate":false,"sap_application":"GENERAL","sap_group_name":"Sap-group","status":"AVAILABLE"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List","description":"Returns the list of SAP keys. The results can be filtered using the query parameters.\n","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of the SAP key.","collectionFormat":"multi"},{"name":"name","in":"query","type":"string","description":"Filter the results by name of the SAP key.","collectionFormat":"multi"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud_name.","collectionFormat":"multi"},{"name":"origin","in":"query","type":"string","description":"Filter the results by SAP key origin.","collectionFormat":"multi"},{"name":"type","in":"query","type":"string","description":"Filter the results by SAP key type.","collectionFormat":"multi"},{"name":"size","in":"query","type":"integer","description":"Filter the results by SAP key size.","collectionFormat":"multi"},{"name":"curve","in":"query","type":"string","description":"Filter the results by key curve type.","collectionFormat":"multi"},{"name":"enabled","in":"query","type":"boolean","description":"Filter the results by enabled."},{"name":"exportable","in":"query","type":"boolean","description":"Filter the results by exportable."},{"name":"gone","in":"query","type":"boolean","description":"Filter the results by gone."},{"name":"tenant","in":"query","type":"string","description":"Filter the results by SAP key tenant.","collectionFormat":"multi"},{"name":"status","in":"query","type":"string","description":"Filter the results by status.","collectionFormat":"multi"},{"name":"sap_key_id","in":"query","type":"string","description":"Filter the results by sap_key_id.","collectionFormat":"multi"},{"name":"creator_name","in":"query","type":"string","description":"Filter the results by SAP key creator_name.","collectionFormat":"multi"},{"name":"creator_id","in":"query","type":"string","description":"Filter the results by SAP key creator_id.","collectionFormat":"multi"},{"name":"sap_application","in":"query","type":"string","description":"Filter the results by sap_application.","collectionFormat":"multi"},{"name":"sap_group_name","in":"query","type":"string","description":"Filter the results by sap_group_name.","collectionFormat":"multi"},{"name":"job_config_id","in":"query","type":"string","description":"Filter the results by job_config_id."},{"name":"totalVersions","in":"query","type":"integer","description":"Filter the results by totalVersions.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"79adda16-607c-482f-adb0-015c1bdb6a03","uri":"kylo:kylo:cckm:sap-key:sapkeytest-79adda16-607c-482f-adb0-015c1bdb6a03","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-12-25T16:00:52.680301Z","updatedAt":"2021-12-25T16:00:52.675856Z","cloud_name":"sap","tenant":"tenant","sap_param":{"enabled":true,"exportable":false,"groupId":"520b0cba-dafc-40ef-be48-d02ce74ede38","sap_key_id":"aa8b0b43-3458-45d7-a99a-68b947a95c86","keystoreContext":{"customerHeld":false},"meta":{"created":"2021-12-25T16:00:51.837003Z","creatorId":"89821582-cc00-48f5-99ea-77b7ab07e9e2","creatorName":"sapkeyCreater@xyz.com","imported":false,"primaryVersion":0,"totalVersions":1},"name":"SapKeytest","operations":["DECRYPT","ENCRYPT"],"role":"UNSPECIFIED","size":256,"type":"AES"},"cckm_group_name":"Sap-group","cckm_group_id":"3f3c7baa-fe2b-4068-a7ce-382960710d3f","gone":false,"origin":"native","auto_rotate":false,"sap_application":"GENERAL","sap_group_name":"Sap-group","status":"AVAILABLE"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a SAP key with the given id.","tags":["CCKM/SAP Data Custodian Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"79adda16-607c-482f-adb0-015c1bdb6a03","uri":"kylo:kylo:cckm:sap-key:sapkeytest-79adda16-607c-482f-adb0-015c1bdb6a03","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-12-25T16:00:52.680301Z","updatedAt":"2021-12-25T16:00:52.675856Z","cloud_name":"sap","tenant":"tenant","sap_param":{"enabled":true,"exportable":false,"groupId":"520b0cba-dafc-40ef-be48-d02ce74ede38","sap_key_id":"aa8b0b43-3458-45d7-a99a-68b947a95c86","keystoreContext":{"customerHeld":false},"meta":{"created":"2021-12-25T16:00:51.837003Z","creatorId":"89821582-cc00-48f5-99ea-77b7ab07e9e2","creatorName":"sapkeyCreater@xyz.com","imported":false,"primaryVersion":0,"totalVersions":1},"name":"SapKeytest","operations":["DECRYPT","ENCRYPT"],"role":"UNSPECIFIED","size":256,"type":"AES"},"cckm_group_name":"Sap-group","cckm_group_id":"3f3c7baa-fe2b-4068-a7ce-382960710d3f","gone":false,"origin":"native","auto_rotate":false,"sap_application":"GENERAL","sap_group_name":"Sap-group","status":"AVAILABLE"}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the key attributes such as key name, description, whether enabled, whether exportable, and key operations (encrypt, decrypt, and sign etc.).","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"body","in":"body","description":"Updates a SAP key.","schema":{"type":"object","title":"Updates a SAP key.","properties":{"description":{"type":"string","description":"Description of the key."},"exportable":{"type":"boolean","description":"Whether the key is exportable."},"enabled":{"type":"boolean","description":"Whether the key is enabled."},"name":{"type":"string","description":"Name of the key."},"operations":{"type":"array","description":"Cryptographic operations allowed to the key.","enum":["ENCRYPT","DECRYPT","SIGN","VERIFY","WRAP","UNWRAP"],"items":{"type":"string"}}}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"79adda16-607c-482f-adb0-015c1bdb6a03","uri":"kylo:kylo:cckm:sap-key:sapkeytest-79adda16-607c-482f-adb0-015c1bdb6a03","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-12-25T16:00:52.680301Z","updatedAt":"2021-12-25T16:03:47.124690682Z","cloud_name":"sap","tenant":"tenant","sap_param":{"description":"SAP key description","enabled":true,"exportable":false,"groupId":"520b0cba-dafc-40ef-be48-d02ce74ede38","sap_key_id":"aa8b0b43-3458-45d7-a99a-68b947a95c86","keystoreContext":{"customerHeld":false},"meta":{"created":"2021-12-25T16:00:51.837003Z","creatorId":"89821582-cc00-48f5-99ea-77b7ab07e9e2","creatorName":"sapkeyCreater@xyz.com","imported":false,"primaryVersion":0,"totalVersions":1},"name":"SapKeytest","operations":["DECRYPT","ENCRYPT"],"role":"UNSPECIFIED","size":256,"type":"AES"},"cckm_group_name":"Sap-group","cckm_group_id":"3f3c7baa-fe2b-4068-a7ce-382960710d3f","gone":false,"origin":"native","auto_rotate":false,"sap_application":"GENERAL","sap_group_name":"Sap-group","status":"AVAILABLE"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a key and its versions and backup from SAP and the CCKM.","tags":["CCKM/SAP Data Custodian Keys"],"responses":{"204":{"description":"No Content | SAP key is deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Delete key from SAP","description":"Deletes a key from SAP but keeps its backup on the CCKM.","tags":["CCKM/SAP Data Custodian Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"79adda16-607c-482f-adb0-015c1bdb6a03","uri":"kylo:kylo:cckm:sap-key:sapkeytest-79adda16-607c-482f-adb0-015c1bdb6a03","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-12-25T16:00:52.680301Z","updatedAt":"2021-12-25T16:03:47.124691Z","cloud_name":"sap","tenant":"tenant","sap_param":{"description":"SAP key description","enabled":true,"exportable":false,"groupId":"520b0cba-dafc-40ef-be48-d02ce74ede38","sap_key_id":"aa8b0b43-3458-45d7-a99a-68b947a95c86","keystoreContext":{"customerHeld":false},"meta":{"created":"2021-10-04T06:32:22.62525Z","creatorId":"171cdee5-947e-4bcd-ae0b-562256624904","creatorName":"sapkeyCreater@xyz.com","imported":false,"primaryVersion":0,"totalVersions":1},"name":"SapKeytest","operations":["DECRYPT","ENCRYPT"],"role":"UNSPECIFIED","size":256,"type":"AES"},"cckm_group_name":"Sap-group","cckm_group_id":"3f3c7baa-fe2b-4068-a7ce-382960710d3f","gone":true,"origin":"native","auto_rotate":false,"sap_application":"GENERAL","sap_group_name":"Sap-group","status":"DELETED"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys/{id}/delete-backup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Delete backup of key from CM","description":"Deletes the backup of a SAP key from the CCKM but keeps the key metadata.","tags":["CCKM/SAP Data Custodian Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"0c61db6f-7889-465d-8a44-516b5d5bb53b","uri":"kylo:kylo:cckm:sap-key:sapkeytest-1-0c61db6f-7889-465d-8a44-516b5d5bb53b","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-12-25T16:10:12.051776Z","updatedAt":"2021-12-25T16:13:12.28790889Z","cloud_name":"sap","tenant":"tenant","sap_param":{"enabled":true,"exportable":true,"groupId":"520b0cba-dafc-40ef-be48-d02ce74ede38","sap_key_id":"8c2f950b-7ff4-408e-bb51-f05e3718bcd6","keystoreContext":{"customerHeld":false},"meta":{"created":"2021-10-20T10:53:07Z","creatorId":"171cdee5-947e-4bcd-ae0b-562256624904","creatorName":"sapkeyCreater@xyz.com","imported":true,"primaryVersion":0,"totalVersions":1},"name":"SapKeytest-1","operations":["DECRYPT","ENCRYPT"],"role":"UNSPECIFIED","size":2048,"type":"RSA"},"cckm_group_name":"Sap-group","cckm_group_id":"3f3c7baa-fe2b-4068-a7ce-382960710d3f","gone":true,"origin":"native","auto_rotate":false,"sap_application":"GENERAL","sap_group_name":"Sap-group","backup_key_time":"2021-12-25T16:10:57Z","backup_key_status":"SUCCESS","status":"DELETED"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys/jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Creates a new job","description":"Creates a new job to perform key delete and restore operations.\n- Delete operation deletes the key from SAP but keeps its backup in the CipherTrust Manager.\n- Restore operation restores the key to its SAP group from the key backup.\n- Both operations return the initiated job's status.\n","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"body","in":"body","description":"Creates a new job.","schema":{"type":"object","title":"Creates a new job.","required":["id","operation","delete_if_backup_fails"],"properties":{"id":{"type":"string","description":"Key Identifier."},"operation":{"type":"string","description":"Operation to be performed on the key.","enum":["delete","restore"],"items":{"type":"string"}},"delete_if_backup_fails":{"type":"boolean","description":"If the flag is set to 'true', the deletion operation continues even if the key backup fails."}},"example":{"id":"cac1153e-cd1b-4558-9ee8-c0ee91611664","operation":"delete","delete_if_backup_fails":true}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"b5cb1a05-d3e3-46b8-a32c-6944ed44d53a","uri":"kylo:kylo:cckm:sap_job:b5cb1a05-d3e3-46b8-a32c-6944ed44d53a","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-22T20:40:05.736712194Z","updatedAt":"2021-10-22T20:40:05.738033635Z","group_id":"c55d7216-f12c-4a8b-a947-0768c3c15ff8","job_id":"4dca7a5b-7985-43e7-9919-0c8a037e6e12","key_id":"9e2b7d3e-4245-4f78-aa0b-98f212765d4f","operation":"delete","creator_id":"171cdee5-947e-4bcd-ae0b-562256624904","creator_name":"create.name@domain.com","state":"PENDING"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys/jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Retrieves job status","description":"Retrieves the current job status from SAP for the following operations. - Delete - Restore","tags":["CCKM/SAP Data Custodian Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"b5cb1a05-d3e3-46b8-a32c-6944ed44d53a","uri":"kylo:kylo:cckm:sap_job:b5cb1a05-d3e3-46b8-a32c-6944ed44d53a","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-22T20:40:05.736712Z","updatedAt":"2021-10-22T20:40:26.187287Z","group_id":"c55d7216-f12c-4a8b-a947-0768c3c15ff8","job_id":"4dca7a5b-7985-43e7-9919-0c8a037e6e12","key_id":"9e2b7d3e-4245-4f78-aa0b-98f212765d4f","operation":"delete","creator_id":"171cdee5-947e-4bcd-ae0b-562256624904","creator_name":"create.name@domain.com","state":"SUCCESS"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys/{id}/versions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Add Key version","description":"Adds a new version to the SAP key. Specify whether the version will be created natively on the SAP cloud or uploaded from an external key source.","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"body","in":"body","description":"Adds a new version to a SAP key.","schema":{"type":"object","title":"Adds a new version to a SAP key.","required":["is_native"],"properties":{"source_key_tier":{"type":"string","description":"Key source from where the key will be uploaded. Specify - `local` for the CipherTrust Manager - `dsm` for Data Security Manager (DSM) - `hsm-luna` for Luna HSM"},"source_key_identifier":{"type":"string","description":"ID of the key to be uploaded from the key source."},"is_native":{"type":"boolean","description":"Whether to create the key version natively or upload from a key source."}}}}],"responses":{"204":{"description":"OK","schema":{"type":"object"},"examples":{"id":"d1679f07-38e0-4521-911c-90118e9497c4","uri":"kylo:kylo:cckm:SAP_KEY_VERSION:d1679f07-38e0-4521-911c-90118e9497c4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-04T14:07:01.000529683Z","updatedAt":"2021-10-04T14:07:00.99243925Z","cloud_name":"SAP","tenant":"tenant","groupId":"2f0243f5-cce5-45d9-b6fe-fdcfc0d50fde","sap_key_id":"806f0dc7-e5d0-4695-b68b-1148bda4a63e","origin":"native","enabled":true,"operations":["DECRYPT","ENCRYPT"],"version":1,"meta":{"created":"2021-10-04T14:07:00.822338","creatorId":"613738c2-550d-4881-b5a8-c230fcffcf60","creatorName":"sapkeyCreater@xyz.com"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List","description":"Returns the list of SAP key versions. The results can be filtered using the query parameters.\n","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"version_id","in":"query","type":"string","description":"Filter the results by internal id of key version."},{"name":"version","in":"query","type":"string","description":"Filter the results by key version id (for example, version=3)."},{"name":"tenant","in":"query","type":"string","description":"Filter the results by tenant.","collectionFormat":"multi"},{"name":"enabled","in":"query","type":"boolean","description":"Filter the results by enabled.","collectionFormat":"multi"},{"name":"origin","in":"query","type":"string","description":"Filter the results by origin.","collectionFormat":"multi"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud_name.","collectionFormat":"multi"},{"name":"creator_name","in":"query","type":"string","description":"Filter the results by key version creator_name.","collectionFormat":"multi"},{"name":"creator_id","in":"query","type":"string","description":"Filter the results by key version creator_id.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"d1679f07-38e0-4521-911c-90118e9497c4","uri":"kylo:kylo:cckm:SAP_KEY_VERSION:d1679f07-38e0-4521-911c-90118e9497c4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-04T14:07:01.000529683Z","updatedAt":"2021-10-04T14:07:00.99243925Z","cloud_name":"SAP","tenant":"tenant","groupId":"2f0243f5-cce5-45d9-b6fe-fdcfc0d50fde","sap_key_id":"806f0dc7-e5d0-4695-b68b-1148bda4a63e","origin":"native","enabled":true,"operations":["DECRYPT","ENCRYPT"],"version":1,"meta":{"created":"2021-10-04T14:07:00.822338","creatorId":"613738c2-550d-4881-b5a8-c230fcffcf60","creatorName":"sapkeyCreater@xyz.com"}}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys/{id}/versions/{versionID}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"get":{"summary":"Get key version details.","description":"Get the details of a key version. Specify the key ID and the version ID.","tags":["CCKM/SAP Data Custodian Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"d1679f07-38e0-4521-911c-90118e9497c4","uri":"kylo:kylo:cckm:SAP_KEY_VERSION:d1679f07-38e0-4521-911c-90118e9497c4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-04T14:07:01.000529683Z","updatedAt":"2021-10-04T14:07:00.99243925Z","cloud_name":"SAP","tenant":"tenant","groupId":"2f0243f5-cce5-45d9-b6fe-fdcfc0d50fde","sap_key_id":"806f0dc7-e5d0-4695-b68b-1148bda4a63e","origin":"native","enabled":true,"operations":["DECRYPT","ENCRYPT"],"version":1,"meta":{"created":"2021-10-04T14:07:00.822338","creatorId":"613738c2-550d-4881-b5a8-c230fcffcf60","creatorName":"sapkeyCreater@xyz.com"}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/upload-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Uploads a key to a SAP group. Specify the following details.\n- ID of the group where the key needs to be uploaded.\n- Key parameters such as description, type, name, and exportable etc.\n- Source key tier.\n- Source key identifier of the key to be uploaded from a key source.\n","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"body","in":"body","description":"Create a new SAP key by uploading a key from a key source.","schema":{"type":"object","title":"Create a new SAP key.","required":["source_key_identifier","source_key_tier","name","type","group","operations"],"properties":{"name":{"type":"string","description":"Name of the SAP key."},"description":{"type":"string","description":"Description of the key."},"exportable":{"type":"boolean","description":"Whether the key is exportable."},"group":{"type":"string","description":"ID of the group where the key is to be created."},"type":{"type":"string","description":"Type of the key.","enum":["AES","RSA","EC"]},"operations":{"type":"array","description":"Cryptographic operations allowed to the key.","enum":["ENCRYPT","DECRYPT","SIGN","VERIFY","WRAP","UNWRAP"],"items":{"type":"string"}},"source_key_identifier":{"type":"string","description":"ID of the key that will be uploaded from a key source."},"source_key_tier":{"type":"string","description":"Key source from where the key will be uploaded. Specify - `local` for the CipherTrust Manager - `dsm` for Data Security Manager (DSM) - `hsm-luna` for Luna HSM"}},"example":{"source_key_identifier":"local_key_id","source_key_tier":"local","group":"cac1153e-cd1b-4558-9ee8-c0ee91611664","name":"KeyUpload","description":"This is upoad key","type":"AES","exportable":true,"operations":["ENCRYPT","DECRYPT"]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"4f92e433-6ae6-4d5a-8a62-80472326c163","uri":"kylo:kylo:cckm:sap-key:4f92e433-6ae6-4d5a-8a62-80472326c163","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-12-25T16:16:06.248718409Z","updatedAt":"2021-12-25T16:16:06.245299615Z","cloud_name":"sap","tenant":"tenant","sap_param":{"description":"This is upoad key","enabled":true,"exportable":true,"groupId":"520b0cba-dafc-40ef-be48-d02ce74ede38","sap_key_id":"ab93ccb8-d084-4d09-ae97-4940e3a38bcb","keystoreContext":{"customerHeld":false},"meta":{"created":"2021-10-19T09:14:49.623326","creatorId":"171cdee5-947e-4bcd-ae0b-562256624904","creatorName":"sapkeyCreater@xyz.com","imported":true,"primaryVersion":0,"totalVersions":1},"name":"Sap-KeyUpload","operations":["DECRYPT","ENCRYPT"],"role":"UNSPECIFIED","size":256,"type":"AES"},"cckm_group_name":"Sap-group","cckm_group_id":"3f3c7baa-fe2b-4068-a7ce-382960710d3f","gone":false,"origin":"cckm","auto_rotate":false,"sap_application":"GENERAL","sap_group_name":"Sap-group","status":"AVAILABLE"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronize SAP keys\n","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"body","in":"body","description":"Synchronizes keys of given SAP groups.","schema":{"type":"object","title":"Synchronize keys","properties":{"groups":{"type":"array","items":{"type":"string"},"description":"ID of the group from which keys will be synchronized. Provide resource ID or group ID of the SAP group."},"synchronize_all":{"type":"boolean","description":"Whether to synchronize all keys from all groups. Set `true` to synchronize all keys. `synchronize_all` and `groups` are mutually exclusive - specify either."}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"sap","groups":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns the list of updated synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by overall_status. Possible values are \"in_progress\", \"completed\", and \"failed\"."},{"name":"groups","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results by groups."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:49:49.658814Z","overall_status":"in progress","detailed_status":{"742f9921-2d91-41fc-97fc-e98ad007f081":"in progress"},"cloud":"sap","groups":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a synchronization process with the given id.","tags":["CCKM/SAP Data Custodian Keys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:50:01.676264Z","overall_status":"in progress","detailed_status":{"sap1::742f9921-2d91-41fc-97fc-e98ad007f081":"in progress"},"cloud":"sap","groups":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}}}}}},"/v1/cckm/sap/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels a synchronization job.\n","tags":["CCKM/SAP Data Custodian Keys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1838","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578Z","updatedAt":"2020-08-06T09:50:08.968859976Z","overall_status":"in progress","detailed_status":{"sap1::742f9921-2d91-41fc-97fc-e98ad007f081":"in progress"},"cloud":"sap","groups":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/reports":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate a report","description":"Generates a report. Specify the following details.\n- Start time\n- End time\n- Connection\n- SAP parameters\n- Name\n","tags":["CCKM/SAP Data Custodian Reports"],"parameters":[{"name":"body","in":"body","description":"Generate a report.","schema":{"type":"object","title":"Get Key Activity Report.","required":["sap_params","name","report_type"],"properties":{"name":{"type":"string","description":"Name of the SAP report."},"start_time":{"type":"string","description":"Start time from when the report is to be generated. Default start time is end_time-24hrs."},"end_time":{"type":"string","description":"End time for the report. Default end time is the time when the call is initiated."},"report_type":{"type":"string","description":"Type of the report to be generated.","enum":["key-report","key-rotation"]},"sap_params":{"type":"array","items":{"type":"object","description":"SAP parameter.","required":["group"],"properties":{"group":{"type":"string","description":"Resource ID of the SAP group on the CipherTrust Manager."}}}}},"example":{"start_time":"2021-10-27T06:37:07Z","end_time":"2021-10-27T08:37:07Z","name":"report-name","report_type":"key-report","sap_params":[{"group":"53c6a7ce-5785-413a-8b69-a89f599885c4"}]}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"e58efc53-c152-4602-913e-dc2d7549a3d5","uri":"kylo:kylo:cckm:sap-reports:e58efc53-c152-4602-913e-dc2d7549a3d5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-27T12:11:27.586818652Z","updatedAt":"2021-10-27T12:11:27.593472606Z","overall_status":"in_progress","detailed_status":{"53c6a7ce-5785-413a-8b69-a89f599885c4":"in_progress"},"abort":false,"report_type":"key-report","groups":["53c6a7ce-5785-413a-8b69-a89f599885c4"],"start_time":"2021-10-27T06:37:07Z","end_time":"2021-10-27T08:37:07Z","name":"report-name"}}},"404":{"description":"Resource not found."}}},"get":{"summary":"List Reports","description":"Returns the list of updated reports. The results can be filtered using the query parameters.\n","tags":["CCKM/SAP Data Custodian Reports"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of reports."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by overall_status."},{"name":"name","in":"query","type":"string","description":"Filter the results by report name.","collectionFormat":"multi"},{"name":"report_type","in":"query","type":"string","description":"Filter the results by report_type.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"e58efc53-c152-4602-913e-dc2d7549a3d5","uri":"kylo:kylo:cckm:sap-reports:e58efc53-c152-4602-913e-dc2d7549a3d5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-27T12:11:27.586819Z","updatedAt":"2021-10-27T12:19:06.745802Z","completed_at":"2021-10-27T12:19:06.745614Z","overall_status":"completed","detailed_status":{"53c6a7ce-5785-413a-8b69-a89f599885c4":"completed"},"abort":false,"report_type":"key-report","groups":["53c6a7ce-5785-413a-8b69-a89f599885c4"],"start_time":"2021-10-27T06:37:07Z","end_time":"2021-10-27T08:37:07Z","name":"report-name"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Report","description":"Gets the details of a SAP report.\n","tags":["CCKM/SAP Data Custodian Reports"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"e58efc53-c152-4602-913e-dc2d7549a3d5","uri":"kylo:kylo:cckm:sap-reports:e58efc53-c152-4602-913e-dc2d7549a3d5","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-27T12:11:27.586819Z","updatedAt":"2021-10-27T12:19:06.745802Z","completed_at":"2021-10-27T12:19:06.745614Z","overall_status":"completed","detailed_status":{"53c6a7ce-5785-413a-8b69-a89f599885c4":"completed"},"abort":false,"report_type":"key-report","groups":["53c6a7ce-5785-413a-8b69-a89f599885c4"],"start_time":"2021-10-27T06:37:07Z","end_time":"2021-10-27T08:37:07Z","name":"report-name"}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a job and its SAP reports from the CCKM.","tags":["CCKM/SAP Data Custodian Reports"],"responses":{"204":{"description":"No Content | SAP report is deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/reports/{id}/contents":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get Contents","description":"Gets the content of a SAP report on console.\n","tags":["CCKM/SAP Data Custodian Reports"],"parameters":[{"name":"key_name","in":"query","type":"string","description":"Filter the results by key_name."},{"name":"sap_key_id","in":"query","type":"string","description":"Filter the results by sap_key_id.","collectionFormat":"multi"},{"name":"group_id","in":"query","type":"string","description":"Filter the results by group_id."},{"name":"key_activity","in":"query","type":"string","description":"Filter the results by key_activity.","collectionFormat":"multi"},{"name":"origin","in":"query","type":"string","description":"Filter the results by origin.","collectionFormat":"multi"},{"name":"user_name","in":"query","type":"string","description":"Filter the results by user_name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":1,"total":55,"resources":[{"id":"b704fe66-aa3b-40f4-8993-1e782b0b5a56","uri":"kylo:kylo:cckm:sap-reports:b704fe66-aa3b-40f4-8993-1e782b0b5a56","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-27T12:16:26.338176Z","updatedAt":"2021-10-27T12:16:26.336372Z","key_name":"key_name","sap_key_id":"1cf5acb7-0ed9-44dc-8e5f-e6c88bf17dc2","group_id":"2a3c9b29-5088-499f-871f-c2a19dad0e6c","key_activity":"CREATE","event_time":"2021-10-27T06:51:23Z","user_name":"sapkeyCreater@xyz.com"}]}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/reports/{id}/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get CSV Contents","description":"Gets the comma-separated SAP report. The report is downloaded as a CSV file.\n","tags":["CCKM/SAP Data Custodian Reports"],"produces":["text/csv"],"responses":{"200":{"description":"OK","schema":{"type":"file"},"examples":{"text/csv":"Key Name,SAP Key ID,Group,Key Activity,Event Time,Origin,Sap User key_name,1cf5acb7-0ed9-44dc-8e5f-e6c88bf17dc2,2a3c9b29-5088-499f-871f-c2a19dad0e6c,CREATE,2021-10-27 06:51:23 +0000 +0000,,user@sap.com\n"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys/{id}/enable-auto-rotation":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enables auto rotation","description":"Enables auto rotation for a SAP key.","tags":["CCKM/SAP Data Custodian Keys"],"parameters":[{"name":"body","in":"body","description":"Enables auto rotation for a SAP key.","schema":{"type":"object","title":"Enables auto rotation for a SAP key.","required":["job_config_id","auto_rotate_key_source"],"properties":{"job_config_id":{"type":"string","description":"ID of the scheduler job that will perform key rotation."},"auto_rotate_key_source":{"type":"string","description":"Source of the key material. Options are `native`, `hsm-luna`, `dsm`, and `ciphertrust`."},"auto_rotate_partition_id":{"type":"string","description":"ID of the partition in which the HSM key will be created."},"auto_rotate_domain_id":{"type":"string","description":"ID of the domain in which the DSM key will be created."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"85b60d4c-39b2-42e4-a87a-f930ef35cbe9","uri":"kylo:kylo:cckm:sap-key:testsapkey-22thoct-14f1c536-7b19-44ca-b720-eff431e3ff67","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-22T03:27:42.087228Z","labels":{"auto_rotate_key_source":"native","job_config_id":"932bdc70-a960-4c32-ba22-f1ed62c029e7"},"updatedAt":"2021-10-27T07:34:20.133055084Z","cloud_name":"sap","tenant":"tenant","sap_param":{"enabled":true,"exportable":false,"groupId":"c838f874-3bf2-41d5-88c2-b5f5bf8094a8","sap_key_id":"85b60d4c-39b2-42e4-a87a-f930ef35cbe9","keystoreContext":{"customerHeld":false},"meta":{"created":"2021-10-22T03:27:41Z","creatorId":"171cdee5-947e-4bcd-ae0b-562256624904","creatorName":"sapkeyCreater@xyz.com","imported":false,"primaryVersion":3,"totalVersions":4},"name":"TestSapKey--22thOct","operations":["DECRYPT","ENCRYPT"],"role":"UNSPECIFIED","size":256,"type":"AES"},"cckm_group_name":"CCKM","cckm_group_id":"003d0903-508c-4162-95e3-f59a11c8351a","gone":false,"origin":"native","auto_rotate":true,"sap_application":"GENERAL","sap_group_name":"CCKM","Deleted":false,"status":"AVAILABLE"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/keys/{id}/disable-auto-rotation":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable the auto rotation for SAP key","description":"Disables auto rotation for a SAP key.","tags":["CCKM/SAP Data Custodian Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"85b60d4c-39b2-42e4-a87a-f930ef35cbe9","uri":"kylo:kylo:cckm:sap-key:testsapkey-22thoct-14f1c536-7b19-44ca-b720-eff431e3ff67","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-10-22T03:27:42.087228Z","updatedAt":"2021-10-27T07:34:50.620804091Z","cloud_name":"sap","tenant":"tenant","sap_param":{"enabled":true,"exportable":false,"groupId":"c838f874-3bf2-41d5-88c2-b5f5bf8094a8","sap_key_id":"85b60d4c-39b2-42e4-a87a-f930ef35cbe9","keystoreContext":{"customerHeld":false},"meta":{"created":"2021-10-22T03:27:41Z","creatorId":"171cdee5-947e-4bcd-ae0b-562256624904","creatorName":"sapkeyCreater@xyz.com","imported":false,"primaryVersion":3,"totalVersions":4},"name":"TestSapKey--22thOct","operations":["DECRYPT","ENCRYPT"],"role":"UNSPECIFIED","size":256,"type":"AES"},"cckm_group_name":"CCKM","cckm_group_id":"003d0903-508c-4162-95e3-f59a11c8351a","gone":false,"origin":"native","auto_rotate":false,"sap_application":"GENERAL","sap_group_name":"CCKM","Deleted":false,"status":"AVAILABLE"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/sap/applications":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List SAP Applications","description":"Returns the list of SAP applications.\n","tags":["CCKM/SAP Data Custodian Applications"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"connection","in":"query","type":"string","description":"Filter the results by connection."},{"name":"application_name","in":"query","type":"string","description":"Filter the results by application_name.","collectionFormat":"multi"},{"name":"tenant","in":"query","type":"string","description":"Filter the results by tenant.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":2,"resources":[{"id":"cf18e05f-5d4f-41bb-8cf4-5d033cc0e34b","uri":"kylo:kylo:cckm:sap-application:cf18e05f-5d4f-41bb-8cf4-5d033cc0e34b","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-11-09T07:54:51.384203Z","updatedAt":"2021-11-09T07:54:51.383133Z","application_name":"S4H","connection":"sap-conn","tenant":"tenant"},{"id":"75694010-0e33-4a2f-8b7a-887eca216314","uri":"kylo:kylo:cckm:sap-application:75694010-0e33-4a2f-8b7a-887eca216314","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-11-09T07:22:13.490711Z","updatedAt":"2021-11-09T07:22:13.488614Z","application_name":"GENERAL","connection":"sap-conn","tenant":"tenant"}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/get-vaults":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get OCI vaults","description":"Fetches OCI vaults based on the connection.\n","tags":["CCKM/Oracle Vaults"],"parameters":[{"name":"body","in":"body","description":"Fetches OCI vaults based on the connection.","schema":{"type":"object","title":"get vaults.","required":["connection","compartment_id","region"],"properties":{"connection":{"type":"string","description":"Name or ID of the OCI connection."},"compartment_id":{"type":"string","description":"ID of the OCI compartment to get vaults from."},"region":{"type":"string","description":"OCI region to get vaults from."},"limit":{"type":"integer","description":"Number of records to return in a paginated \"List\" call, but might not return that exact number."},"ociNextPage":{"type":"string","description":"Parameter to get the remaining records. The limit to view the remaining records remains the same as the `limit` parameter set for the first time. For example, if there are 20 vaults and you set `limit` to `11`, then to view the remaining `9` vaults, use `ociNextPage`."}},"example":{"connection":"oci-connection","compartment_id":"ocid.compartment.oc..abfhuez4b7dl2lzal557m6mzq6b72157e6b72157e6b72157e6b72157","region":"us-ashburn-1","limit":1,"ociNextPage":"AFUWCLJRUGFUGSVFMZCVMRXGI2TMOZMWYTRRKZWTKTSRNV4E2Y2UJJZFORCWJVNDE4D2K5DVKMKNIVLGCY2IOBKGG3TEGBIV"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"data":[{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn644ql5aaal6hb2vag7audpd4d4mcf6zluymff6sq","display_name":"CCKM_Vault1","vault_id":"ocid1.vault.oc1.iad.b5rlfscqaafpu.abuwcljseuzbqwkuijod2ojzmuldf4rzqptzjhwcbvhiauep2imdkcpvxutq","lifecycle_state":"PENDING_DELETION","management_endpoint":"https://b5rlfwewrtwwu-mgt..us-ashburn-1.oraclecloud.com","time_created":"2022-06-22T07:44:16.788Z","vault_type":"DEFAULT","defined_tags":{},"freeform_tags":{}},{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2nvlsn634ql5aaal6hb2vg7audpd4d4mcf6zluymff6sq","display_name":"CCKM_Vault2","vault_id":"ocid1.vault.oc1.iad.b5rizbwjaahqa.abuwcljttdaomsj7aru3brgi27n6tlvavkpgsfz6psl2zv4qsoq7mre57qka","lifecycle_state":"ACTIVE","management_endpoint":"https://b5rizbwjghrtta-mgt..us-ashburn-1.oraclecloud.com","time_created":"2022-05-24T07:18:33.622Z","vault_type":"DEFAULT","defined_tags":{},"freeform_tags":{}}],"ociNextPage":"AFUWCLJRUGFUGSVFMZCVMRXGI2TMOZMWYTRRKZWTKTSRNV4E2Y2UJJZFORCWJVNDE4D2K5DVKMKNIVLGCY2IOBKGG3TEGBIV"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/add-vaults":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add OCI vaults","description":"Adds an OCI vault as a container.","tags":["CCKM/Oracle Vaults"],"parameters":[{"name":"body","in":"body","description":"OCI vaults parameters.","schema":{"type":"object","description":"Add OCI Vaults.","required":["vault_id","connection","region"],"properties":{"vault_id":{"type":"array","description":"List of IDs of the OCI vaults to be added.","items":{"type":"string","description":"OCI vaults ID."}},"connection":{"type":"string","description":"Name or ID of the OCI connection."},"region":{"type":"string","description":"Name of the OCI region where the vault is to be added."},"bucket_name":{"type":"string","description":"Name of the OCI bucket for creating key backups of HSM-protected keys for Virtual Private Vaults (VPVs). The bucket should be in the same region as the vault. You must have appropriate read/write permissions on this bucket.\nNote: If `bucket_name` is not specified, the keys cannot be backed up while syncing vaults.\n"},"bucket_namespace":{"type":"string","description":"Namespace of the OCI bucket, `bucket_name`. This parameter is required if `bucket_name` is specified.\nNote: If `bucket_namespace` is not specified, the keys cannot be backed up while syncing vaults.\n"}},"example":{"connection":"oci-connection","region":"us-ashburn-1","vault_id":["ocid1.vault.oc1.iad.bzqyzunhaagyg.abuwcljrlzpbtjpufvqpawsedrftgyhujikol7dximukyyzav4hyzgbpdtd7qnea"],"bucket_name":"example_bucket_name","bucket_namespace":"example_bucket_namespace"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"25e0d83c-c408-42c7-b3f2-c86cd6bcda55","uri":"kylo:kylo:cckm:oci-vault:25e0d83c-c408-42c7-b3f2-c86cd6bcda55","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T08:50:28.01363466Z","updatedAt":"2022-06-27T08:50:28.013634711Z","vaults":[{"id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","uri":"kylo:kylo:cckm:oci-vault:37900289-47cf-4172-91c5-7ea6cb87c4b7","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T08:50:28.011605208Z","updatedAt":"0001-01-01T00:00:00Z","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4dt4mcf6zluymff6sq","display_name":"demo-vault","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtupelvkgx4qmqfsvmt5tvqkccf7ht67azimoplskq","lifecycle_state":"ACTIVE","management_endpoint":"https://b5rb2wbtaadze-mgt..us-ashburn-1.oraclecloud.com","time_created":"2022-02-28T23:18:12.263Z","connection":"OCI Connection","vault_type":"DEFAULT","wrappingkey_id":"ocid1.key.oc1.iad.b5rbrwbtaadze.abuwcljryuracx4jlfjgnuj5vehu7lvrfljtwcx2nyaxgjd3pifvt2mijclza","is_primary":true,"tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy"}],"status":"Success","bucket_name":"example_bucket_name","bucket_namespace":"example_bucket_namespace"}},"409":{"description":"CONFLICT"},"412":{"description":"PRECONDITION FAILED"}}}},"/v1/cckm/oci/vaults":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists OCI vaults added to the CCKM.","tags":["CCKM/Oracle Vaults"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"display_name","in":"query","type":"string","description":"Filter the results by display_name."},{"name":"vault_name","in":"query","type":"string","description":"Filter the results by vault_name."},{"name":"linked_state","in":"query","type":"boolean","description":"Filter the results by linked_state."},{"name":"issuer_id","in":"query","type":"string","description":"Filter the results by issuer_id."},{"name":"blocked","in":"query","type":"boolean","description":"Filter the results by blocked."},{"name":"external_vault_type","in":"query","type":"string","description":"Filter the results by external_vault_type."},{"name":"cloud_name","in":"query","type":"string","description":"Filter the results by cloud_name."},{"name":"vault_id","in":"query","type":"string","description":"Filter the results by vault_id.","collectionFormat":"multi"},{"name":"vault_type","in":"query","type":"string","description":"Filter the results by vault type. Valid values are \"DEFAULT\", \"EXTERNAL\" and \"VIRTUAL_PRIVATE\"."},{"name":"tenancy","in":"query","type":"string","description":"Filter the results by tenancy."},{"name":"compartment_name","in":"query","type":"string","description":"Filter the results by compartment name."},{"name":"lifecycle_state","in":"query","type":"string","description":"Filter the results by lifecycle state.","collectionFormat":"multi"},{"name":"region","in":"query","type":"string","description":"Filter the results by region.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","uri":"kylo:kylo:cckm:oci-vault:37900289-47cf-4172-91c5-7ea6cb87c4b7","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T08:50:28.011605Z","updatedAt":"2022-06-27T08:50:28.010411Z","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6htb2vg7audgd4d4mcf6zluymff6sq","display_name":"demo-vault","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtuptelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","lifecycle_state":"ACTIVE","management_endpoint":"https://b5rb2wbtaadze-mgt..us-ashburn-1.oraclecloud.com","time_created":"2022-02-28T23:18:12.263Z","cloud_name":"oci","connection":"OCI Connection","vault_type":"DEFAULT","wrappingkey_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljryuracx4jlftjgnuj5vehu7lvrfljwcx2nyaxgjd3hrfvt2mijclza","defined_tags":{},"freeform_tags":{"Name":"value","Owner":"value2"},"is_primary":true,"tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy"}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/vaults/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an OCI vault with the given `id`.","tags":["CCKM/Oracle Vaults"],"responses":{"200":{"description":"OK","examples":{"id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","uri":"kylo:kylo:cckm:oci-vault:37900289-47cf-4172-91c5-7ea6cb87c4b7","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T08:50:28.011605Z","updatedAt":"2022-06-27T08:50:28.010411Z","compartment_id":"ocid1.tenancy.oc1..aaaaabaadixb52q2mvlsn634tql5aaal6hb2vg7audpd4d4mcf6zluymff6sq","display_name":"demo-vault","vault_id":"ocid1.vault.oc1.iad.b5rc2wbtaadze.abuwcljtkgqthwtjmj5mdtupelvkgx4qmqfsvm5tvqkccf7hab7azimoplskq","lifecycle_state":"ACTIVE","management_endpoint":"https://b5rb2wbtaadze-mgt..us-ashburn-1.oraclecloud.com","time_created":"2022-02-28T23:18:12.263Z","cloud_name":"oci","connection":"OCI Connection","vault_type":"DEFAULT","wrappingkey_id":"ocid1.key.oc1.iad.b5rb2wbtaarze.abuwcljryturacx4jlfjgnuj5vehu7lvrfljwcx2nyaxgjd3pifvt2mijclza","defined_tags":{},"freeform_tags":{"Name":"value","Owner":"value2"},"is_primary":true,"tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy"}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the OCI vault attributes for the given id.\n","tags":["CCKM/Oracle Vaults"],"parameters":[{"name":"body","in":"body","description":"Updates OCI vault.","schema":{"type":"object","title":"Updates OCI vault.","properties":{"connection":{"type":"string","description":"Name or ID of the connection that is used to manage the OCI vault."},"bucket_name":{"type":"string","description":"Bucket name is required for creating key backups of HSM protected keys for Virtual Private Vaults.\nBucket should be in the same region as that of the vault.\nUser should have apt read/write permissions for this bucket.\nNote: Key Backup functionality while syncing vaults will cease without this param.\n"},"bucket_namespace":{"type":"string","description":"Namespace of the provided bucket.\nThis field is required if bucket_name is provided.\nNote: Key Backup functionality while syncing vaults will cease without this param.\n"},"vault_name":{"type":"string","description":"Name for an OCI external vault. Applicable only to OCI external vaults."},"issuer_id":{"type":"string","description":"Issuer ID to trust with the OCI external vault. Applicable only to OCI external vaults."},"endpoint_url_hostname":{"type":"string","description":"Hostname for the OCI external vault endpoint URL. Applicable only to OCI external vaults."},"policy":{"type":"string","description":"Policy for the OCI external vault. Applicable only to OCI external vaults."}},"example":{"connection":"OCI Connection2"}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","uri":"kylo:kylo:cckm:oci-vault:37900289-47cf-4172-91c5-7ea6cb87c4b7","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T08:50:28.011605Z","updatedAt":"2022-06-27T09:00:13.063342024Z","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5ataal6hb2vg7audgd4d4mcf6zluymff6sq","display_name":"demo-vault","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5tmdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","lifecycle_state":"ACTIVE","management_endpoint":"https://b5rb2wbtaadze-mgt..us-ashburn-1.oraclecloud.com","time_created":"2022-02-28T23:18:12.263Z","cloud_name":"oci","connection":"OCI Connection2","vault_type":"DEFAULT","wrappingkey_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljryuractx4jlfjgnuj5vehu7lvrfljwcx2nyaxgjd3hrfvt2mijclza","defined_tags":{},"freeform_tags":{"Name":"value","Owner":"value2"},"is_primary":true,"tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy"}}},"401":{"description":"Unauthorized."},"403":{"description":"Forbidden."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}},"delete":{"summary":"Delete","description":"Deletes an OCI vault from the CCKM.","tags":["CCKM/Oracle Vaults"],"responses":{"204":{"description":"No Content | OCI vault is deleted successfully.","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/vaults/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"User ACLS","description":"Grants permissions to users or group to perform specific actions on the OCI vaults. User ID and group are mutually exclusive – specify either.\n\nFor the first time users or groups, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group need to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to `true` or `false`.\n\nFor example, a user or group is permitted actions, `keycreate`, `keyupload`, and `keydelete`. Now, to permit one more action \"keyrestore\" to the user or group, set \"permit\":true and \"actions\": \"keyrestore\" and run the API. Similarly, now to deny permission to the action \"keycreate\", set \"permit\":false, \"actions\": \"keycreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n Apis | Actions Required | Description\n ----------------------------- | --------------------- | ---------------------------------------------------\n List | view | Permission to view vaults and their keys.\n Create | keycreate | Permission to create a OCI native keys.\n Upload | keyupload | Permission to upload the CipherTrust Manager keys to OCI.\n Schedule Deletion | keydelete | Permission for schedule deletion of the key.\n Cancel delete | keycanceldelete | Permission to cancel deletion of the keys.\n Restore | keyrestore | Permission to restore a backed up keys to a vault.\n Update (Edit key) | keyupdate | Permission to update keys, for example, editing properties,\n | | enabling/disabling keys, and editing tags.\n Delete Backup | deletebackup | Permission to delete backups of OCI keys from the CCKM.\n Rotate to Native Key | keyrotatetonative | Permission to rotate the keys on OCI vaults natively.\n Rotate to BYOK Key | keyrotatetobyok | Permission to rotate the keys on OCI vaults BYOK.\n Synchronize | keysynchronize | Permission to synchronize OCI keys.\n Cancel | keysynchronize | Permission to cancel a synchronization jobs.\n Remove | keyremove | Permission to remove OCI keys with their versions\n | | and backups from the CCKM.\n Create Report | reportcreate | Permission to create report\n Delete Report | reportdelete | Permission to delete report\n Download Report | reportdownload | Permission to download report\n View Report | reportview | Permission to view report content\n \n List (HYOK Key) | viewhyokkey | Permission to view OCI HYOK keys.\n Create (HYOK Key) | hyokkeycreate | Permission to create an OCI HYOK key.\n Update (HYOK Key) | hyokkeyupdate | Permission to update an OCI HYOK key.\n Block/Unblock (HYOK Key) | hyokkeyblockunblock | Permission to block/unblock an OCI HYOK key.\n Delete (HYOK Key) | hyokkeydelete | Permission to delete an OCI HYOK key (applicable only to unlinked key).\n Rotate (HYOK Key) | hyokkeyrotate | Permission to rotate a HYOK key in CM.\n","tags":["CCKM/Oracle Vaults"],"parameters":[{"name":"body","in":"body","description":"Providing permissions to Users.","schema":{"type":"object","title":"Adding a User.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive - specify either."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set to `true` to permit, `false` to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keyupload","keyrotatetobyok","keyrotatetonative","keyupdate","view","deletebackup","keydelete","keypurge","keyrestore","keyremove","reportview","reportcreate","reportdelete","reportdownload"]}}}}},"example":{"acls":[{"group":"CCKM Users","actions":["view"],"permit":true}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","uri":"kylo:kylo:cckm:oci-vault:37900289-47cf-4172-91c5-7ea6cb87c4b7","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T08:50:28.011605Z","updatedAt":"2022-06-27T09:45:13.481715526Z","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7atudgd4d4mcf6zluymff6sq","display_name":"demo-vault","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtupelvkgx4qtmqfsvm5tvqkccf7ht67azimoplskq","lifecycle_state":"ACTIVE","management_endpoint":"https://b5rb2wbtaadze-mgt..us-ashburn-1.oraclecloud.com","time_created":"2022-02-28T23:18:12.263Z","cloud_name":"oci","connection":"OCI Connection2","vault_type":"DEFAULT","wrappingkey_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljryuracx4jlfjgnuj5vehut7lvrfljwcx2nyaxgjd3hrfvt2mijclza","defined_tags":{},"freeform_tags":{"Name":"value","Owner":"value2"},"is_primary":true,"tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates an OCI key. Specify the following details.\n- ID of the vault where the key needs to be created\n- Algorithm of the key\n- Length of the key\n- Name for the key\n- Protection mode of the key\n- Compartment ID of the key\n","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"body","in":"body","description":"Creates an OCI key.","schema":{"type":"object","title":"Creates an OCI key.","required":["vault","name","algorithm","length","protection_mode","compartment_id"],"properties":{"curve_id":{"type":"string","description":"Elliptic curve to be used to create the key.","enum":["NIST_P256","NIST_P384","NIST_P521"]},"vault":{"type":"string","description":"ID of the OCI vault where the key is to be created."},"name":{"type":"string","description":"Name for the key."},"algorithm":{"type":"string","description":"Algorithm of the key.","enum":["AES","RSA","ECDSA"]},"length":{"type":"integer","description":"Length of the key.","enum":["AES (16, 24, 32)","RSA (256, 384, 512)","ECDSA (32, 48, 66)"]},"protection_mode":{"type":"string","description":"Protection mode of the key. A protection mode specifies where the Master Encryption Keys (MEKs) are stored and processed.","enum":["HSM","SOFTWARE"]},"compartment_id":{"type":"string","description":"Compartment ID where the key will belong."},"defined_tags":{"type":"object","description":"Defined tags for the key. A tag consists of namespace, key, and value."},"freeform_tags":{"type":"object","description":"Freeform tags for the key. A freeform tag is a simple key-value pair with no predefined name, type, or namespace."}},"example":{"vault":"cac1153e-cd1b-4558-9ee8-c0ee91611664","name":"TestOciKey","algorithm":"AES","length":32,"protection_mode":"SOFTWARE","compartment_id":"ocid1.compartment.oc1..aaaaaaaae3aqswden2svwndxc7lyrstwzqam4azefyg6obsxbrnymii6ezrva","defined_tags":{"Operations":{"CostCenter":"42"}},"freeform_tags":{"Department":"Finance"}}}}],"responses":{"201":{"description":"OK","examples":{"id":"8b20909b-83b5-4410-9161-9644d78b6e9e","uri":"kylo:kylo:cckm:oci-key:testocikey123-8b20909b-83b5-4410-9161-9644d78b6e9e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T09:50:48.912957262Z","updatedAt":"2022-06-27T09:50:48.911005133Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtupelvkgtx4qmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"native","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaatl6hb2vg7audgd4d4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awivmkt4xzhiaa.abuwcljrql245oiqqbsagdcy2tqdngtf746xcmiatdysrqtdsbosgnz3vfoq","display_name":"TestOciKey123","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrsepkzommljnblkcy7ixtgahawk4mvigj3bp6q6uqe73ke5hew6ksa","algorithm":"AES","length":32,"lifecycle_state":"CREATING","time_created":"2022-06-27T09:47:10.264Z","vault_name":"demo-vault","defined_tags":{},"freeform_tags":{"Department":"Finance"},"protection_mode":"SOFTWARE","is_primary":true}}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}},"get":{"summary":"List","description":"Returns the list of OCI keys. The results can be filtered using the query parameters.\n","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of the OCI key.","collectionFormat":"multi"},{"name":"display_name","in":"query","type":"string","description":"Filter the results by display_name of the OCI key.","collectionFormat":"multi"},{"name":"algorithm","in":"query","type":"string","description":"Filter the results by OCI key algorithm.","collectionFormat":"multi"},{"name":"length","in":"query","type":"integer","description":"Filter the results by OCI key length.","collectionFormat":"multi"},{"name":"key_id","in":"query","type":"string","description":"Filter the results by OCI key_id.","collectionFormat":"multi"},{"name":"vault_name","in":"query","type":"string","description":"Filter the results by OCI vault_name.","collectionFormat":"multi"},{"name":"protection_mode","in":"query","type":"string","description":"Filter the results by OCI key protection_mode.","collectionFormat":"multi"},{"name":"job_config_id","in":"query","type":"string","description":"Filter the results by job_config_id."},{"name":"lifecycle_state","in":"query","type":"string","description":"Filter the results by OCI key lifecycle_state.","collectionFormat":"multi"},{"name":"tenancy","in":"query","type":"string","description":"Filter the results by tenancy."},{"name":"compartment_name","in":"query","type":"string","description":"Filter the results by compartment name."},{"name":"vault_id","in":"query","type":"string","description":"Filter the results by vault id."},{"name":"cckm_vault_id","in":"query","type":"string","description":"Filter the results by cckm_vault_id."},{"name":"curve_id","in":"query","type":"string","description":"Filter the results by curve id."},{"name":"gone","in":"query","type":"string","description":"Filter the results by gone status."},{"name":"region","in":"query","type":"string","description":"Filter the results by region."},{"name":"origin","in":"query","type":"string","description":"Filter the results by origin.","collectionFormat":"multi"},{"name":"local_hyok_key_id","in":"query","type":"string","description":"Filter the results by local_hyok_key_id.","collectionFormat":"multi"},{"name":"name","in":"query","type":"string","description":"Filter the results by name.","collectionFormat":"multi"},{"name":"local_hyok_key_version_id","in":"query","type":"string","description":"Filter the results by local_hyok_key_version_id.","collectionFormat":"multi"},{"name":"local_key_store_id","in":"query","type":"string","description":"Filter the results by local_key_store_id.","collectionFormat":"multi"},{"name":"linked_state","in":"query","type":"boolean","description":"Filter the results by linked_state."},{"name":"key_material_origin","in":"query","type":"string","description":"Filter the results by key_material_origin. Possible values are 'native', 'cckm', 'HYOK-CCKM', 'HYOK-External'.","collectionFormat":"multi"},{"name":"blocked","in":"query","type":"boolean","description":"Filter the results by blocked."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"8b20909b-83b5-4410-9161-9644d78b6e9e","uri":"kylo:kylo:cckm:oci-key:testocikey123-8b20909b-83b5-4410-9161-9644d78b6e9e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T09:50:48.912957Z","updatedAt":"2022-06-27T09:51:30.604949Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjtmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"native","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mtvlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wbttaadze.awivmk4xzhiaa.abuwcljrql245oiqqbsagdcy2tqdngtf746xcmiatdysrqtdsbosgnz3vfoq","display_name":"TestOciKey123","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrsepkzotmmljnblkcy7ixgahawk4mvigj3bp6q6uqe73ke5hew6ksa","algorithm":"AES","length":32,"lifecycle_state":"ENABLED","time_created":"2022-06-27T09:47:10.264Z","vault_name":"demo-vault","defined_tags":{},"freeform_tags":{"Department":"Finance"},"protection_mode":"SOFTWARE","is_primary":true}}]}}}}},"/v1/cckm/oci/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an OCI key with the given `id`.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"8b20909b-83b5-4410-9161-9644d78b6e9e","uri":"kylo:kylo:cckm:oci-key:testocikey123-8b20909b-83b5-4410-9161-9644d78b6e9e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T09:50:48.912957Z","updatedAt":"2022-06-27T09:54:51.739432Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtupelvkgx4qmqfsvm5tvqkctcf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"native","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4dt4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awivmk4xzhiaa.abuwcljtrql245oiqqbsagdcy2tqdngtf746xcmiatdysrqtdsbosgnz3vfoq","display_name":"TestOciKey123","key_id":"ocid1.key.oc1.iad.b5rtb2wbtaadze.abuwcljrsepkzommljnblkcy7ixgahawk4mvigj3bp6q6uqe73ke5hew6ksa","algorithm":"AES","length":32,"lifecycle_state":"ENABLED","time_created":"2022-06-27T09:47:10.264Z","vault_name":"demo-vault","defined_tags":{},"freeform_tags":{"Department":"Finance"},"protection_mode":"SOFTWARE","is_primary":true}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the OCI key attributes such as defined_tags, display_name, and freeform_tags.","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"body","in":"body","description":"Updates an OCI key.","schema":{"type":"object","title":"Updates an OCI key.","properties":{"display_name":{"type":"string","description":"Name for the key."},"defined_tags":{"type":"object","description":"Defined tags for the key. A tag consists of namespace, key, and value."},"freeform_tags":{"type":"object","description":"Freeform tags for the key. A freeform tag is a simple key-value pair with no predefined name, type, or namespace."},"name":{"type":"string","description":"Name for the OCI external key. Applicable only to OCI external keys."},"policy":{"type":"string","description":"Policy for the OCI external key. Applicable only to OCI external keys."}},"example":{"display_name":"ThisTestDisplayName","defined_tags":{"Operations":{"CostCenter":"42"}},"freeform_tags":{"Department":"Finance"}}}}],"responses":{"200":{"description":"OK","examples":{"id":"8b20909b-83b5-4410-9161-9644d78b6e9e","uri":"kylo:kylo:cckm:oci-key:testocikey123-8b20909b-83b5-4410-9161-9644d78b6e9e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T09:50:48.912957Z","updatedAt":"2022-06-27T09:58:14.828318752Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtupelvkgx4qmqfsvm5tvtqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"native","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgtd4d4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awivmk4xzhiaa.abuwtcljrql245oiqqbsagdcy2tqdngtf746xcmiatdysrqtdsbosgnz3vfoq","display_name":"ThisTestDisplayName","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrsepkzommljnblkcy7ixgahawk4mvigjt3bp6q6uqe73ke5hew6ksa","algorithm":"AES","length":32,"lifecycle_state":"UPDATING","time_created":"2022-06-27T09:47:10.264Z","vault_name":"demo-vault","defined_tags":{},"freeform_tags":{"Department":"Finance"},"protection_mode":"SOFTWARE","is_primary":true}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized access."},"404":{"description":"Resource not found."},"409":{"description":"There is a conflict."},"412":{"description":"Precondition Failed"},"429":{"description":"Too many request. User-rate limit exceeded."},"500":{"description":"Internal Server Error."}}},"delete":{"summary":"Delete","description":"Deletes an OCI key and its versions and backup from the CCKM.","tags":["CCKM/Oracle Keys"],"responses":{"204":{"description":"No Content | Oracle key is deleted successfully.","schema":{"type":"string"}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/oci/keys/{id}/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Refresh the key","description":"Refreshes an OCI key and its versions.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","examples":{"id":"ead12151-4695-40e2-8a70-0d8127a78a0e","uri":"kylo:kylo:cckm:oci-key:ead12151-4695-40e2-8a70-0d8127a78a0e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.453702Z","updatedAt":"2022-06-27T17:24:39.241322387Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtupelvkgx4qmqfsvm5ttvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"cckm","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audtgd4d4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awytmk46mqiaa.abutwcljsd4qe2ryznlk6a6fw7xsvqf3nlgo2vpl5rjkaduff5rlzxl75r3ka","display_name":"demoKey1","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrvxox27anrgbl3xirvmlhzf6t5ycbnbtqls5pky72a6i775cyjmcwq","algorithm":"AES","length":16,"lifecycle_state":"DISABLED","time_created":"2022-06-27T10:49:15.814Z","vault_name":"demo-vault","defined_tags":{"OCI-NAMESPACE":{"OCI-NAMESPACE_TAG_5":"vaule5"}},"freeform_tags":{"tag":"value"},"protection_mode":"HSM","is_primary":true}}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/oci/keys/{id}/delete-backup":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Delete backup of key from the CM","description":"Deletes the backup of an OCI key from the CCKM but keep its metadata.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK"},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/oci/keys/{id}/restore":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Restore deleted key","description":"Restores a deleted OCI key from the backup to OCI.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"f6a96419-6fcf-40fc-9290-fcb60d51f41e","uri":"kylo:kylo:cckm:oci-key:testocikey1-f6a96419-6fcf-40fc-9290-fcb60d51f41e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-03-16T05:19:35.903124Z","updatedAt":"2022-03-16T05:52:40.882158992Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.oqfeozixgt5if5f354umdamdqb5q6uxdhaahdtg.abuwcljs6qwagycytfmnryece3u55fswvai","cckm_vault_id":"fa8148ef-b5cb-4372-ad10-d2b403d386df","tenancy":"cloudkeymanager","region":"us-ashburn-1","compartment_name":"cloudkeymanager","key_material_origin":"native","gone":false,"oci_params":{"compartment_id":"ocid.compartment.oc..abfhuez4b7dl2lzal557m6mzq6bt72157e6b72157e6b72157e6b72157","current_key_version":"ocid1.keyversion.oc1.iad.b5q6uxdhaahdg.avatumiyxgziaa.abuwcljsss3j7xl2gpjbzdju2ryx6mwypnjqpvroyonkrikhgrfjvqxjhrpa","display_name":"TestOciKey1","key_id":"ocid1.key.oc1.iad.b5q6uxdhaahdg.abuwcljs6slr45ns5tgbxztlmaj5wyt7yliqfkroummzmgtwuqhtx7j6ulrcq","algorithm":"AES","length":32,"lifecycle_state":"ENABLED","time_created":"2022-03-16T05:19:34.298Z","vault_name":"vault","defined_tags":{},"freeform_tags":{"Department":"Finance"},"protection_mode":"SOFTWARE","is_primary":true}}}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/oci/keys/{id}/schedule-deletion":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Schedule deletion","description":"Schedules automatic deletion of an OCI key in a specified number of days.","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"body","in":"body","description":"Schedule deletion for an OCI key.","schema":{"type":"object","title":"Schedule deletion of an OCI key.","required":["days"],"properties":{"days":{"type":"integer","description":"Number of days after which the key will be deleted."}},"example":{"days":7}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"8b20909b-83b5-4410-9161-9644d78b6e9e","uri":"kylo:kylo:cckm:oci-key:testocikey123-8b20909b-83b5-4410-9161-9644d78b6e9e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T09:50:48.912957Z","updatedAt":"2022-06-27T10:00:11.13834448Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtupelvkgtx4qmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"native","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5ataal6hb2vg7audgd4d4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awtivmk4xzhiaa.abuwcljrql245oiqqbsagdcy2tqdngtf746xcmiatdysrqtdsbosgnz3vfoq","display_name":"ThisTestDisplayName","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrsepkzommljnbltkcy7ixgahawk4mvigj3bp6q6uqe73ke5hew6ksa","algorithm":"AES","length":32,"lifecycle_state":"SCHEDULING_DELETION","time_created":"2022-06-27T09:47:10.264Z","vault_name":"demo-vault","defined_tags":{},"freeform_tags":{"Department":"Finance"},"protection_mode":"SOFTWARE","time_of_deletion":"2022-07-04T10:00:09.386Z","is_primary":true}}},"400":{"description":"BadRequest"},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"409":{"description":"Conflict"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/oci/keys/{id}/cancel-deletion":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel delete","description":"Cancels deletion of the key.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"8b20909b-83b5-4410-9161-9644d78b6e9e","uri":"kylo:kylo:cckm:oci-key:testocikey123-8b20909b-83b5-4410-9161-9644d78b6e9e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T09:50:48.912957Z","updatedAt":"2022-06-27T10:01:18.057838729Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtupelvkgx4tqmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"native","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaatl6hb2vg7audgd4d4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awivtmk4xzhiaa.abuwcljrql245oiqqbsagdcy2tqdngtf746xcmiatdysrqtdsbosgnz3vfoq","display_name":"ThisTestDisplayName","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrsepkzommljnblkcty7ixgahawk4mvigj3bp6q6uqe73ke5hew6ksa","algorithm":"AES","length":32,"lifecycle_state":"CANCELLING_DELETION","time_created":"2022-06-27T09:47:10.264Z","vault_name":"demo-vault","defined_tags":{},"freeform_tags":{"Department":"Finance"},"protection_mode":"SOFTWARE","is_primary":true}}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"500":{"description":"InternalServerError"}}}},"/v1/cckm/oci/upload-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Upload","description":"Uploads a key from a key source to an OCI vault. Specify the following details.\n- ID of the vault where the key needs to be uploaded.\n- Key parameters such as description, protection mode, and name etc.\n- Source key tier.\n- Source key identifier of the key to be uploaded from a key source.\n- Compartment ID where the key will belong.\n\nSupported key algorithms and sizes.\n- CM (AES128, AES192, AES256, RSA2048, RSA3072, RSA4096)\n- DSM (AES128, AES256, RSA2048, RSA3072, RSA4096)\n- HSM LUNA (AES128, AES192, AES256, RSA2048, RSA3072, RSA4096)\n","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"body","in":"body","description":"Create a new OCI key by uploading a key from a key source.","schema":{"type":"object","title":"Create a new OCI key.","required":["source_key_identifier","source_key_tier","name","vault","protection_mode","compartment_id"],"properties":{"name":{"type":"string","description":"Name for the key."},"vault":{"type":"string","description":"ID of the OCI vault where the key is to be created."},"protection_mode":{"type":"string","description":"Protection mode of the key. A protection mode specifies where the Master Encryption Keys (MEKs) are stored and processed.","enum":["HSM","SOFTWARE"]},"source_key_identifier":{"type":"string","description":"ID of the key that will be uploaded from a key source to OCI."},"source_key_tier":{"type":"string","description":"Key source from where the key will be uploaded. Specify - `local` for the CipherTrust Manager (CM) - `dsm` for Data Security Manager (DSM) - `hsm-luna` for Luna HSM"},"compartment_id":{"type":"string","description":"Compartment ID where the key will belong."},"defined_tags":{"type":"object","description":"Defined tags for the key. A tag consists of namespace, key, and value."},"freeform_tags":{"type":"object","description":"Freeform tags for the key. A freeform tag is a simple key-value pair with no predefined name, type, or namespace."}},"example":{"source_key_identifier":"local_key_id","source_key_tier":"local","vault":"cac1153e-cd1b-4558-9ee8-c0ee91611664","name":"KeyUpload","protection_mode":"SOFTWARE","compartment_id":"ocid1.compartment.oc1..aaaaaaaae3aqswdetn2svwndxc7lyrswzqam4azefyg6obsxbrnymii6ezrva","defined_tags":{"Operations":{"CostCenter":"42"}},"freeform_tags":{"Department":"Finance"}}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"74f86ed1-593b-4e2a-bacc-5718b95503b1","uri":"kylo:kylo:cckm:oci-key:74f86ed1-593b-4e2a-bacc-5718b95503b1","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:14:49.757080806Z","updatedAt":"2022-06-27T10:14:49.756194116Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwtjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"cckm","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvtlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wtbtaadze.awevmk4yepqaa.abuwcljrcbwn3vmrcygbcscm7d7ddo2brblili2rpiixhfdchm55ikanhjgq","display_name":"TestKeyUpload123","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljriaetonvzlmjsoxxvewrpqpyv3q44spvd52vxdttesi6i43kwlbkqa","algorithm":"AES","length":16,"lifecycle_state":"CREATING","time_created":"2022-06-27T10:11:11.27Z","vault_name":"demo-vault","defined_tags":{"OCI-NAMESPACE":{"OCI-NAMESPACE_Tag_1":"OCI-VALUEtag1"}},"freeform_tags":{"Department":"Finance"},"protection_mode":"SOFTWARE","is_primary":true}}},"400":{"description":"BadRequest"},"401":{"description":"Unauthorized"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/oci/synchronization-jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Synchronize","description":"Synchronize OCI keys\n","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"body","in":"body","description":"Synchronize OCI keys of all or particular vaults.","schema":{"type":"object","title":"Synchronize keys","properties":{"vaults":{"type":"array","items":{"type":"string"},"description":"ID of the vault from which keys will be synchronized. Provide resource ID or vault ID of the OCI vault."},"synchronize_all":{"type":"boolean","description":"Whether to synchronize all keys from all vaults. Set to `true` to synchronize all keys from all vaults. `synchronize_all` and `vaults` are mutually exclusive - specify either."}}}}],"responses":{"201":{"description":"OK","examples":{"id":"3c9d0679-2007-42af-90ab-51e41baa0af6","uri":"kylo:kylo:cckm:synchronize:3c9d0679-2007-42af-90ab-51e41baa0af6","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-01-07T12:38:37.905642304Z","updatedAt":"2022-01-07T12:38:37.908448472Z","overall_status":"in_progress","cloud":"oci","key_vaults":["ea211260-9c0a-47d9-ac2e-486d0ec56d5c::vault2","405c9577-4c19-422e-9a4f-1baa6e4146c1::vault"],"abort":false}},"400":{"description":"BadRequest"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"409":{"description":"Conflict"},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}},"get":{"summary":"Status","description":"Returns a list of updated synchronization status. The results can be filtered using the query parameters.\n","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of synchronization."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by overall_status of synchronization. Possible values are `in_progress`, `completed`, and `failed`."},{"name":"vaults","in":"query","type":"array","items":{"type":"string"},"description":"Filter the results of synchronization by vaults."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"6cae9e16-5890-416b-b703-fd6727c23d68","uri":"kylo:kylo:cckm:synchronize:6cae9e16-5890-416b-b703-fd6727c23d68","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-01-07T13:16:31.885043Z","updatedAt":"2022-01-07T13:17:03.733395Z","completed_at":"2022-01-07T13:17:03.733006Z","overall_status":"completed","detailed_status":{"CCKM-Testing/ea211260-9c0a-47d9-ac2e-486d0ec56d5c":"vault synchronized successfully","CCKM/405c9577-4c19-422e-9a4f-1baa6e4146c1":"vault synchronized successfully"},"cloud":"oci","key_vaults":["ea211260-9c0a-47d9-ac2e-486d0ec56d5c::vault2","405c9577-4c19-422e-9a4f-1baa6e4146c1::vault"],"abort":false}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/synchronization-jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a synchronization process with the given id.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"6cae9e16-5890-416b-b703-fd6727c23d68","uri":"kylo:kylo:cckm:synchronize:6cae9e16-5890-416b-b703-fd6727c23d68","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-01-07T13:16:31.885043Z","updatedAt":"2022-01-07T13:17:03.733395Z","completed_at":"2022-01-07T13:17:03.733006Z","overall_status":"completed","detailed_status":{"CCKM-Testing/ea211260-9c0a-47d9-ac2e-486d0ec56d5c":"vault synchronized successfully","CCKM/405c9577-4c19-422e-9a4f-1baa6e4146c1":"vault synchronized successfully"},"cloud":"oci","key_vaults":["ea211260-9c0a-47d9-ac2e-486d0ec56d5c::vault2","405c9577-4c19-422e-9a4f-1baa6e4146c1::vault"],"abort":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/synchronization-jobs/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Cancels the synchronization job.\n","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"bebe71ac-8005-4a27-bb60-4a09874470de","uri":"kylo:kylo:cckm:synchronize:bebe71ac-8005-4a27-bb60-4a09874470de","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2022-01-07T13:20:15.831337Z","updatedAt":"2022-01-07T13:20:25.936933Z","overall_status":"in_progress","detailed_status":{"CCKM/405c9577-4c19-422e-9a4f-1baa6e4146c1":"vault synchronized successfully"},"cloud":"oci","key_vaults":["405c9577-4c19-422e-9a4f-1baa6e4146c1::vault","ea211260-9c0a-47d9-ac2e-486d0ec56d5c::vault2"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/keys/{id}/versions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Add key version","description":"Adds a new version to the OCI key. Specify whether the version will be created natively on OCI or uploaded from an external key source.","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"body","in":"body","description":"Adds a new key version to an OCI key.","schema":{"type":"object","title":"Adds a new key version to an OCI key.","required":["is_native"],"properties":{"source_key_tier":{"type":"string","description":"Key source from where the key will be uploaded. - `local` for CipherTrust Manager (CM) - `dsm` for Data Security Manager (DSM) - `hsm-luna` for Luna HSM"},"source_key_identifier":{"type":"string","description":"ID of the key that will be uploaded from a key source to OCI."},"is_native":{"type":"boolean","description":"Whether the key version will be created natively or uploaded from a key source. Set to `true` for a native key, `false` for a key source."}}}}],"responses":{"204":{"schema":{"type":"object"},"description":"OK","examples":{"id":"57d6f92c-c873-4220-ba3d-97dee7e88cdb","uri":"kylo:kylo:cckm:oci-key-version:57d6f92c-c873-4220-ba3d-97dee7e88cdb","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T17:17:03.759123975Z","updatedAt":"2022-06-27T17:17:03.757662973Z","cloud_name":"oci","key_material_origin":"cckm","gone":false,"oci_key_version_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4d4mcf6zluytmff6sq","version_id":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awytmk46mqiaa.abuwcljsd4qe2ryznlk6a6fw7txsvqf3nlgo2vpl5rjkaduff5rlzxl75r3ka","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrvxox27anrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i7t75cyjmcwq","time_created":"2022-06-27T17:17:54.227Z","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7htt67azimoplskq","lifecycle_state":"CREATING","origin":"EXTERNAL","is_primary":true},"source_key_identifier":"f849fa3179634fbfab5a8b1c8e92c8d0c000e4587c934a9e9bcf98651902efe6","source_key_tier":"local","source_key_name":"uploadTest"}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}},"get":{"summary":"List OCI key versions","description":"Returns the list of OCI key versions. The results can be filtered using the query parameters.\n","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"version_id","in":"query","type":"string","description":"Filter the results by key version_id.","collectionFormat":"multi"},{"name":"origin","in":"query","type":"string","description":"Filter the results by OCI key version origin.","collectionFormat":"multi"},{"name":"is_primary","in":"query","type":"boolean","description":"Filter the results by is_primary."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"application/json":{"skip":0,"limit":1,"total":3,"resources":[{"id":"3184ff49-7430-46b0-8eca-c9205fe9aa82","uri":"kylo:kylo:cckm:oci-key-version:3184ff49-7430-46b0-8eca-c9205fe9aa82","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.966096Z","updatedAt":"2022-06-27T10:53:36.479196Z","cloud_name":"oci","key_material_origin":"cckm","gone":false,"oci_key_version_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvtlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","version_id":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awyttmk4ywkyaa.abuwcljrt34tvg3fu7kuq5phzvca35z6vxaaliqmlxne7m7tmzmkqogjagnq","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrvxox27atnrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","time_created":"2022-06-27T10:49:15.853Z","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqtthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","lifecycle_state":"ENABLED","origin":"EXTERNAL","is_primary":true},"source_key_identifier":"0cf60376002842c58ae3aa9b2ebc111d691331dd51c1408a917b0a8d57d30bc9","source_key_tier":"local","source_key_name":"demoKey1"}]}}}}}},"/v1/cckm/oci/keys/{id}/versions/{versionID}/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"get":{"summary":"Get key version details","description":"Gets key version details. Specify the key ID and the version ID.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"3184ff49-7430-46b0-8eca-c9205fe9aa82","uri":"kylo:kylo:cckm:oci-key-version:3184ff49-7430-46b0-8eca-c9205fe9aa82","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.966096Z","updatedAt":"2022-06-27T10:53:36.479196Z","cloud_name":"oci","key_material_origin":"cckm","gone":false,"oci_key_version_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mtvlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","version_id":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awtytmk4ywkyaa.abuwcljrt34tvg3fu7kuq5phzvca35z6vxaaliqmlxne7m7tmzmkqogjagnq","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrvxox27tanrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","time_created":"2022-06-27T10:49:15.853Z","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaatdze.abuwcljtkgqthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","lifecycle_state":"ENABLED","origin":"EXTERNAL","is_primary":true},"source_key_identifier":"0cf60376002842c58ae3aa9b2ebc111d691331dd51c1408a917b0a8d57d30bc9","source_key_tier":"local","source_key_name":"demoKey1"}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/keys/{id}/enable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable key","description":"Enables the OCI key.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","examples":{"id":"ead12151-4695-40e2-8a70-0d8127a78a0e","uri":"kylo:kylo:cckm:oci-key:ead12151-4695-40e2-8a70-0d8127a78a0e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.453702Z","updatedAt":"2022-06-27T17:24:50.034650544Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljttkgqthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"cckm","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.itad.b5rbt2wbtaadze.awytmk46mqiaa.abuwcljsd4qe2ryznlk6a6fw7xsvqf3nlgo2vpl5rjkaduff5rlzxl75r3ka","display_name":"demoKey1","key_id":"ocid1.key.oc1.iad.b5rb2wbtaatdze.abuwcljrvxotx27anrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","algorithm":"AES","length":16,"lifecycle_state":"ENABLING","time_created":"2022-06-27T10:49:15.814Z","vault_name":"demo-vault","defined_tags":{"OCI-NAMESPACE":{"OCI-NAMESPACE_TAG_5":"vaule5"}},"freeform_tags":{"tag":"value"},"protection_mode":"HSM","is_primary":true}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"404":{"description":"Not Found"},"409":{"description":"Conflict"},"412":{"description":"Precondition Failed"},"429":{"description":"Too many requests. User-rate limit exceeded."},"500":{"description":"Internal Server Error"}}}},"/v1/cckm/oci/keys/{id}/disable":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable key","description":"Disables the OCI key.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","examples":{"id":"ead12151-4695-40e2-8a70-0d8127a78a0e","uri":"kylo:kylo:cckm:oci-key:ead12151-4695-40e2-8a70-0d8127a78a0e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.453702Z","updatedAt":"2022-06-27T17:23:26.844805398Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqthwjmj5mtdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"tenancy","key_material_origin":"cckm","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixbt52q2mvlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","current_key_version":"ocid1.keyversion.oc1.iad.tb5rb2wbtaadze.awytmk46mqiaa.abuwcljsd4qe2ryznlk6a6fw7xsvqf3nlgo2vpl5rjkaduff5rlzxl75r3ka","display_name":"demoKey1","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwctljrvxox27anrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","algorithm":"AES","length":16,"lifecycle_state":"DISABLING","time_created":"2022-06-27T10:49:15.814Z","vault_name":"demo-vault","defined_tags":{"OCI-NAMESPACE":{"OCI-NAMESPACE_TAG_5":"vaule5"}},"freeform_tags":{"tag":"value"},"protection_mode":"HSM","is_primary":true}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"404":{"description":"Not Found"},"409":{"description":"Conflict"},"412":{"description":"Precondition Failed"},"429":{"description":"Too many requests. User-rate limit exceeded."},"500":{"description":"Internal Server Error"}}}},"/v1/cckm/oci/keys/{id}/change-compartment":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Change compartment","description":"Chanes the OCI compartment of the OCI key.","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"body","in":"body","description":"The OCID of new OCI compartments.","schema":{"type":"object","title":"Change compartments.","required":["compartment_id"],"properties":{"compartment_id":{"type":"string","description":"The OCID of the new OCI compartment for the key."}},"example":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaaaaal6hrb2vg7audpd4d4mcf5zluymftstqdixb52q2mvlsn634ql5"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"ead12151-4695-40e2-8a70-0d8127a78a0e","uri":"kylo:kylo:cckm:oci-key:ead12151-4695-40e2-8a70-0d8127a78a0e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.453702Z","updatedAt":"2022-06-27T17:28:13.418782722Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwtcljtkgqthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"testcompartment","key_material_origin":"cckm","gone":false,"oci_params":{"compartment_id":"ocid1.compartment.oc1..aaaaaaaap5sotd2mnwgdstnovx6h2vv6paqko2gqrkkki576r5xwf5mhsvsca","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.awtytmk46mqiaa.abuwcljsd4qe2ryznlk6a6fw7xsvqf3nlgo2vpl5rjkaduff5rlzxl75r3ka","display_name":"demoKey1","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrvxox27anrgbl3xitrvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","algorithm":"AES","length":16,"lifecycle_state":"UPDATING","time_created":"2022-06-27T10:49:15.814Z","vault_name":"demo-vault","defined_tags":{"OCI-NAMESPACE":{"OCI-NAMESPACE_TAG_5":"vaule5"}},"freeform_tags":{"tag":"value"},"protection_mode":"HSM","is_primary":true}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"404":{"description":"Not Found"},"409":{"description":"Conflict"},"412":{"description":"Precondition Failed"},"429":{"description":"Too many requests. User-rate limit exceeded."},"500":{"description":"Internal Server Error"}}}},"/v1/cckm/oci/keys/{id}/versions/{versionID}/schedule-deletion":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"post":{"summary":"Schedule key version for deletion","description":"Schedules automatic deletion of an OCI key version in a specified number of days. Specify the key ID and the version ID.","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"body","in":"body","description":"Schedule deletion for an OCI key version.","schema":{"type":"object","title":"Schedule deletion for an OCI key version.","required":["days"],"properties":{"days":{"type":"integer","description":"Number of days after which the key version will be deleted. The number of days can be 7 to 30. The default value is `7`."}},"example":{"days":7}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"3184ff49-7430-46b0-8eca-c9205fe9aa82","uri":"kylo:kylo:cckm:oci-key-version:3184ff49-7430-46b0-8eca-c9205fe9aa82","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.966096Z","updatedAt":"2022-06-27T17:29:20.9951444Z","cloud_name":"oci","key_material_origin":"cckm","refreshed_at":"2022-06-27T17:24:40.485914Z","gone":false,"oci_key_version_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaataaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","version_id":"ocid1.keyversion.oc1.iad.b5rbt2wbtaadze.awytmk4ywkyaa.abuwcljrt34tvg3fu7kuq5phzvca35z6vxaaliqmlxne7m7tmzmkqogjagnq","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abtuwcljrvxox27anrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","time_created":"2022-06-27T10:49:15.853Z","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadzet.abuwcljtkgqthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","lifecycle_state":"SCHEDULING_DELETION","origin":"EXTERNAL","time_of_deletion":"2022-07-04T17:29:19.752Z","is_primary":true},"source_key_identifier":"0cf60376002842c58ae3aa9b2ebc111d691331dd51c1408a917b0a8d57d30bc9","source_key_tier":"local","source_key_name":"demoKey1"}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"409":{"description":"Conflict"},"500":{"description":"Internal server error."}}}},"/v1/cckm/oci/keys/{id}/versions/{versionID}/cancel-deletion":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"versionID","in":"path","description":"An identifier of GCP Key version resource.","type":"string","required":true}],"post":{"summary":"Cancel scheduled key version deletion","description":"Cancels scheduled deletion of a key version. Specify the key ID and the version ID.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"3184ff49-7430-46b0-8eca-c9205fe9aa82","uri":"kylo:kylo:cckm:oci-key-version:3184ff49-7430-46b0-8eca-c9205fe9aa82","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.966096Z","updatedAt":"2022-06-27T17:30:17.888692385Z","cloud_name":"oci","key_material_origin":"cckm","refreshed_at":"2022-06-27T17:24:40.485914Z","gone":false,"oci_key_version_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvrlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","version_id":"ocid1.keyversion.oc1.iad.b5rb2wbtaadze.arwytmk4ywkyaa.abuwcljrt34tvg3fu7kuq5phzvca35z6vxaaliqmlxne7m7tmzmkqogjagnq","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrvxor27anrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","time_created":"2022-06-27T10:49:15.853Z","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljrtkgqthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","lifecycle_state":"CANCELLING_DELETION","origin":"EXTERNAL","is_primary":true},"source_key_identifier":"0cf60376002842c58ae3aa9b2ebc111d691331dd51c1408a917b0a8d57d30bc9","source_key_tier":"local","source_key_name":"demoKey1"}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/oci/keys/{id}/enable-auto-rotation":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Enable auto rotation for an OCI key","description":"Enables auto rotation of an OCI key with the given ID.","tags":["CCKM/Oracle Keys"],"parameters":[{"name":"body","in":"body","description":"Enables auto rotation for an OCI key.","schema":{"type":"object","title":"Enables auto rotation for an OCI key.","required":["job_config_id","auto_rotate_key_source"],"properties":{"job_config_id":{"type":"string","description":"ID of the scheduler job that will perform key rotation."},"auto_rotate_key_source":{"type":"string","description":"Source of key material for the new OCI key. The options are `native`, `hsm-luna`, `dsm`, and `ciphertrust`."},"auto_rotate_partition_id":{"type":"string","description":"(Luna HSM keys only) ID of the partition in which the HSM key will be created. Specify this parameter when `auto_rotate_key_source` is `hsm-luna`."},"auto_rotate_domain_id":{"type":"string","description":"(DSM keys only) ID of the domain in which the DSM key will be created. Specify this parameter when `auto_rotate_key_source` is `dsm`."}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"ead12151-4695-40e2-8a70-0d8127a78a0e","uri":"kylo:kylo:cckm:oci-key:ead12151-4695-40e2-8a70-0d8127a78a0e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.453702Z","labels":{"auto_rotate_key_source":"native","job_config_id":"de7380ea-b882-4e75-952e-57bc60c0aaf8"},"updatedAt":"2022-06-27T17:32:29.908382717Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgrqthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"testcompartment","key_material_origin":"cckm","auto_rotate":true,"gone":false,"oci_params":{"compartment_id":"ocid1.compartment.oc1..aaaaaaaap5srotd2mnwgdsnovx6h2vv6paqko2gqrkkki576r5xwf5mhsvsca","current_key_version":"ocid1.keyversion.oc1.iad.b5rbr2wbtaadze.awytmk46mqiaa.abuwcljsd4qe2ryznlk6a6fw7xsvqf3nlgo2vpl5rjkaduff5rlzxl75r3ka","display_name":"demoKey1","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrvxoxr27anrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","algorithm":"AES","length":16,"lifecycle_state":"ENABLED","time_created":"2022-06-27T10:49:15.814Z","vault_name":"demo-vault","defined_tags":{"OCI-NAMESPACE":{"OCI-NAMESPACE_TAG_5":"vaule5"}},"freeform_tags":{"tag":"value"},"protection_mode":"HSM","is_primary":true}}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"},"500":{"description":"Internal server error."}}}},"/v1/cckm/oci/keys/{id}/disable-auto-rotation":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Disable the auto rotation for OCI key","description":"Disables auto rotation of an OCI key with the given ID.","tags":["CCKM/Oracle Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"ead12151-4695-40e2-8a70-0d8127a78a0e","uri":"kylo:kylo:cckm:oci-key:ead12151-4695-40e2-8a70-0d8127a78a0e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T10:52:54.453702Z","updatedAt":"2022-06-27T17:33:26.605629098Z","cloud_name":"oci","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkwgqthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","cckm_vault_id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","tenancy":"tenancy","region":"us-ashburn-1","compartment_name":"testcompartment","key_material_origin":"cckm","gone":false,"oci_params":{"compartment_id":"ocid1.compartment.oc1..aaaaaaaap5swotd2mnwgdsnovx6h2vv6paqko2gqrkkki576r5xwf5mhsvsca","current_key_version":"ocid1.keyversion.oc1.iad.b5rb2wwbtaadze.awytmk46mqiaa.abuwcljsd4qe2ryznlk6a6fw7xsvqf3nlgo2vpl5rjkaduff5rlzxl75r3ka","display_name":"demoKey1","key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrvxoxw27anrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","algorithm":"AES","length":16,"lifecycle_state":"ENABLED","time_created":"2022-06-27T10:49:15.814Z","vault_name":"demo-vault","defined_tags":{"OCI-NAMESPACE":{"OCI-NAMESPACE_TAG_5":"vaule5"}},"freeform_tags":{"tag":"value"},"protection_mode":"HSM","is_primary":true}}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/oci/get-compartments":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get OCI compartments","description":"Fetches OCI compartments based on the connection.\n","tags":["CCKM/Oracle Compartments"],"parameters":[{"name":"body","in":"body","description":"Fetches OCI compartments based on the connection.","schema":{"type":"object","title":"Get compartments.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the OCI connection."},"limit":{"type":"integer","description":"Number of records to return in a paginated \"List\" call, but might not return that exact number. First page might return one more than provided value because of inclusion of root compartment (tenancy) ."},"ociNextPage":{"type":"string","description":"Parameter to get the remaining records. The limit to view the remaining records remains the same as the `limit` parameter set for the first time. For example, if there are 20 vaults and you set `limit` to `11`, then to view the remaining `9` vaults, use `ociNextPage`."}},"example":{"connection":"oci-connection","limit":1,"ociNextPage":"AFUWCLJRUGFUGSVFMZCVMRXGI2TMOZMWYTRRKZWTKTSRNV4E2Y2UJJZFORCWJVNDE4D2K5DVKMKNIVLGCY2IOBKGG3TEGBIV"}}}],"responses":{"200":{"description":"OK","examples":{"data":[{"id":"ocid1.compartment.oc1..aaaaaaaae3nhawsedrftgyhujikolwzqam4azefygr6obsxbrnymii6ezrva","compartmentId":"ocid1.tenancy.oc1..aaaaaaaadixbawsedrftgyhujikol5aaal6rhb2vg7audpd4d4mcf5zluymff6sq","name":"testcompartment1","description":"test","timeCreated":"2017-09-21T05:05:13.911Z","lifecycleState":"ACTIVE","inactiveStatus":null,"isAccessible":true,"freeformTags":{},"definedTags":{}},{"id":"ocid1.compartment.oc1..aaaaaaaasysikol4tfba7npxnal7whxiiztzva76rjxn2mrjawsedrftgyhuj","compartmentId":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn63awsedrftgyprppuuulaudpd4d4mcf5zluymff6sq","name":"testcompartment2","description":"vault-dev users","timeCreated":"2021-11-11T07:35:14.577Z","lifecycleState":"ACTIVE","inactiveStatus":null,"isAccessible":true,"freeformTags":{"team":"cckm"},"definedTags":{}}],"ociNextPage":"AFUWCLJRUGFUGSVFMZCVMRXGI2TMOZMWYTRRKZWTKTSRNV4E2Y2UJJZFORCWJVNDE4D2K5DVKMKNIVLGCY2IOBKGG3TEGBIV"}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"422":{"description":"Unprocessable entity."}}}},"/v1/cckm/oci/get-subscribed-regions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get OCI subscribed regions","description":"Fetches subscribed OCI regions based on the connection.\n","tags":["CCKM/Oracle Regions"],"parameters":[{"name":"body","in":"body","description":"Fetches subscribed OCI regions based on the connection.","schema":{"type":"object","title":"Get subscribed regions.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the OCI connection."}},"example":{"connection":"oci-connection"}}}],"responses":{"200":{"description":"OK","examples":{"regions":["us-ashburn-1","uk-london-1"]}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"422":{"description":"Unprocessable entity."}}}},"/v1/cckm/oci/reports":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Generate a report","description":"Generates an OCI report. Specify the following details.\n- Start time\n- End time\n- Report type\n- OCI parameters\n- Name\n","tags":["CCKM/Oracle Reports"],"parameters":[{"name":"body","in":"body","description":"Generate a report.","schema":{"type":"object","title":"Get Key Activity Report.","required":["oci_params","name","report_type"],"properties":{"name":{"type":"string","description":"Name of the OCI report."},"start_time":{"type":"string","description":"Start time from when the report is to be generated. Default start time is end_time-24hrs."},"end_time":{"type":"string","description":"End time for the report. Default end time is the time when the call is initiated."},"report_type":{"type":"string","description":"Type of the report to be generated.","enum":["key-report","key-rotation","key-aging"]},"oci_params":{"type":"array","items":{"type":"object","description":"OCI parameter.","required":["vault"],"properties":{"vault":{"type":"string","description":"Resource ID of the OCI vault on the CipherTrust Manager."}}}}},"example":{"start_time":"2022-02-02T00:00:00Z","end_time":"2022-02-02T20:00:00Z","name":"report-name","report_type":"key-report","oci_params":[{"vault":"cac0dc79-de8a-4cde-a5f3-84qawsed637e"}]}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"534c09d8-befc-447f-96b8-740ea3200520","uri":"kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-02-07T04:44:54.842134932Z","updatedAt":"2022-02-07T04:44:54.845464762Z","overall_status":"in_progress","detailed_status":{"cac0dc79-de8a-4cde-a5f3-84c1b42b637e":"in_progress"},"abort":false,"connection":"oci1","report_type":"key-rotation","vaults":["cac0dc79-de8a-4cde-a5f3-84c1b42b637e"],"start_time":"2022-02-02T00:00:00Z","end_time":"2022-02-02T20:00:00Z","name":"report-name"}}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"409":{"description":"Conflict."},"422":{"description":"Unprocessable entity."},"500":{"description":"Internal server error."}}},"get":{"summary":"List reports","description":"Returns the list of updated reports. The results can be filtered using the query parameters.\n","tags":["CCKM/Oracle Reports"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of reports."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by overall_status."},{"name":"name","in":"query","type":"string","description":"Filter the results by report name.","collectionFormat":"multi"},{"name":"report_type","in":"query","type":"string","description":"Filter the results by report_type.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"534c09d8-befc-447f-96b8-740ea3200520","uri":"kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-02-07T04:44:54.842135Z","updatedAt":"2022-02-07T04:44:54.845465Z","overall_status":"in_progress","detailed_status":{"cac0dc79-de8a-4cde-a5f3-84c1b42b637e":"in_progress"},"abort":false,"connection":"oci1","report_type":"key-rotation","vaults":["cac0dc79-de8a-4cde-a5f3-84c1b42b637e"],"start_time":"2022-02-02T00:00:00Z","end_time":"2022-02-02T20:00:00Z","name":"report1"}]}}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/oci/reports/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get report","description":"Gets the details of an OCI report.\n","tags":["CCKM/Oracle Reports"],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"534c09d8-befc-447f-96b8-740ea3200520","uri":"kylo:kylo:cckm:oci-reports:534c09d8-befc-447f-96b8-740ea3200520","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-02-07T04:44:54.842135Z","updatedAt":"2022-02-07T04:51:28.094618Z","completed_at":"2022-02-07T04:51:28.094291Z","overall_status":"completed","detailed_status":{"cac0dc79-de8a-4cde-a5f3-84c1b42b637e":"completed"},"abort":false,"connection":"oci1","report_type":"key-rotation","vaults":["cac0dc79-de8a-4cde-a5f3-84c1b42b637e"],"start_time":"2022-02-02T00:00:00Z","end_time":"2022-02-02T20:00:00Z","name":"report1"}}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}},"delete":{"summary":"Delete","description":"Deletes a job and its OCI reports from the CCKM.","tags":["CCKM/Oracle Reports"],"responses":{"204":{"description":"No Content | OCI report is deleted successfully."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/oci/reports/{id}/contents":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get contents","description":"Gets the content of an OCI report on console.\n","tags":["CCKM/Oracle Reports"],"parameters":[{"name":"key_name","in":"query","type":"string","description":"Filter the results by key_name."},{"name":"oci_key_id","in":"query","type":"string","description":"Filter the results by oci_key_id.","collectionFormat":"multi"},{"name":"vault_id","in":"query","type":"string","description":"Filter the results by vault_id."},{"name":"key_activity","in":"query","type":"string","description":"Filter the results by key_activity.","collectionFormat":"multi"},{"name":"user_name","in":"query","type":"string","description":"Filter the results by user_name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":1,"total":4,"resources":[{"id":"e54fd744-dc76-4cb1-812b-85c854f46a8d","uri":"kylo:kylo:cckm:oci-reports:e54fd744-dc76-4cb1-812b-85c854f46a8d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-28T05:34:55.916506Z","updatedAt":"2022-06-28T05:34:55.915097Z","key_name":"demoKey1","oci_key_id":"ocid1.key.oc1.iad.b5rb2wbtaadze.abuwcljrvxox257anrgbl3xirvmlhzf6t5ycbnbqls5pky72a6i775cyjmcwq","vault_id":"ocid1.vault.oc1.iad.b5rb2wbtaadze.abuwcljtkgqtthwjmj5mdtupelvkgx4qmqfsvm5tvqkccf7ht67azimoplskq","key_activity":"ScheduleKeyVersionDeletion","event_type":"ScheduleKeyVersionDeletion.begin","cloud_user_name":"a@example.com","event_time":"2022-06-27T17:30:11.478Z"}]}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/oci/reports/{id}/download":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get CSV contents","description":"Gets the comma-separated OCI report. The report is downloaded as a CSV file.\n","tags":["CCKM/Oracle Reports"],"produces":["text/csv"],"responses":{"200":{"description":"OK","examples":{"text/csv":"Key Name,OCI Key ID,Vault,Key Activity,Event Type,OCI User,Event Time TestOciKey-AES256,KeyManagementService.ImportKeyVersion,ocid1.key.oc1.iad.b5q6b74yaaeva.abuwclqawsed4ez6en3r6l3fidclmo7gchaoofef5pfjjlfsznhov37rzgcq,ocid1.vault.oc1.iad.bzqqawsedaeuk.abuwclqawsedmgypqud5hgd7ikl7pmfn7q6wogbigjryu4udtkinnkmyacrq,ImportKeyVersion,2022-02-02 10:03:12.907 +0000 +0000,user@example.com\n"}},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/oci/storage/list-buckets":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"List Buckets","description":"Lists the buckets associated to the specified compartment.\n","tags":["CCKM/Oracle Storage"],"parameters":[{"name":"body","in":"body","description":"Fetches buckets from provided compartment ID.","schema":{"type":"object","title":"list buckets.","required":["connection","compartment_id"],"properties":{"connection":{"type":"string","description":"Name or ID of the OCI connection."},"compartment_id":{"type":"string","description":"Compartment ID to get the buckets from."},"limit":{"type":"integer","description":"The maximum number of items to return in a paginated \"List\" call but might not return that exact number."},"ociNextPage":{"type":"string","description":"Nextlink is used to get the remaining items left in the list. The limit to view the items is same as you set for the first time. For eg. If there are 20 buckets and you set the limit to 11 then to view the remaining 9 buckets you need to use nextLink."}},"example":{"connection":"oci-connection","compartment_id":"ocid.compartment.oc..abfhuez4b7dl2lzal557m6mzq6ber72157e6b72157e6b72157e6b72157","limit":1,"ociNextPage":""}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"data":[{"namespace":"namespace-name","name":"bucket1","compartmentId":"ocid.compartment.oc..abfhuez4b7dl2lzal557m6mzq6b72157e6b72157e6b7232157e6b72157","createdBy":"ocid.compartment.oc..abfhuez4b7dl2lzal557m6mzqrt6b72157e6b72157e6b72157e6b72127","timeCreated":"2021-12-01T05:25:52.555Z","etag":"03e0d128-25ca-4e2d-b371-372e4fc5d56d","freeformTags":null,"definedTags":null},{"namespace":"namespace-name","name":"bucket","compartmentId":"ocid.compartment.oc..abfhuez4b7dl2lzal557m6mzq6b72157e6b72157e6b7232157e6b72157","createdBy":"ocid.compartment.oc..abfhuez4b7dl2lzal557m6mzqrt6b72157e6b72157e6b72157e6b72127","timeCreated":"2020-04-29T17:42:15.688Z","etag":"6b72157e-bc8d-41c6-b84f-9cf3452de819","freeformTags":null,"definedTags":null}],"ociNextPage":"AFUWCLJRUGFUGSVFMZCVMRXGI2TMOZMWYTRRKZWTKTSRNV4E2Y2UJJZFORCWJVNDE4D2K5DVKMKNIVLGCY2IOBKGG3TEGBIV"}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/cckm/oci/add-compartments":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add OCI compartments","description":"Add a OCI compartments.","tags":["CCKM/Oracle Compartments"],"parameters":[{"name":"body","in":"body","description":"OCI compartments parameters.","schema":{"type":"object","description":"Add OCI compartments.","required":["compartment_id","connection"],"properties":{"compartment_id":{"type":"array","description":"List of OCI compartments ID to be added.","items":{"type":"string","description":"OCI compartments ID."}},"connection":{"type":"string","description":"Name or ID of the OCI connection."}},"example":{"connection":"oci-connection","compartment_id":["ocid1.vault.oc1.iad.bzqyzunhaagyg.abuwcljrlzpbjpufvqpawsedrftgyhyujikol7dximukyazav4hyzgbpdtd7qnea"]}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"5c95acdc-4159-4bb5-95e1-d30ca5a7ea74","uri":"kylo:kylo:cckm:oci-compartment:5c95acdc-4159-4bb5-95e1-d30ca5a7ea74","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-28T05:16:48.160606439Z","updatedAt":"2022-06-28T05:16:48.16060652Z","compartments":[{"id":"49c7b55f-7bfd-4c7c-b1d5-947c5173b7cf","uri":"kylo:kylo:cckm:oci-compartment:49c7b55f-7bfd-4c7c-b1d5-947c5173b7cf","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-28T05:16:48.159062258Z","updatedAt":"2022-06-28T05:16:48.156290008Z","tenancy":"tenancy","compartment_id":"ocid1.compartment.oc1..aaaaaaaa2cwrdyh27olx4bcjzbbmktrapv3plfdckqmknh5gug6afeflpydvq","parent_compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634bql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","name":"Infra-Test","description":"Compartment is created for TESTING PURPOSE","time_created":"2022-06-02T08:41:53.338Z","lifecycle_state":"ACTIVE","is_accessible":true,"defined_tags":{},"freeform_tags":{}}]}}},"400":{"description":"BAD REQUEST"},"403":{"description":"FORBIDDEN"},"409":{"description":"CONFLICT"},"412":{"description":"PRECONDITION FAILED"},"500":{"description":"INTERNAL SERVER ERROR"}}}},"/v1/cckm/oci/compartments":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"List OCI compartments from CCKM.","tags":["CCKM/Oracle Compartments"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by id."},{"name":"name","in":"query","type":"string","description":"Filter the results by display name."},{"name":"compartment_id","in":"query","type":"string","description":"Filter the results by compartment ID.","collectionFormat":"multi"},{"name":"tenancy","in":"query","type":"string","description":"Filter the results by tenancy.","collectionFormat":"multi"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":1,"total":2,"resources":[{"id":"966fc896-b89a-48a5-8e63-ee61d65c85e0","uri":"kylo:kylo:cckm:oci-compartment:966fc896-b89a-48a5-8e63-ee61d65c85e0","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T08:50:28.007873Z","updatedAt":"2022-06-27T08:50:28.006723Z","tenancy":"tenancy","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","name":"tenancy","description":"Testing Description","time_created":"2017-08-31T17:44:07.034Z","lifecycle_state":"ACTIVE","is_accessible":true,"defined_tags":{},"freeform_tags":{}}]}},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/compartments/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a OCI compartment with the given `id`.","tags":["CCKM/Oracle Compartments"],"responses":{"200":{"description":"OK","examples":{"id":"966fc896-b89a-48a5-8e63-ee61d65c85e0","uri":"kylo:kylo:cckm:oci-compartment:966fc896-b89a-48a5-8e63-ee61d65c85e0","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T08:50:28.007873Z","updatedAt":"2022-06-27T08:50:28.006723Z","tenancy":"tenancy","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4d4mcf6zluymff6sq","name":"tenancy","description":"Testing Description","time_created":"2017-08-31T17:44:07.034Z","lifecycle_state":"ACTIVE","is_accessible":true,"defined_tags":{},"freeform_tags":{}}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized."},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes an OCI compartment from the CCKM.","tags":["CCKM/Oracle Compartments"],"responses":{"204":{"description":"No Content | OCI compartment is deleted successfully."},"404":{"description":"Resource not found."}}}},"/v1/cckm/oci/get-defined-tags":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get OCI defined tags","description":"Get OCI defined tags.","tags":["CCKM/Oracle Compartments"],"parameters":[{"name":"body","in":"body","description":"OCI get defined tags parameters.","schema":{"type":"object","description":"Get OCI defined tags.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the OCI connection."},"limit":{"type":"integer","description":"Number of records to return in a paginated \"List\" call, but might not return that exact number. It's for Tag Namespace."},"ociNextPage":{"type":"string","description":"Parameter to get the remaining records. The limit to view the remaining records remains the same as the `limit` parameter set for the first time. For example, if there are 20 vaults and you set `limit` to `11`, then to view the remaining `9` vaults, use `ociNextPage`."}},"example":{"connection":"oci-connection","limit":1,"ociNextPage":"AFUWCLJRUGFUGSVFMZCVMRXGI2TMOZMWYTRRKZWTKTSRNV4E2Y2UJJZFORCWJVNDE4D2K5DVKMKNIVLGCY2IOBKGG3TEGBIV"}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"defined-tags":[{"tag_namespace_name":"OCI-NAMESPACE","name":"OCI-NAMESPACE_Tag_1","values":["OCI-VALUEtag1"]},{"tag_namespace_name":"OCI-NAMESPACE","name":"OCI-NAMESPACE_Tag_2","values":["OCI-VALUEtag2"]},{"tag_namespace_name":"OCI-NAMESPACE","name":"OCI-NAMESPACE_Tag_3","values":["OCI-VALUEtag3"]},{"tag_namespace_name":"OCI-NAMESPACE","name":"OCI-NAMESPACE_Tag_4","values":["OCI-VALUEtag4"]},{"tag_namespace_name":"OCI-NAMESPACE","name":"OCI-NAMESPACE_TAG_5","values":null},{"tag_namespace_name":"OCI-NAMESPACE","name":"OCI-NAMESPACE_TAG_6","values":null},{"tag_namespace_name":"OCI-NAMESPACE","name":"OCI-NAMESPACE_TAG_7","values":["OCI-VALUEtag7","OCI-VALUEtag71"]}],"ociNextPage":"AFUWCLJRUGFUGSVFMZCVMRXGI2TMOZMWYTRRKZWTKTSRNV4E2Y2UJJZFORCWJVNDE4D2K5DVKMKNIVLGCY2IOBKGG3TEGBIV"}}},"400":{"description":"BAD REQUEST"},"403":{"description":"FORBIDDEN"},"409":{"description":"CONFLICT"},"412":{"description":"PRECONDITION FAILED"},"500":{"description":"INTERNAL SERVER ERROR"}}}},"/v1/cckm/oci/create-external-vault":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create OCI External Vaults","description":"Creates an OCI external vault. Currently, only creation of locally-hosted external vault is supported.","tags":["CCKM/Oracle External Vaults","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"OCI external vaults parameters.","schema":{"type":"object","description":"Add OCI external vaults.","required":["vault_name","compartment_id","endpoint_url_hostname","kms_client_id","issuer_id"],"properties":{"vault_name":{"type":"string","description":"Name of the OCI external vault."},"connection":{"type":"string","description":"Name or ID of the OCI connection."},"compartment_id":{"type":"string","description":"ID of the OCI compartment."},"endpoint_url_hostname":{"type":"string","description":"Hostname for the OCI external vault endpoint URL."},"kms_client_id":{"type":"string","description":"Client ID of the OCI KMS application as registered on third-party IDP."},"issuer_id":{"type":"string","description":"ID of the issuer."},"policy":{"type":"string","description":"Policy for the OCI external vault. Applicable only to OCI external vaults."}},"example":{"vault_name":"oci-external-vault-one","connection":"oci-connection","endpoint_url_hostname":"localhost","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4dt4mcf6zluymff6sq","issuer_id":"95e0d83c-c408-42c7-b3f2-c86cd6bcda51","kms_client_id":"kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56","policy":"\n\tpackage example\n\tdefault allow = false\n allow {\n\t\t\tinput.authorization.client_ocid == \"kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56\"\n\t\t}\n"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"37900289-47cf-4172-91c5-7ea6cb87c4b7","uri":"kylo:kylo:cckm:oci-vault:37900289-47cf-4172-91c5-7ea6cb87c4b7","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-06-27T08:50:28.011605208Z","updatedAt":"0001-01-01T00:00:00Z","vault_name":"oci-external-vault-one","connection":"oci-connection","endpoint_url_hostname":"localhost","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audgd4dt4mcf6zluymff6sq","issuer_id":"95e0d83c-c408-42c7-b3f2-c86cd6bcda51","kms_client_id":"kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56","time_created":"2022-02-28T23:18:12.263Z","compartment_name":"tenancy","endpoint_url":"https://localhost/api/v1/cckm/oci/external-vaults/37900289-47cf-4172-91c5-7ea6cb87c4b7","linked_state":false,"cloud_name":"oci","external_vault_type":"local","tenancy":"tenancy","blocked":false,"policy":"\n\tpackage example\n\tdefault allow = false\n allow {\n\t\t\tinput.authorization.client_ocid == \"kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56\"\n\t\t}\n"}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized access."},"409":{"description":"There is a conflict."},"412":{"description":"Precondition Failed"},"500":{"description":"Internal Server Error."}}}},"/v1/cckm/oci/create-external-key":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create external keys in OCI external vault","description":"Creates an external key in an external vault. Only AES-256 keys are supported.","tags":["CCKM/Oracle External Vaults","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"OCI external key parameters.","schema":{"type":"object","description":"Add OCI external key.","required":["vault","name","source_key_identifier"],"properties":{"vault":{"type":"string","description":"ID of the external vault."},"name":{"type":"string","description":"Name for the external key."},"policy":{"type":"string","description":"Policy to be attached to the external key."},"source_key_identifier":{"type":"string","description":"Source Key Identifier of an existing CM sourceKey (only AES 256 keys are allowed)."}},"example":{"vault":"dfdd7c99-255b-424f-a869-72656abd41d3","name":"key-external-key-01","source_key_identifier":"65fa3a0db5014a429d1a3d38094dd4253d08edc1b88a46c0af71cc22daa8b815"}}}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"id":"c10f3299-53e6-438e-b580-9aab5e7c1a41","uri":"kylo:kylo:cckm:oci-key:dfsfd-c10f3299-53e6-438e-b580-9aab51234567","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-10-20T09:30:08.737979Z","updatedAt":"2022-10-20T09:30:08.73646Z","cloud_name":"oci","cckm_vault_id":"dfdd7c99-255b-424f-a869-72656abd41d3","tenancy":"gemaltoproductdev","compartment_name":"gemaltoproductdev","key_material_origin":"HYOK-CCKM","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5123456","algorithm":"AES","length":256},"local_hyok_key_params":{"name":"test","linked_state":false,"blocked":false,"policy":null}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized access."},"409":{"description":"There is a conflict."},"412":{"description":"Precondition Failed"},"500":{"description":"Internal Server Error."}}}},"/v1/cckm/oci/vaults/{id}/block":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Block access to OCI external vaults","description":"Blocks access to encrypt, decrypt, and health requests to an OCI external vault. This API is applicable to the OCI external vaults only.\n","tags":["CCKM/Oracle External Vaults","Tech Preview"],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"3cce1ed1-fe53-4e85-9d52-27d759dec63a","uri":"kylo:kylo:cckm:oci-vaults:3cce1ed1-fe53-4e85-9d52-27d759dec63a","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-23T20:44:49.561251Z","updatedAt":"2022-09-28T08:59:17.152218Z","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq","cloud_name":"oci","connection":"oci","vault_type":"EXTERNAL","tenancy":"gemaltoproductdev","region":"us-ashburn-1","compartment_name":"gemaltoproductdev","vault_name":"oci-external-vault-one","endpoint_url":"https://localhost/api/v1/cckm/oci/external-vaults/3cce1ed1-fe53-4e85-9d52-27d759dec63a","endpoint_url_hostname":"localhost","linked_state":"false","external_vault_type":"local","kms_client_id":"kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56","blocked":true,"policy":"\n\tpackage example\n\tdefault allow = false\n allow {\n\t\t\tinput.authorization.client_ocid == \"kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56\"\n\t\t}\n"}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found"},"500":{"description":"Internal server error"}}}},"/v1/cckm/oci/vaults/{id}/unblock":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Unblock access to OCI external vaults","description":"Unblocks access to encrypt, decrypt, and health requests to an OCI external vault. This API is applicable to the OCI external vaults only.\n","tags":["CCKM/Oracle External Vaults","Tech Preview"],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"3cce1ed1-fe53-4e85-9d52-27d759dec63a","uri":"kylo:kylo:cckm:oci-vaults:3cce1ed1-fe53-4e85-9d52-27d759dec63a","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-23T20:44:49.561251Z","updatedAt":"2022-09-28T08:59:17.152218Z","compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq","cloud_name":"oci","connection":"oci","vault_type":"EXTERNAL","tenancy":"gemaltoproductdev","region":"us-ashburn-1","compartment_name":"gemaltoproductdev","vault_name":"oci-external-vault-one","endpoint_url":"https://localhost/api/v1/cckm/oci/external-vaults/3cce1ed1-fe53-4e85-9d52-27d759dec63a","endpoint_url_hostname":"localhost","linked_state":"false","external_vault_type":"local","kms_client_id":"kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56","blocked":false,"policy":"\n\tpackage example\n\tdefault allow = false\n allow {\n\t\t\tinput.authorization.client_ocid == \"kco-5e0d83c-c408-42c7-b3f2-c86cd6bcda56\"\n\t\t}\n"}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found"},"500":{"description":"Internal server error"}}}},"/v1/cckm/oci/issuers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a valid JWT issuer (third-party IDP).\nThe issuer validates authentication JWT used by OCI KMS to access External Vaults/Keys hosted on the CipherTrust Manager.\nWhen creating the issuer, you must specify a unique name along with one of the following combinations\n- issuer and jwks_uri\n- openid_config_url: will be used to auto-fetch the issuer and jwks_uri\nIf JWKS URI is protected, you must also specify the client ID and client secret of the CipherTrust Manager application as registered on third-party IDP.\n","tags":["CCKM/Oracle Issuers","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"Issuer parameters","schema":{"type":"object","title":"Creates Issuer for OCI external keys.","required":["name","jwks_uri_protected"],"properties":{"name":{"type":"string","description":"Name of the issuer. It should be unique."},"openid_config_url":{"type":"string","description":"OpendID configuration URL for the issuer."},"issuer":{"type":"string","description":"Issuer URL for the issuer."},"jwks_uri":{"type":"string","description":"URI of JWKS, for example, https://abc.auth0.com/.well-known/jwks.json."},"jwks_uri_protected":{"type":"boolean","description":"Set true for a protected JWSK URI and false for unprotected JWKS URI."},"client_id":{"type":"string","description":"Client ID of the CipherTrust Manager application as registered on third-party IDP."},"client_secret":{"type":"string","description":"Client secret of the CipherTrust Manager application as registered on third-party IDP."}},"example":{"name":"issuerOne","issuer":"https://issuer.com","jwks_uri":"https://www.example.com/jwks.json","jwks_uri_protected":true,"client_id":"clientId","client_secret":"clientSecret"}}}],"responses":{"201":{"description":"OK","examples":{"id":"9a82d3cc-c79f-478f-b6f6-c3b480c0b400","uri":"kylo:kylo:cckm:abcd","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-22T21:22:03.959447Z","updatedAt":"2022-09-22T21:24:35.503393Z","name":"issuerOne","openid_config_url":"https://www.example.com/openid-configuration","issuer":"https://issuer.com","jwks_uri":"https://www.example.com/jwks.json","jwks_uri_protected":true,"client_id":"clientId","client_secret":"clientSecret"}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized access."},"409":{"description":"There is a conflict."},"412":{"description":"Precondition Failed"},"500":{"description":"Internal Server Error."}}},"get":{"summary":"List","description":"View the list of the OCI issuers. The results can be filtered using the query parameters.\n","tags":["CCKM/Oracle Issuers","Tech Preview"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of the OCI issuer.","collectionFormat":"multi"},{"name":"name","in":"query","type":"string","description":"Filter the results by name of the OCI issuer.","collectionFormat":"multi"},{"name":"issuer","in":"query","type":"string","description":"Filter the results by issuer."},{"name":"jwks_uri_protected","in":"query","type":"boolean","description":"Filter the results by jwks_uri_protected."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"9a82d3cc-c79f-478f-b6f6-c3b480c0b400","uri":"kylo:kylo:cckm:issuerOne","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-22T21:22:03.959447Z","updatedAt":"2022-09-22T21:22:03.959447Z","name":"issuerOne","openid_config_url":"https://www.example.com/openid-configuration","issuer":"https://issuer.com","jwks_uri":"https://www.example.com/jwks.json","jwks_uri_protected":true,"client_id":"clientId","client_secret":"clientSecret"}]}},"401":{"description":"Unauthorized access."},"500":{"description":"Internal Server Error."}}}},"/v1/cckm/oci/issuers/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"View the details of an OCI issuer with the given id.","tags":["CCKM/Oracle Issuers","Tech Preview"],"responses":{"200":{"description":"OK","examples":{"id":"9a82d3cc-c79f-478f-b6f6-c3b480c0b400","uri":"kylo:kylo:cckm:abcd","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-22T21:22:03.959447Z","updatedAt":"2022-09-22T21:24:35.503393Z","name":"issuerOne","openid_config_url":"https://www.example.com/openid-configuration","issuer":"https://issuer.com","jwks_uri":"https://www.example.com/jwks.json","jwks_uri_protected":true,"client_id":"clientId","client_secret":"clientSecret"}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized access."},"404":{"description":"Resource not found."},"500":{"description":"Internal Server Error."}}},"patch":{"summary":"Update","description":"Update an OCI issuer for the given id.","tags":["CCKM/Oracle Issuers","Tech Preview"],"parameters":[{"name":"body","in":"body","description":"Updates an OCI issuer.","schema":{"type":"object","title":"Updates an OCI issuer.","properties":{"name":{"type":"string","description":"Unique name for the issuer."},"jwks_uri_protected":{"type":"boolean","description":"Set true for a protected JWSK URI and false for unprotected JWKS URI."},"client_id":{"type":"string","description":"Client ID of the CipherTrust Manager application as registered on third-party IDP."},"client_secret":{"type":"string","description":"Client secret of the CipherTrust Manager application as registered on third-party IDP."}},"example":{"name":"issuerOne","jwks_uri_protected":true,"client_id":"clientId","client_secret":"clientSecret"}}}],"responses":{"200":{"description":"OK","examples":{"id":"9a82d3cc-c79f-478f-b6f6-c3b480c0b400","uri":"kylo:kylo:cckm:abcd","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-09-22T21:22:03.959447Z","updatedAt":"2022-09-22T21:24:35.503393Z","name":"issuerOne","openid_config_url":"https://www.example.com/openid-configuration","issuer":"https://issuer.com","jwks_uri":"https://www.example.com/jwks.json","jwks_uri_protected":true,"client_id":"clientId","client_secret":"clientSecret"}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized access."},"404":{"description":"Resource not found."},"409":{"description":"There is a conflict."},"412":{"description":"Precondition Failed"},"429":{"description":"Too many request. User-rate limit exceeded."},"500":{"description":"Internal Server Error."}}},"delete":{"summary":"Delete","description":"Deletes an OCI issuer from the CCKM.","tags":["CCKM/Oracle Issuers","Tech Preview"],"responses":{"204":{"description":"No Content | Oracle issuer is deleted successfully."},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/oci/keys/{id}/block":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Block access to OCI external key","description":"Blocks access to encrypt, decrypt, and generte-random-bytes APIs for an OCI external key.\nApplicable only to the OCI external keys.\n","tags":["CCKM/Oracle External Vaults","Tech Preview"],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"0aa6a6dd-6ca2-47ae-92f1-cc4c75287597","uri":"kylo:kylo:cckm:oci-key:oci-key-name-0aa6a6dd-6ca2-47ae-92f1-cc4c75287597","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-10-20T10:16:27.258106Z","updatedAt":"2022-10-21T10:27:15.373651Z","cloud_name":"oci","cckm_vault_id":"da244ff5-d7f2-431a-b252-a451f77184eb","tenancy":"gemaltoproductdev","compartment_name":"gemaltoproductdev","key_material_origin":"HYOK-CCKM","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq","algorithm":"AES","length":256},"local_hyok_key_params":{"name":"OCI_Key_Name","local_key_store_id":"75749794-1d8a-4727-8997-efb012f77db9","local_hyok_key_id":"37488e8c-a9a0-4c81-a880-cb783c3513ec","local_hyok_key_version_id":"82164f4a-6e1f-4c3d-9c5f-bea5e24ad3fe","linked_state":false,"blocked":true,"policy":null}}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found"},"500":{"description":"Internal server error"}}}},"/v1/cckm/oci/keys/{id}/unblock":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Unblock access to OCI external key","description":"Unblocks access to encrypt, decrypt, and generte-random-bytes APIs for an OCI external key.\nApplicable only to the OCI external keys.\n","tags":["CCKM/Oracle External Vaults","Tech Preview"],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"id":"0aa6a6dd-6ca2-47ae-92f1-cc4c75287597","uri":"kylo:kylo:cckm:oci-key:oci-key-name-0aa6a6dd-6ca2-47ae-92f1-cc4c75287597","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-10-20T10:16:27.258106Z","updatedAt":"2022-10-21T10:33:05.283538Z","cloud_name":"oci","cckm_vault_id":"da244ff5-d7f2-431a-b252-a451f77184eb","tenancy":"gemaltoproductdev","compartment_name":"gemaltoproductdev","key_material_origin":"HYOK-CCKM","gone":false,"oci_params":{"compartment_id":"ocid1.tenancy.oc1..aaaaaaaadixb52q2mvlsn634ql5aaal6hb2vg7audpd4d4mcf5zluymff6sq","algorithm":"AES","length":256},"local_hyok_key_params":{"name":"OCI_Key_Name","local_key_store_id":"75749794-1d8a-4727-8997-efb012f77db9","local_hyok_key_id":"37488e8c-a9a0-4c81-a880-cb783c3513ec","local_hyok_key_version_id":"82164f4a-6e1f-4c3d-9c5f-bea5e24ad3fe","linked_state":false,"blocked":false,"policy":null}}},"400":{"description":"Bad request."},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found"},"500":{"description":"Internal server error"}}}},"/v1/cckm/external-cm/get-domains":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Get domains from external CM","description":"Get external CM domains based on the connection.\n","tags":["CCKM/External CM Domains"],"parameters":[{"name":"body","in":"body","description":"Get ExternalCM domains based on the connection","schema":{"type":"object","title":"get external cm domains.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name of the connection based on which domains are to be fetched."}},"example":{"connection":"cm-connection"}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"skip":0,"limit":10,"total":6,"current_domain":{"id":"00000000-0000-0000-0000-000000000000","name":"root"},"resources":[{"id":"813d65ec-f2c1-41f8-b4d2-378252c72a39","name":"d3-insidedomain2"},{"id":"00a8b1f3-d1e3-4991-bca1-a360fcf994cf","name":"d2-insidedomain"},{"id":"0abcee27-0d07-420a-aa60-198259bbf996","name":"d3-insided2"},{"id":"dfced667-0977-4d58-813e-ae26ec49336c","name":"domain2"},{"id":"0c78b1c9-486e-41fd-ad1d-b80912342073","name":"domain"},{"id":"00000000-0000-0000-0000-000000000000","name":"root"}]}}}}}},"/v1/cckm/external-cm/add-domains":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Add External CM Domains","description":"Add external CM domains to CCKM as container.","tags":["CCKM/External CM Domains"],"parameters":[{"name":"body","in":"body","description":"Add external CM domains parameters.","schema":{"type":"object","description":"Add external CM domains.","required":["domains","connection"],"properties":{"domains":{"type":"array","description":"List of IDs of the External CM domains to be added.","items":{"type":"string","description":"External CM Domain ID."}},"connection":{"type":"string","description":"Name or ID of the External CM connection."}},"example":{"connection":"external-cm-connection","domains":["a7c7ae58-68c6-4eac-8f2f-c4y2c3083f79"]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"0f1fb783-a25a-438f-ad5b-ee8759e73574","uri":"kylo:kylo:cckm:externalcm-domain:0f1fb783-a25a-438f-ad5b-ee8759e73574","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-09T06:04:14.340614258Z","updatedAt":"2023-01-09T06:04:14.340614344Z","domains":[{"id":"2eb352a6-5049-413c-9939-7ee41d46a613","uri":"kylo:kylo:cckm:externalcm-domain:2eb352a6-5049-413c-9939-7ee41d46a613","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-09T06:04:14.264291Z","updatedAt":"2023-01-09T06:04:14.260823Z","connection":"connection","cm_domain":{"domain_id":"0c78b1c9-486e-41fd-ad1d-b80912342073","domain_uri":"kylo:kylo:solo:domains:0c78b1c9-486e-41fd-ad1d-b80912342073","account_uri":"kylo:kylo:admin:accounts:kylo","domain_application":"ncryptify:gemalto:admin:apps:kylo","domain_created_at":"2023-01-05 07:51:27.312078 +0000 UTC","domain_name":"domain","domain_updated_at":"2023-01-05 07:51:27.312078 +0000 UTC","domain_meta":"","zone_id":"ef583371-6a73-443c-9dc9-3013e7ed866d","parent_domain_id":"00000000-0000-0000-0000-000000000000","enable_syslog_redirection":true,"domain_account":"kylo:kylo-0c78b1c9-486e-41fd-ad1d-b80912342073:admin:accounts:kylo-0c78b1c9-486e-41fd-ad1d-b80912342073","allow_user_management":false}}]}}}}}},"/v1/cckm/external-cm/domains":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List External CM Domains","description":"Returns the list of external CM domains added to the CCKM.\n","tags":["CCKM/External CM Domains"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by resource ID."},{"name":"connection","in":"query","type":"string","description":"Filter the results by connection."},{"name":"domain_id","in":"query","type":"string","description":"Filter the results by external cm domain_id.","collectionFormat":"multi"},{"name":"domain_name","in":"query","type":"string","description":"Filter the results by external cm domain_name.","collectionFormat":"multi"},{"name":"parent_domain_id","in":"query","type":"string","description":"Filter the results by parent_domain_id.","collectionFormat":"multi"},{"name":"enable_syslog_redirection","in":"query","type":"boolean","description":"Filter the results by enable_syslog_redirection."},{"name":"allow_user_management","in":"query","type":"boolean","description":"Filter the results by allow_user_management."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":2,"resources":[{"id":"1aa1a599-137e-4cf2-b2b2-f0686129c501","uri":"kylo:kylo:cckm:externalcm-domain:1aa1a599-137e-4cf2-b2b2-f0686129c501","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-09T06:04:14.314024Z","updatedAt":"2023-01-09T06:04:14.311851Z","connection":"connection","cm_domain":{"domain_id":"dfced667-0977-4d58-813e-ae26ec49336c","domain_uri":"kylo:kylo:solo:domains:dfced667-0977-4d58-813e-ae26ec49336c","account_uri":"kylo:kylo:admin:accounts:kylo","domain_application":"ncryptify:gemalto:admin:apps:kylo","domain_created_at":"2023-01-05 12:18:30.3969 +0000 UTC","domain_name":"domain2","domain_updated_at":"2023-01-05 12:18:30.3969 +0000 UTC","domain_meta":"","zone_id":"e20cd1bb-57fd-418a-aab5-4ec4f045b90b","parent_domain_id":"00000000-0000-0000-0000-000000000000","enable_syslog_redirection":true,"domain_account":"kylo:kylo-dfced667-0977-4d58-813e-ae26ec49336c:admin:accounts:kylo-dfced667-0977-4d58-813e-ae26ec49336c","allow_user_management":false}},{"id":"a9fe1639-5d7f-41a0-8779-110483e49695","uri":"kylo:kylo:cckm:externalcm-domain:a9fe1639-5d7f-41a0-8779-110483e49695","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-09T06:04:14.287725Z","updatedAt":"2023-01-09T06:04:14.286604Z","connection":"connection","cm_domain":{"domain_id":"0c78b1c9-486e-41fd-ad1d-b80912342073","domain_uri":"kylo:kylo:solo:domains:0c78b1c9-486e-41fd-ad1d-b80912342073","account_uri":"kylo:kylo:admin:accounts:kylo","domain_application":"ncryptify:gemalto:admin:apps:kylo","domain_created_at":"2023-01-05 07:51:27.312078 +0000 UTC","domain_name":"domain","domain_updated_at":"2023-01-05 07:51:27.312078 +0000 UTC","domain_meta":"","zone_id":"ef583371-6a73-443c-9dc9-3013e7ed866d","parent_domain_id":"00000000-0000-0000-0000-000000000000","enable_syslog_redirection":true,"domain_account":"kylo:kylo-0c78b1c9-486e-41fd-ad1d-b80912342073:admin:accounts:kylo-0c78b1c9-486e-41fd-ad1d-b80912342073","allow_user_management":false}}]}}}}},"/v1/cckm/external-cm/domains/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an external cm domains with the given `id`.","tags":["CCKM/External CM Domains"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"245ca918-c707-4fe2-af27-a095b1a3f6ef","uri":"kylo:kylo:cckm:external-cm-domain:245ca918-c707-4fe2-af27-a095b1a3f6ef","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-12T04:29:31.979466Z","updatedAt":"2023-01-12T05:37:08.606837Z","acls":[{"actions":["view"],"user_id":"local|8ef8442a-2cb6-4dc9-8ac5-d25c03d21ac0"}],"connection":"cm-connection","cm_domain":{"domain_id":"813d65ec-f2c1-41f8-b4d2-378252c72a39","domain_uri":"kylo:kylo-dfced667-0977-4d58-813e-ae26ec49336c:solo:domains:813d65ec-f2c1-41f8-b4d2-378252c72a39","account_uri":"kylo:kylo-dfced667-0977-4d58-813e-ae26ec49336c:admin:accounts:kylo-dfced667-0977-4d58-813e-ae26ec49336c","domain_application":"ncryptify:gemalto:admin:apps:kylo","domain_created_at":"2023-01-05 12:19:23.079685 +0000 UTC","domain_name":"d3-insidedomain2","domain_updated_at":"2023-01-11 11:23:57.742584 +0000 UTC","domain_meta":"","zone_id":"46121dec-4413-491c-880c-b7adaff32340","parent_domain_id":"dfced667-0977-4d58-813e-ae26ec49336c","enable_syslog_redirection":true,"domain_account":"kylo:kylo-813d65ec-f2c1-41f8-b4d2-378252c72a39:admin:accounts:kylo-813d65ec-f2c1-41f8-b4d2-378252c72a39","allow_user_management":false}}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the connection in external CM domain added in CCKM. This operation requires connection to have appropriate access permissions on the external CM domain.\n","tags":["CCKM/External CM Domains"],"parameters":[{"name":"body","in":"body","description":"Updates an external CM domain added in CCKM.","schema":{"type":"object","title":"Updates an external CM domain added in CCKM.","required":["connection"],"properties":{"connection":{"type":"string","description":"Name or ID of the connection."}},"example":{"connection":"cm-connection"}}}],"responses":{"200":{"description":"OK","examples":{"application/json":{"id":"d6bebc8c-974f-4ea0-9118-3726e835b734","uri":"kylo:kylo:cckm:external-cm-domain:d6bebc8c-974f-4ea0-9118-3726e835b734","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-10T15:13:20.650149Z","updatedAt":"2023-01-11T14:09:02.053797Z","connection":"updated-connection","cm_domain":{"domain_id":"0c78b1c9-486e-41fd-ad1d-b80912342073","domain_uri":"kylo:kylo:solo:domains:0c78b1c9-486e-41fd-ad1d-b80912342073","account_uri":"kylo:kylo:admin:accounts:kylo","domain_application":"ncryptify:gemalto:admin:apps:kylo","domain_created_at":"2023-01-05 07:51:27.312078 +0000 UTC","domain_name":"domain","domain_updated_at":"2023-01-05 07:51:27.312078 +0000 UTC","domain_meta":"","zone_id":"ef583371-6a73-443c-9dc9-3013e7ed866d","parent_domain_id":"00000000-0000-0000-0000-000000000000","enable_syslog_redirection":true,"domain_account":"kylo:kylo-0c78b1c9-486e-41fd-ad1d-b80912342073:admin:accounts:kylo-0c78b1c9-486e-41fd-ad1d-b80912342073","allow_user_management":false}}}},"400":{"description":"Bad Request."},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."},"412":{"description":"Precondition Failed"},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}},"delete":{"summary":"Delete","description":"Deletes an external cm domain from the CCKM.","tags":["CCKM/External CM Domains"],"responses":{"204":{"description":"No Content","schema":{"type":"string"}},"404":{"description":"Resource not found."}}}},"/v1/cckm/external-cm/domains/{id}/update-acls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"User ACLS","description":"Grants permissions to users or group to perform specific actions on the external CM domains. User ID and group are mutually exclusive – specify either of the two.\n\nFor the first time users or group, actions are permitted as configured by the CCKM administrator. However, if the permissions of a user or group needs to be modified later, for example, a new action is to be permitted or an existing action is to be revoked, the CCKM administrator needs to set that particular action to true or false.\n\nFor example, a user or group is permitted actions, keycreate, and refresh. Now, to permit one more action \"keydelete\" to the user or group, set \"permit\":true and \"actions\": \"keydelete\" and run the API. Similarly, now to deny permission to the action \"keycreate\", set \"permit\":false, \"actions\": \"keycreate\", and run the API.\n\n**Actions Specification**\n\n The following table lists the accepted values:\n\n\n APIs | Actions Required | Description\n ------------------------------- | ---------------------------- | ---------------------------------------------------\n Create | keycreate | Permission to create a external cm key.\n Delete | keydelete | Permission for deletion of the key.\n Refresh | refresh | Permission to refresh external cm domain.\n List | view | Permission to view domain and its keys.\n Get (External CM domain Keys) | view | Permission to get the details of a external cm key with the given id.\n List External CM domain | view | Permission to view external cm domain and its keys.\n Get (External CM domain) | view | Permission to get the details of external cm domain with the given id.\n","tags":["CCKM/External CM Domains"],"parameters":[{"name":"body","in":"body","description":"Providing permissions to Users.","schema":{"type":"object","title":"Adding a User.","properties":{"acls":{"type":"array","items":{"type":"object","required":["actions"],"properties":{"user_id":{"type":"string","description":"ID of the user to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"group":{"type":"string","description":"Name of the user group to be granted permissions. User ID and group are mutually exclusive – specify either of the two."},"permit":{"type":"boolean","description":"Whether to permit users to perform specific operations. Set true to permit, false to deny."},"actions":{"type":"array","items":{"type":"string"},"description":"Permitted actions.","enum":["keycreate","keydelete","view","refresh"]}}}}},"example":{"acls":[{"group":"CCKM Users","actions":["view"],"permit":true}]}}}],"responses":{"201":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"0b840971-a6b8-460b-b01c-a982dd053939","uri":"kylo:kylo:cckm:external-cm-domain:0b840971-a6b8-460b-b01c-a982dd053939","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-12T07:28:34.244511Z","updatedAt":"2023-01-12T07:30:15.696029Z","acls":[{"user_id":"local|8ef8442a-2cb6-4dc9-8ac5-d25c03d21ac0","actions":["view","refresh"]}],"connection":"cm-connection","cm_domain":{"domain_id":"0c78b1c9-486e-41fd-ad1d-b80912342073","domain_uri":"kylo:kylo:solo:domains:0c78b1c9-486e-41fd-ad1d-b80912342073","account_uri":"kylo:kylo:admin:accounts:kylo","domain_application":"ncryptify:gemalto:admin:apps:kylo","domain_created_at":"2023-01-05 07:51:27.312078 +0000 UTC","domain_name":"domain","domain_updated_at":"2023-01-11 11:23:57.637539 +0000 UTC","domain_meta":"","zone_id":"ef583371-6a73-443c-9dc9-3013e7ed866d","parent_domain_id":"00000000-0000-0000-0000-000000000000","enable_syslog_redirection":true,"domain_account":"kylo:kylo-0c78b1c9-486e-41fd-ad1d-b80912342073:admin:accounts:kylo-0c78b1c9-486e-41fd-ad1d-b80912342073","allow_user_management":false}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/external-cm/keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Creates a new key","tags":["CCKM/External CM Keys"],"parameters":[{"name":"body","in":"body","description":"Add external CM key parameters.","schema":{"required":["domainId"],"example":{"domainId":"fb745b2a-9bd3-4b05-a0ee-bc4692dcf9d3","name":"test-key","algorithm":"aes","size":256,"undeletable":true,"usageMask":12},"title":"Create Key","properties":{"domainId":{"type":"string","description":"Domain ID."},"name":{"type":"string","description":"Optional friendly name, The key name should not contain special characters such as angular brackets (<,>) and backslash (`\\`)."},"usageMask":{"type":"integer","description":"Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4),\nDecrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512),\nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384),\nValidate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144),\nTranslate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow\nthe usages. To set all usage mask bits, use 4194303.\nEquivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),\n'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"algorithm":{"type":"string","description":"Cryptographic algorithm this key is used with. Defaults to 'aes'","enum":["aes","tdes","rsa","ec","hmac-sha1","hmac-sha256","hmac-sha384","hmac-sha512","seed","aria","opaque"]},"objectType":{"type":"string","description":"This specifies the type of object that is being created. Valid values are\n'Symmetric Key', 'Public Key', 'Private Key', 'Secret Data', 'Opaque Object',\nor 'Certificate'. The object type is inferred for many objects,\nbut must be supplied for the certificate object.\n"},"curveid":{"type":"string","description":"Cryptographic curve id for elliptic key. Key algorithm must be 'EC'. Values:\n * secp224k1\n * secp224r1\n * secp256k1\n * secp384r1\n * secp521r1\n * prime256v1\n * brainpoolP224r1\n * brainpoolP224t1\n * brainpoolP256r1\n * brainpoolP256t1\n * brainpoolP384r1\n * brainpoolP384t1\n * brainpoolP512r1\n * brainpoolP512t1\n"},"size":{"type":"integer","description":"Bit length for the key."},"undeletable":{"type":"boolean","description":"Key is not deletable. Defaults to false."}}}}],"responses":{"201":{"description":"Successful key creation.","schema":{"type":"object"},"examples":{"application/json":{"id":"7d9bee41-75d4-417d-a26b-7787c6a1f594","uri":"kylo:kylo:cckm:external-cm-key:key-71032f4c-951a-4eec-a075-1130a49bdf90-7d9bee41-75d4-417d-a26b-7787c6a1f594","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-20T11:42:18.066072Z","updatedAt":"2023-01-20T11:42:18.06514Z","domain_id":"ae5e15dd-70c5-4653-a710-d92a45331232","gone":false,"cm_key_params":{"key_name":"key-71032f4c-951a-4eec-a075-1130a49bdf90","key_usage_mask":12,"meta":{"ownerId":"local|993337a5-c915-404b-98aa-e377942f28ac"},"object_type":"Symmetric Key","version":0,"algorithm":"AES","key_size":256,"unexportable":false,"undeletable":false,"never_exported":true,"never_exportable":false,"format":"raw","key_id":"2f2191b0a4c043de9bbecd7153722ee1bf79bdceb26342ab8411bd09a6b65bf9","key_state":"Active"}}}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"get":{"summary":"List External CM Keys","description":"Returns the list of external CM keys in the CCKM.\n","tags":["CCKM/External CM Keys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by resource ID."},{"name":"domain_id","in":"query","type":"string","description":"Filter the results by domain_id.","collectionFormat":"multi"},{"name":"key_id","in":"query","type":"string","description":"Filter the results by key_id."},{"name":"key_name","in":"query","type":"string","description":"Filter the results by key_name."},{"name":"algorithm","in":"query","type":"string","description":"Filter the results by algorithm.","collectionFormat":"multi"},{"name":"key_state","in":"query","type":"string","description":"Filter the results by key_state. Allowed values are\n\"Pre-Active\", \"Active\", \"Deactivated\", \"Destroyed\", \"Compromised\", \"Destroyed Compromised\" and \"Deleted\".\n"},{"name":"key_usage_mask","in":"query","type":"string","description":"Filter the results by key_usage_mask."},{"name":"key_size","in":"query","type":"integer","description":"Filter the results by key_size."},{"name":"version","in":"query","type":"integer","description":"Filter the results by version.","collectionFormat":"multi"},{"name":"unexportable","in":"query","type":"boolean","description":"Filter the results by unexportable flag."},{"name":"undeletable","in":"query","type":"boolean","description":"Filter the results by undeletable flag."},{"name":"format","in":"query","type":"string","description":"Filter the results by format.","collectionFormat":"multi"},{"name":"object_type","in":"query","type":"string","description":"Filter the results by object_type."},{"name":"curve_id","in":"query","type":"string","description":"Filter the results by curve_id."},{"name":"gone","in":"query","type":"boolean","description":"Filter the results by gone flag."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","examples":{"skip":0,"limit":10,"total":2,"resources":[{"id":"b9bf1635-c8b5-4b3e-929d-bffcca3b6fc2","uri":"kylo:kylo:cckm:external-cm-key:key2-b9bf1635-c8b5-4b3e-929d-bffcca3b6fc2","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-19T11:07:45.258033Z","updatedAt":"2023-01-19T11:07:45.256613Z","domain_id":"ae5e15dd-70c5-4653-a710-d92a45331232","gone":false,"cm_key_params":{"key_name":"key2","key_usage_mask":15,"meta":{"ownerId":"local|993337a5-c915-404b-98aa-e377942f28ac"},"object_type":"Symmetric Key","version":0,"algorithm":"AES","key_size":192,"unexportable":false,"undeletable":false,"never_exported":true,"never_exportable":false,"format":"raw","key_id":"68bff1f2bed348df84c8e5af31a4bc6c41b76f7966ce4895917f30dffa47f0d4","key_state":"Active"}},{"id":"996d4687-8465-4dc6-8703-190409db5fbe","uri":"kylo:kylo:cckm:external-cm-key:key1-996d4687-8465-4dc6-8703-190409db5fbe","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-19T11:05:36.870414Z","updatedAt":"2023-01-19T11:05:36.863847Z","domain_id":"ae5e15dd-70c5-4653-a710-d92a45331232","gone":false,"cm_key_params":{"key_name":"key1","key_usage_mask":15,"meta":{"ownerId":"local|993337a5-c915-404b-98aa-e377942f28ac"},"object_type":"Symmetric Key","version":0,"algorithm":"AES","key_size":192,"unexportable":false,"undeletable":false,"never_exported":true,"never_exportable":false,"format":"raw","key_id":"f39ca7243d3a4ca1966ab2da3ebf9ccda99789a997ff4d96b01c06e863ba6d51","key_state":"Active"}}]}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found."}}}},"/v1/cckm/external-cm/keys/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of an external cm key with the given `id`.","tags":["CCKM/External CM Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"97edd787-c3ca-4eef-b4b6-22a47faa2566","uri":"kylo:kylo:cckm:external-cm-key:key-d82c2565-0c2b-4bb5-8f2a-372a8c616867-97edd787-c3ca-4eef-b4b6-22a47faa2566","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-23T07:27:53.734257Z","updatedAt":"2023-01-23T07:27:53.731646Z","domain_id":"fe5e18gd-52d5-5673-a710-d92a45339845","gone":false,"cm_key_params":{"key_name":"key-d82c2565-0c2b-4bb5-8f2a-372a8c616867","key_usage_mask":15,"meta":{"ownerId":"local|993337a5-c915-404b-98aa-e377942f28ac"},"object_type":"Private Key","curve_id":"brainpoolP512t1","version":0,"algorithm":"EC","key_size":512,"unexportable":false,"undeletable":false,"never_exported":true,"never_exportable":false,"format":"raw","key_id":"c179dfee06b245bbbc803f69224f8e4975c8bcbf74a94f9daa198ebf78268d0a","key_state":"Active"}}}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found"}}},"delete":{"summary":"Delete","description":"Deletes an external cm key from the CCKM.","tags":["CCKM/External CM Keys"],"responses":{"204":{"description":"No Content","schema":{"type":"string"}},"401":{"description":"Unauthorized"},"404":{"description":"Resource not found"},"422":{"description":"UnprocessableEntity"},"500":{"description":"InternalServerError"}}}},"/v1/cckm/external-cm/keys/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Post","description":"Delete key from External CM and returns details of deleted CM key with the given `id`.","tags":["CCKM/External CM Keys"],"responses":{"200":{"description":"Deleted | OK","schema":{"type":"object"},"examples":{"application/json":{"id":"c653cd63-00c9-443f-9032-9c4b8f44149e","uri":"kylo:kylo:cckm:external-cm-key:c653cd63-00c9-443f-9032-9c4b8f44149e","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2023-01-21T12:40:54.928828Z","updatedAt":"2023-01-23T10:30:30.541709Z","domain_id":"dfced667-0977-4d58-813e-ae26ec49336c","gone":false,"refreshed_at":"2023-01-23T09:01:55.581565Z","cm_key_params":{"key_name":"k7","key_usage_mask":12,"object_type":"Symmetric Key","version":0,"algorithm":"AES","key_size":256,"unexportable":false,"undeletable":false,"never_exported":true,"never_exportable":false,"key_id":"702766911f2c487ba76f809b838c9dc8eb2b5f235f0a457abf62957758d89eee","key_state":"DELETED"}}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/external-cm/refresh":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Refresh","description":"Refresh External CM domains.\n","tags":["CCKM/External CM Keys"],"parameters":[{"name":"body","in":"body","description":"Refresh External CM keys of the given domains","schema":{"type":"object","title":"List of domain id.","properties":{"domains":{"type":"array","items":{"type":"string"},"description":"ID of domain from which keys will be refreshed. synchronize_all and domains are mutually exclusive. Specify either the synchronize_all or domains."},"synchronize_all":{"type":"boolean","description":"Set true to refresh all keys from all domains. synchronize_all and domains are mutually exclusive. Specify either the synchronize_all or domains."}}}}],"responses":{"201":{"description":"OK","examples":{"application/json":{"id":"45bc07e5-8956-4830-be84-2011d4cd0e82","uri":"kylo:kylo:cckm:synchronize:45bc07e5-8956-4830-be84-2011d4cd0e82","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2023-01-23T10:41:50.899942091Z","updatedAt":"2023-01-23T10:41:50.904396Z","overall_status":"in_progress","cloud":"externalCM","domains":["b3795eaa-76af-4185-8368-1f57c4c0c3ae","a6208bc5-246e-455a-98f7-5c68774a8ecd"],"abort":false}}},"404":{"description":"Resource not found."}}},"get":{"summary":"Status","description":"Returns the list of updated status of refresh API. The results can be filtered using the query parameters.\n","tags":["CCKM/External CM Keys"],"parameters":[{"name":"id","in":"query","type":"string","description":"Filter the results by internal id of refresh."},{"name":"overall_status","in":"query","type":"string","description":"Filter the results by overall status. Possible values are \"in_progress\",\"completed\" and \"failed\"."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"externalCM","domains":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/external-cm/refresh/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a refresh process with the given ID.","tags":["CCKM/External CM Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"externalCM","domains":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":false}}},"404":{"description":"Resource not found."}}}},"/v1/cckm/external-cm/refresh/{id}/cancel":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Cancel","description":"Returns the details of a canceled refresh process.","tags":["CCKM/External CM Keys"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"id":"bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","uri":"kylo:kylo:cckm:synchronize:bf27cde1-e2ed-4244-9d5a-8a4e12ad1837","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-08-06T09:49:34.605578452Z","updatedAt":"2020-08-06T09:49:34.609059131Z","overall_status":"in progress","cloud":"externalCM","domains":["3e732d57-5ea1-491f-b238-9f4a39a9566f","c4e5bd34-af39-4027-9058-6f1a4bb3519d"],"abort":true}}},"404":{"description":"Resource not found."}}}},"/v1/notification/email-addresses":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the email addresses where notifications are sent.\n","tags":["Notifications"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"Email ID object","type":"object","properties":{"email_id":{"type":"string","description":"The email address to be notified."},"meta":{"type":"object","description":"Additional data included for the email address for information purposes only, e.g., notes/descriptions about the email address, to help manage email notification."}}}}}}]},"examples":{"application/json":{"resources":[{"email_id":"foo@example.com","meta":{}}]}}}}},"post":{"summary":"Add","description":"Adds a new email address to receive notifications.\n","tags":["Notifications"],"parameters":[{"name":"body","in":"body","description":"Notification email parameters","schema":{"type":"object","title":"Add Notification email Request","required":["email_id"],"properties":{"email_id":{"type":"string","description":"email address to receive notifications"},"meta":{"type":"object","description":"Additional data included for the email address for information purposes only, e.g., notes/descriptions about the email address, to help manage email notification."}},"example":{"email_id":"foo@example.com","meta":{}}}}],"responses":{"201":{"description":"OK","schema":{"description":"Email ID object","type":"object","properties":{"email_id":{"type":"string","description":"The email address to be notified."},"meta":{"type":"object","description":"Additional data included for the email address for information purposes only, e.g., notes/descriptions about the email address, to help manage email notification."}}},"examples":{"application/json":{"id":"6f9234b3-9a5d-4ba2-b568-90c67965b924","uri":"demo-TOr:pers-admintester:audit:records:6f9234b3-9a5d-4ba2-b568-90c67965b924","account":"demo-TOr:pers-admintester:admin:accounts:pers-admintester","application":"dev-portal:pers-github-00123:admin:apps:demo-TOr","devAccount":"dev-portal:pers-github-00123:admin:accounts:pers-github-00123","createdAt":"2016-08-22T15:19:46.61956217Z","email_id":"foo@example.com","meta":{}}}}}}},"/v1/notification/email-addresses/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"type":"string","description":"ID of email address resource"}],"get":{"summary":"Get","description":"Returns the details of a single email address.","tags":["Notifications"],"responses":{"200":{"description":"OK","schema":{"type":"object"},"examples":{"application/json":{"email_id":"foo@example.com","meta":{}}}},"404":{"description":"email address not found","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes an email address.","tags":["Notifications"],"responses":{"204":{"description":"No Content | Successful deletion of email address.","schema":{"type":"string"}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/notification/smtp-servers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of SMTP Servers. The results can be filtered,\nusing the query parameters.\n","tags":["SMTP Servers"],"parameters":[{"name":"server","in":"query","required":false,"type":"string","description":"Filter by the server"},{"name":"port","in":"query","required":false,"type":"string","description":"Filter by the port"},{"name":"username","in":"query","required":false,"type":"integer","description":"Filter by the username"},{"name":"email_from","in":"query","required":false,"type":"string","description":"Filter by the email_from"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"description":"SMTP Server object","type":"object","properties":{"server":{"type":"string","description":"SMTP server address"},"port":{"type":"integer","description":"SMTP server port"},"username":{"type":"string","description":"SMTP server username"},"email_from":{"type":"string","description":"address to put in the email's \"from\" field"},"password":{"type":"string","description":"SMTP server password"},"meta":{"type":"object","description":"Additional data included for the SMTP server."}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"id":"2ca211a1-a6fd-49c6-8c4e-61f0f474c803","uri":"kylo:kylo:notification:smtp_server:b2a7f552-7dd6-4da3-8fe9-453f14fa3e24","account":"kylo:kylo:admin:accounts:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","server":"smtp.example.com","port":587,"username":"admin","password":"admin123","email_from":"admin@admin.com","createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}]}}}}},"post":{"summary":"Add","description":"Add an SMTP Server.\n","tags":["SMTP Servers"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Add SMTP Server","required":["server","port","email_from"],"properties":{"server":{"type":"string","description":"SMTP server address"},"port":{"type":"integer","description":"SMTP server port"},"username":{"type":"string","description":"SMTP server username"},"email_from":{"type":"string","description":"address to put in the email's \"from\" field"},"password":{"type":"string","description":"SMTP server password"},"allow_tcp":{"type":"boolean","description":"allow less secure tcp connection"}},"example":{"server":"smtp.example.com","port":587,"username":"admin","email_from":"admin@admin.com","password":"admin123","allow_tcp":false}}}],"responses":{"201":{"description":"Successful SMTP Server addition.","schema":{"description":"SMTP Server object","type":"object","properties":{"server":{"type":"string","description":"SMTP server address"},"port":{"type":"integer","description":"SMTP server port"},"username":{"type":"string","description":"SMTP server username"},"email_from":{"type":"string","description":"address to put in the email's \"from\" field"},"password":{"type":"string","description":"SMTP server password"},"meta":{"type":"object","description":"Additional data included for the SMTP server."}}},"examples":{"application/json":{"id":"c9600fa6-fa94-4ac7-a2cb-56767d8790b0","uri":"kylo:kylo:notification:smtp_server:b2a7f552-7dd6-4da3-8fe9-453f14fa3e24","account":"kylo:kylo:admin:accounts:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","server":"smtp.example.com","port":587,"username":"admin@admin.com","password":"admin123","email_from":"admin@admin.com","allow_tcp":false,"createdAt":"2017-08-30T22:17:30.663Z","updatedAt":"2017-08-30T22:17:30.663Z"}}}}}},"/v1/notification/smtp-servers/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Delete","description":"Deletes an SMTP Server.","tags":["SMTP Servers"],"responses":{"204":{"description":"No Content | Successful deletion of SMTP Server."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/v1/notification/smtp-test-mail":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test","description":"Sends test mail to given email address using configured SMTP server.\n","tags":["SMTP Servers"],"parameters":[{"name":"body","in":"body","description":"SMTP server test mail parameters","schema":{"type":"object","title":"Add SMTP server test mail Request","required":["email_id"],"properties":{"email_id":{"type":"string","description":"email address to send the test notification"},"meta":{"type":"object","description":"Additional data included for the email address for information purposes only, e.g., notes/descriptions about the email address, to help manage email notification."}},"example":{"email_id":"foo@example.com","meta":{}}}}],"responses":{"201":{"description":"OK","schema":{"description":"Email ID object","type":"object","properties":{"email_id":{"type":"string","description":"The email address to be notified."},"meta":{"type":"object","description":"Additional data included for the email address for information purposes only, e.g., notes/descriptions about the email address, to help manage email notification."}}},"examples":{"application/json":{"email_id":"foo@example.com","meta":{}}}},"404":{"description":"SMTP server is not configured.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}}},"/vault-manager/passwordcredentials":{"get":{"summary":"Returns a list of password credentails.","description":"Optional extended description in Markdown.","tags":["Private"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"properties":{"name":{"description":"Name to identify the credentails.","type":"string"},"username":{"description":"Name of username.","type":"string"},"password":{"description":"Password of user.","type":"string"}}}}}}]}}}}},"/vault-manager/certificatecredentials":{"get":{"summary":"Returns a list of certificate based credentails.","description":"Optional extended description in Markdown.","tags":["Private"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"properties":{"name":{"description":"Name to identify the credentails.","type":"string"},"certificate":{"description":"Client certificate.","type":"string"},"ca-certificate":{"description":"CA certificate of server for verification.","type":"string"}}}}}}]}}}}},"/vault-manager/externalservers":{"get":{"summary":"Returns a list of external servers.","description":"Optional extended description in Markdown.","tags":["Private"],"produces":["application/json"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"resources":{"type":"array","items":{"properties":{"name":{"description":"Name to identify the credentails.","type":"string"},"ipaddress":{"description":"Name of username.","type":"string"},"port":{"description":"Password of user.","type":"string"},"purpose":{"description":"Purpose of the server","type":"string"},"credentail-id":{"description":"The identifier of credentail used for authorization on server.","type":"string"}}}}}}]}}}}},"/v1/scheduler/job-configs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of job configurations for specified account.\n","tags":["Scheduler"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"name","in":"query","required":false,"type":"string","description":"Filter by the name"},{"name":"id","in":"query","required":false,"type":"string","description":"Filter by the id"},{"name":"operation","in":"query","required":false,"type":"string","description":"Filter by the operation"},{"name":"disabled","in":"query","required":false,"type":"string","description":"Filter by the disabled"},{"name":"cloud_name","in":"query","required":false,"type":"string","description":"Filters results to those with matching cloud_name in cckm_synchronization and cckm_key_rotation jobs.\nMay be specified more than once. Results will match *any* of the values.\n"},{"name":"expire_in","in":"query","required":false,"type":"boolean","description":"Filter results by expire_in of cckm_key_rotation jobs to get job configs of AWS or other clouds.\n"},{"name":"createdBefore","in":"query","required":false,"type":"string","description":"Find jobs created at or before the specified timestamp. Timestamp should be in (a) RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z, or (b) a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created\nbefore 1 year, 2 months and 5 days ago.\n"},{"name":"createdAfter","in":"query","required":false,"type":"string","description":"Find jobs created at or after the specified timestamp. Timestamp should be in (a) RFC3339Nano\nformat, or (b) a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created after 1 year, 2 months\nand 5 days ago.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"description":{"type":"string","description":"Description for the job configuration."},"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization.","enum":["key_rotation","database_backup","cckm_synchronization","cckm_key_rotation"]},"run_at":{"type":"string","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, job configuration starts in active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together)\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" ,\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually\nexclusive(cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"4,","resources":[{"id":"841d3024-882a-4b64-8a9b-aae78034611d","uri":"kylo:kylo:lazyboy:job-configs:841d3024-882a-4b64-8a9b-aae78034611e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","dev_account":"ncryptify:gemalto:admin:accounts:gemalto","created_at":"2019-07-29T21:54:56.571035Z","updated_at":"2019-07-29T21:54:56.571035Z","name":"RotateAESKeys","description":"This is to rotate AES keys","operation":"key_rotation","disabled":false,"run_on":"any","start_date":"2019-10-02T14:24:37.436073Z","end_date":"2019-11-06T14:24:37.436073Z","key_rotation_params":{"query":{"algorithm":"AES"}}},{"id":"43d05289-bfb8-4dc6-bc0a-ffd34048a680","uri":"kylo:kylo:lazyboy:job-configs:43d05289-bfb8-4dc6-bc0a-ffd34048a680","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","dev_account":"ncryptify:gemalto:admin:accounts:gemalto","created_at":"2019-07-29T22:12:59.925002Z","updated_at":"2019-07-29T22:12:59.925002Z","name":"Backup all nodes","description":"This is to backup keys on all nodes","operation":"database_backup","disabled":true,"start_date":"2019-10-02T14:24:37.436073Z","end_date":"2019-11-06T14:24:37.436073Z","database_backup_params":null,"run_on":"a6d995ff-3382-40a9-a04a-7985d8f6f1f5"},{"id":"b923f90f-e0f3-44a6-814b-0bdba941a8ce","uri":"kylo:kylo:scheduler:job_configs:b923f90f-e0f3-44a6-814b-0bdba941a8ce","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-06-15T07:34:01.625433034Z","name":"Sync CCKM AWS keys connection","updatedAt":"2020-06-15T07:34:01.625433034Z","description":"This is to sync CCKM AWS keys","operation":"cckm_synchronization","run_at":"0 1 * * *","run_on":"any","job_config_params":{"kms":["kms-name"],"cloud_name":"aws"}},{"id":"1e44cc7b-d456-4cfa-a31d-12510b0d9c45","uri":"kylo:kylo:scheduler:job_configs:1e44cc7b-d456-4cfa-a31d-12510b0d9c45","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-09T13:21:17.125322Z","name":"rotate CCKM AWS keys","updatedAt":"2020-07-09T13:21:17.125322Z","description":"This is to rotate CCKM AWS keys","operation":"cckm_key_rotation","run_at":"0 1 * * *","run_on":"any","job_config_params":{"cloud_name":"aws","expiration":"1d"}}]}}},"404":{"description":"Resource not found."}}},"post":{"summary":"Create","description":"Creates a new job configuration","tags":["Scheduler","Enterprise"],"parameters":[{"name":"body","in":"body","description":"The name of the resource","schema":{"type":"object","title":"Details of the job configuration","required":["name","operation","run_at"],"properties":{"name":{"type":"string","description":"The name of the job configuration\n"},"description":{"type":"string","description":"Optional. Description for the job configuration."},"operation":{"type":"string","readOnly":true,"description":"Type of operation. Can be one of the following: key_rotation, database_backup.\nThe key_rotation_params must be specified for the key_rotation operation.\nThe cckm_synchronization_params must be specified for the cckm_synchronization operation.\nThe\n","enum":["key_rotation","database_backup","cckm_synchronization","cckm_key_rotation"]},"run_at":{"type":"string","format":"date-time","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, job configuration starts in active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Optional. Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Optional. Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"key_rotation_params":{"type":"object","description":"Required only for \"key_rotation\" operations. Not allowed for other operations.\nKey rotation parameters can be used to specify which keys are rotated.\nA query can specify the search parameters for the keys to be rotated.\nIn addition, the metadata and deactivation time of the key that is replaced can be modified.\nNote that key rotation silently skips over keys that do not have material, such\nas public-key and certificate objects.\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable.\nRequired only for \"database_backup\" operations. Not allowed for other operations.\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\",\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\nRequired only for \"cckm_synchronization\" operations. Not allowed for other operations.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}},"example":{"application/json":{"name":"rotate AES keys","operation":"key_rotation","description":"This is to rotate AES keys","run_on":"any","run_at":"0 1 * * *","key_rotation_params":{"query":{"algorithm":"AES"},"deactivate_replaced_key":30,"meta":{"naeState":"Restricted"}}}}}}],"responses":{"201":{"description":"Successful job configuration creation.","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"description":{"type":"string","description":"Description for the job configuration."},"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization.","enum":["key_rotation","database_backup","cckm_synchronization","cckm_key_rotation"]},"run_at":{"type":"string","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, job configuration starts in active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together)\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" ,\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually\nexclusive(cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]},"examples":{"application/json":{"id":"841d3024-882a-4b64-8a9b-aae78034611d","uri":"kylo:kylo:lazyboy:job-configs:841d3024-882a-4b64-8a9b-aae78034611e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","dev_account":"ncryptify:gemalto:admin:accounts:gemalto","created_at":"2019-07-29T21:54:56.571035Z","updated_at":"2019-07-29T21:54:56.571035Z","name":"rotate all keys","description":"This is to rotate AES keys","operation":"key_rotation","disabled":false,"start_date":"2019-10-02T14:24:37.436073Z","run_at":"0 1 * * *","end_date":"2019-11-06T14:24:37.436073Z","run_on":"any","key_rotation_params":{"query":{"algorithm":"AES"},"deactivate_replaced_key":30}}}},"422":{"description":"Validation error."}}}},"/v1/scheduler/job-configs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"description":"the id of the object","type":"string"}],"get":{"summary":"Get","description":"Returns information about the requested job configuration.\n","tags":["Scheduler"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"description":{"type":"string","description":"Description for the job configuration."},"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization.","enum":["key_rotation","database_backup","cckm_synchronization","cckm_key_rotation"]},"run_at":{"type":"string","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, job configuration starts in active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together)\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" ,\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually\nexclusive(cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]},"examples":{"application/json":{"id":"841d3024-882a-4b64-8a9b-aae78034611d","uri":"kylo:kylo:lazyboy:job-configs:841d3024-882a-4b64-8a9b-aae78034611e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","dev_account":"ncryptify:gemalto:admin:accounts:gemalto","created_at":"2019-07-29T21:54:56.571035Z","updated_at":"2019-07-29T21:54:56.571035Z","name":"RotateAESKeys","description":"This is to rotate AES keys","operation":"key_rotation","disabled":false,"start_date":"2019-10-02T14:24:37.436073Z","end_date":"2019-11-06T14:24:37.436073Z","run_at":"0 1 * * *","key_rotation_params":{"query":{"algorithm":"AES"},"deactivate_replaced_key":30}}}},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Update the job configuration.","tags":["Scheduler"],"parameters":[{"name":"body","in":"body","description":"The job configuration to be updated.","schema":{"type":"object","title":"Update job configuration","properties":{"description":{"type":"string","description":"Description for the job configuration."},"run_at":{"type":"string","format":"date-time","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, job configuration starts in active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z. To remove the start date, pass an empty string. \n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z. To remove the end date, pass an empty string.\n"},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments.","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable.","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments.","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name \"gcp\".\n","enum":["Xd for x days","Yh for y hours"]},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date.\nFor example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]},"aws_param":{"type":"object","description":"Aws param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}}}}},"example":{"application/json":{"description":"rotate all keys","key_rotation_params":{"query":{"algorithm":"AES"},"deactivate_replaced_key":30},"run_at":"0 1 * * *"}}}}],"responses":{"201":{"description":"Successful job configuration updation.","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"description":{"type":"string","description":"Description for the job configuration."},"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization.","enum":["key_rotation","database_backup","cckm_synchronization","cckm_key_rotation"]},"run_at":{"type":"string","description":"Described using the cron expression format : \"* * * * *\"\nThese five values indicate when the job should be executed. They are in order of minute, hour, day of month, month, and day of week.\nValid values are 0-59 (minutes), 0-23 (hours), 1-31 (day of month), 1-12 or jan-dec (month), and 0-6 or sun-sat (day of week). Names are case insensitive. For use of special characters, consult the Time Specification description at the top of this page.\n\nFor example:\n* To run every min: \"* * * * *\"\n* To run on Saturday at 23:45(11:45 PM): \"45 23 * * 6\"\n* To run on Monday at 09:00: \"0 9 * * 1\"\n"},"run_on":{"type":"string","description":"Optional flag. Default is 'any'.\n* Use 'any' to run the config on any node in the cluster.\n* Use '' to run the config on that node.\n"},"disabled":{"type":"boolean","description":"By default, job configuration starts in active state. True disables the job configuration."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together)\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" ,\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually\nexclusive(cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]},"examples":{"application/json":{"id":"841d3024-882a-4b64-8a9b-aae78034611d","uri":"kylo:kylo:lazyboy:job-configs:841d3024-882a-4b64-8a9b-aae78034611e","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","dev_account":"ncryptify:gemalto:admin:accounts:gemalto","created_at":"2019-07-29T21:54:56.571035Z","updated_at":"2019-07-29T21:54:56.571035Z","disabled":false,"name":"RotateAESKeys","description":"rotate all keys","operation":"key_rotation","run_at":"0 1 * * *","start_date":"2019-10-02T14:24:37.436073Z","end_date":"2019-11-06T14:24:37.436073Z","key_rotation_params":{"query":{"algorithm":"AES"},"deactivate_replaced_key":30}}}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a job configuration.","tags":["Scheduler"],"responses":{"204":{"description":"No Content | Successful deletion of job configuration."},"404":{"description":"Resource not found."}}}},"/v1/scheduler/job-configs/{id}/run-now":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"description":"the id of the object","type":"string"}],"post":{"summary":"Run now","description":"Runs the job configuration now.\nThis creates a new job and waits for the job to be posted on the job queue.\nThe job ID is returned if the job is posted within about 30 seconds.\n","tags":["Scheduler"],"responses":{"202":{"description":"Accepted, job is queued","schema":{"title":"Run Job Config Response","properties":{"job_config_id":{"type":"string","description":"ID of the job configuration whose job was placed on the run queue."},"job_id":{"type":"string","description":"ID of the job that was placed on the run queue."}}},"examples":{"application/json":{"job_config_id":"841d3024-882a-4b64-8a9b-aae78034611d","job_id":"24aae5e5-b627-4b0e-964a-f48af998ee2b"}}},"404":{"description":"Resource not found"}}}},"/v1/scheduler/jobs":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of job runs for specified account.\n","tags":["Scheduler"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","required":false,"type":"string","description":"Filter by the job id"},{"name":"name","in":"query","required":false,"type":"string","description":"Filter by the job name (which is also the job configuration name)"},{"name":"account","in":"query","required":false,"type":"string","description":"Filter by the job account"},{"name":"job_config_id","in":"query","required":false,"type":"string","description":"Filter by the job configuration ID"},{"name":"operation","in":"query","required":false,"type":"string","description":"Filter by the operation"},{"name":"status","in":"query","required":false,"type":"string","description":"Filter by the status"},{"name":"createdBefore","in":"query","required":false,"type":"string","description":"Find jobs created at or before the specified timestamp. Timestamp should be in (a) RFC3339Nano\nformat, e.g.: 1985-04-12T23:20:50.52Z, or (b) a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created\nbefore 1 year, 2 months and 5 days ago.\n"},{"name":"createdAfter","in":"query","required":false,"type":"string","description":"Find jobs created at or after the specified timestamp. Timestamp should be in (a) RFC3339Nano\nformat, or (b) a relative timestamp where valid units are 'Y', 'M', 'D' representing years, months, and days\nrespectively. Negative values are permitted. e.g. \"-1Y-2M-5D\" will find keys created after 1 year, 2 months\nand 5 days ago.\n"},{"name":"processing_node","in":"query","required":false,"type":"string","description":"Filter by the cluster node ID (or IP address) on which the job is run."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization."},"job_config_id":{"type":"string","description":"Associated job configuration id."},"job_config_name":{"type":"string","description":"Associated job configuration name."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"status":{"type":"string","description":"Gives the staus of job(scheduled, in_progress, failed, completed, aborted)\n","enum":["scheduled","in_progress","failed","completed","aborted"]},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive(cannot be set together).\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive (cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\",\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"4,","resources":[{"id":"112d3024-852a-4b54-1a9b-bce780332141","job_config_id":"93451201-852a-4b54-1a9b-bce72139879","name":"RotateAESKeys","operation":"key_rotation","start_date":"2019-10-02T14:24:37.436073Z","end_date":"2019-11-06T14:24:37.436073Z","status":"scheduled","key_rotation_params":{"query":{"algorithm":"AES"},"deactivate_replaced_key":30}},{"id":"432d3024-852a-4b54-1a9b-bce7803312131","job_config_id":"63451201-852a-4b54-1a9b-bce72131498","name":"BackUp on all nodes","operation":"database_backup","status":"in_progess","database_backup_params":null},{"id":"f0f0f488-695f-4a0d-9288-232ca59262a7","uri":"kylo:kylo:scheduler:jobs:f0f0f488-695f-4a0d-9288-232ca59262a7","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-20T07:59:17.73061Z","name":"Sync CCKM AWS keys all connection","updatedAt":"2020-07-20T08:03:00.866821Z","job_config_id":"c6f5654f-414d-4378-a5ea-23e1d996e394","description":"This is to sync CCKM AWS gov keys","operation":"cckm_synchronization","job_config_params":{"kms":["kms-name"],"cloud_name":"aws"},"enqueued_at":"2020-07-20T07:59:17.730133Z","status":"completed","processing_node":"local-node","details":{"job_id":"f0f0f488-695f-4a0d-9288-232ca59262a7","job_config_id":"c6f5654f-414d-4378-a5ea-23e1d996e394","name":"Sync CCKM AWS keys","operation":"cckm_synchronization","status":"completed","details":{"123456789012/ap-southeast-1":"region synchronized successfully","123456789012/ap-southeast-2":"region synchronized successfully","123456789012/us-east-1":"region synchronized successfully","123456789012/us-east-2":"region synchronized successfully","123456789012/us-west-1":"region synchronized successfully","123456789012/us-west-2":"region synchronized successfully"}}},{"id":"e1abb919-1b0e-4cbf-a9f9-a568db99a87d","uri":"kylo:kylo:scheduler:jobs:e1abb919-1b0e-4cbf-a9f9-a568db99a87d","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-07-21T08:34:13.369646Z","name":"Rotate CCKM AWS keys","updatedAt":"2020-07-21T08:34:30.942673Z","job_config_id":"c857003d-e9f2-473b-b4f9-e57501b51259","description":"This is to rotate CCKM AWS keys","operation":"cckm_key_rotation","job_config_params":{"cloud_name":"aws"},"enqueued_at":"2020-07-21T08:34:13.369279Z","status":"completed","processing_node":"local-node","details":{"job_id":"e1abb919-1b0e-4cbf-a9f9-a568db99a87d","job_config_id":"c857003d-e9f2-473b-b4f9-e57501b51259","name":"Rotate CCKM AWS keys","operation":"cckm_key_rotation","status":"completed","details":{"total_keys":2,"num_rotated":2}}}]}}},"404":{"description":"Resource not found."}}}},"/v1/scheduler/jobs/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","required":true,"description":"the id of the object","type":"string"}],"get":{"summary":"Get","description":"Returns information about the requested job run.\n","tags":["Scheduler"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","properties":{"operation":{"type":"string","readOnly":true,"description":"Type of operation to config. Can be one of, Key Rotation, Database Backup, CCKM Synchronization."},"job_config_id":{"type":"string","description":"Associated job configuration id."},"job_config_name":{"type":"string","description":"Associated job configuration name."},"start_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes active. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"end_date":{"type":"string","format":"date-time","description":"Date the job configuration becomes inactive. RFC3339 format.\nFor example, 2018-10-02T14:24:37.436073Z\n"},"status":{"type":"string","description":"Gives the staus of job(scheduled, in_progress, failed, completed, aborted)\n","enum":["scheduled","in_progress","failed","completed","aborted"]},"key_rotation_params":{"type":"object","description":"Key rotation operation specific arguments. The\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive(cannot be set together).\n","title":"Key Rotation Parameters","properties":{"deactivate_replaced_key":{"type":"integer","description":"Optional integer that can be used to deactivate the keys that are replaced by the key rotation procedure.\nWhen this is not specified, the state of the replaced key remains the same.\nIt is the number of seconds (>= 0) after which the replaced key is deactivated.\n"},"query":{"type":"object","description":"Use this object to specify the keys that need to be rotated.\nAll keys are rotated when this object is not specified.\nThis object is the same as the one used for POST request to the /v1/vault/query-keys endpoint.\nRefer to the documentation in that endpoint for further details on formulating the query.\n"},"meta":{"type":"object","description":"Use this object to modify the metadata on a key that is replaced by the key rotation procedure.\nThis object should be a JSON serialized object. The metadata on the replaced key (which is\nalso a JSON object) is merged with this JSON object.\n"}}},"database_backup_params":{"type":"object","description":"Database backup operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\" and \"database_backup_params\" fields are mutually exclusive (cannot be set together).\n","title":"Database Backup Parameters","properties":{"scope":{"type":"string","description":"Scope of the backup to be taken - system (default) or domain."},"backupKey":{"type":"string","description":"ID of backup key used for encrypting the backup. The default backup key is used if this is not specified."},"tiedToHSM":{"type":"boolean","description":"If true, the system backup can only be restored to instances that use the same HSM partition. Valid only with the system scoped backup.\n"},"filters":{"type":"array","items":{"type":"object","title":"Filters","required":["resourceType"],"properties":{"resourceType":{"type":"string","description":"Type of resources to be backed up. Valid values are \"Keys\", \"cte_policies\" and, \"users_groups\"."},"resourceQuery":{"type":"object","description":"A JSON object containing resource attributes and attribute values to be queried.\nThe resources returned in the query are backed up. If empty, all the resources of the specified resourceType will be backed up.\nFor Keys, valid resourceQuery paramater values are the same as the body of the 'vault/query-keys' POST endpoint described on the Keys page.\nTo back up AES keys with a meta parameter value containing `{\"info\":{\"color\":\"red\"}}}`, use\n`{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}`.\nFor CTE policies, valid `resourceQuery` parameter values are the same as query parameters of the list '/v1/transparent-encryption/policies' endpoint described in the CTE > Policies section.\nFor example, to back up LDT policies only, use `{\"policy_type\":\"LDT\"}`. Similarly, to back up policies with learn mode enabled, use `{\"never_deny\": true}`.\nFor users, the valid resourceQuery parameter values are the same as query parameters of the list '/v1/usermgmt/users' endpoint as described in the “Users” page.\nFor example, to back up all users with name \"frank\" and email id \"frank@local\", use {\"name\":\"frank\",\"email\": \"frank@local\"}.\n"}},"example":{"resourceType":"Keys","resourceQuery":"{\"algorithm\":\"AES\", \"metaContains\": {\"info\":{\"color\":\"red\"}}}"}},"description":"A set of selection criteria to specify what resources to include in the backup. Only applicable to domain-scoped backups.\nBy default, no filters are applied and the backup includes all keys.\nFor example, to back up all keys with a name containing 'enc-key', set the filters to `[{\"resourceType\": \"Keys\", \"resourceQuery\":{\"name\":\"*enc-key*\"}}]`.\n"},"retentionCount":{"type":"integer","description":"Number of backups saved for this job config. Default is an unlimited quantity."},"description":{"type":"string","description":"User defined description associated with the backup. This is stored along with the backup, and is returned while retrieving the backup information, or while listing backups. Users may find it useful to store various types of information here: a backup name or description, ID of the HSM the backup is tied to, etc.\n"},"do_scp":{"type":"boolean","description":"If true, the system backup will also be transferred to the external server via SCP.\n"},"connection":{"type":"string","description":"Name or ID of the SCP connection which stores the details for SCP server.\n"}}},"cckm_synchronization_params":{"type":"object","description":"CCKM Synchronization operation specific arguments. Should be JSON-serializable\n\"key_rotation_params\",\"database_backup_params\" and \"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Synchronize operation will be triggered, possible values are \"aws\", \"hsm-luna\", \"dsm\" , \"oci\", \"sfdc\", \"gcp\", \"sap\" and \"AzureCloud\"."},"kms":{"type":"array","items":{"type":"string"},"description":"IDs or names of kms resource from which Aws keys will be synchronized. Kms is used for aws cloud. At least one kms is required for aws synchronization operation."},"key_vaults":{"type":"array","items":{"type":"string"},"description":"IDs or name of vault from which azure keys will be synchronized. Vaults are used for azure cloud. At least one vault is required for azure synchronization operation."},"sync_item":{"type":"array","items":{"type":"string"},"description":"Items which need to be synchronized. At least one of the value from below is required for azure synchronization operation.","enum":["key","secret","certificate","all"]},"partitions":{"type":"array","items":{"type":"string"},"description":"IDs of partition from which keys will be synchronized. Partitions are used for HSM. At least one partition is required for HSM synchronization operation."},"domains":{"type":"array","items":{"type":"string"},"description":"IDs of domains from which keys will be synchronized. Domains are used for DSM. At least one domain is required for DSM synchronization operation."},"key_rings":{"type":"array","items":{"type":"string"},"description":"IDs or name of key ring from which google cryptographic keys will be synchronized. Key Rings are used for google cloud. At least one key ring is required for google synchronization operation."},"organizations":{"type":"array","items":{"type":"string"},"description":"Organization ID from which tenant secrets will be synchronized. Provide CCKM organization ID. At least one organization ID is required for sfdc synchronization operation."},"groups":{"type":"array","items":{"type":"string"},"description":"Group ID from which sap key will be synchronized. Provide CCKM group ID. At least one group ID is required for sap synchronization operation."},"oci_vaults":{"type":"array","items":{"type":"string"},"description":"Vault ID from which oci key will be synchronized. Provide CCKM OCI vault ID. At least one vault ID is required for oci synchronization operation."},"synchronize_all":{"type":"boolean","description":"Set true to synchronize all keys from all vaults or kms. synchronize_all, key_vaults and kms are mutually exclusive. Specify either the synchronize_all or key_vaults or kms."}}},"cckm_key_rotation_params":{"type":"object","description":"CCKM Rotation Params operation specific arguments. The \"key_rotation_params\",\"database_backup_params\" and\n\"cckm_synchronization_params\" fields are mutually exclusive(cannot be set together).\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","required":["cloud_name"],"properties":{"cloud_name":{"type":"string","description":"Name of the cloud where Rotation operation will be triggered, possible values are \"aws\", \"gcp\", \"oci\" , \"sfdc\", \"sap\" and \"AzureCloud\"."},"expiration":{"type":"string","description":"Expiration time of the new key that will be created through scheduled rotation. If not specified, the new key material never expires. For example, if you set `expiration` to `6h`, the key material of the new key will expire in 6 hours.","enum":["Xd for x days","Yh for y hours"]},"expire_in":{"type":"string","description":"Period during which certain keys are going to expire. When the scheduler is run, it rotates the keys that are expiring in this period. If not specified, the scheduler rotates all the keys. For example, if you want the scheduler to rotate the keys that are expiring within six hours of the schedule run, set `expire_in` to `6h`. This parameter is not valid for cloud_name `gcp`.\n","enum":["Xd for x days","Yh for y hours"]},"aws_param":{"type":"object","description":"AWS param specifies whether to retain alias with timestamp on archieved key after rotation.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"retain_alias":{"type":"boolean","description":"Whether to retain alias with timestamp on archieved key after rotation."}}},"sfdc_param":{"type":"object","description":"SFDC param specifies oraganization_id and key_type for which keys will be rotated.\n","title":"CipherTrust Cloud Key Manager Synchronization Parameters","properties":{"organization_id":{"type":"string","description":"Organization ID to which this key type belong to."},"key_type":{"type":"array","items":{"type":"string"},"description":"Type of tenant secret requested for which sfdc keys will be rotated and can have below values.","enum":["Data","EventBus","SearchIndex","DeterministicData","Analytics"]},"key_source":{"type":"string","description":"Source of the key material. Options are native, dsm, hsm-luna and ciphertrust."},"certificate_id":{"type":"string","description":"(Mandatorily required for SFDC cloud) Certificate ID, whose public key to be used to encrypt tenant secret."},"key_derivation_mode":{"type":"string","description":"(Mandatorily required for SFDC cloud) Values are PBKDF2 or NONE."},"domain_id":{"type":"string","description":"Domain ID where key will be created to upload on sfdc."},"partition_id":{"type":"string","description":"Partition ID where key will be created to upload on sfdc."}}},"rotation_after":{"type":"string","description":"Number of days after which the keys will be rotated. Specify `Xd` for `x` days. The first key rotation will happen after `x` days of key creation. Subsequent key rotations will happen after every `x` days of the last rotation date. For example, if you set `rotation_after` to `6d`, the first key rotation will happen after six days of key creation. Subsequently, the keys will be rotated after every six days.\n","enum":["Xd for x days"]}}}}}]},"examples":{"application/json":{"id":"841d3024-882a-4b64-8a9b-aae78034611d","job_config_id":"63451201-852a-4b54-1a9b-bce72131498","job_config_name":"RotateAESKeys","operation":"key_rotation","status":"in_progess","key_rotation_params":{"query":{"algorithm":"AES"},"deactivate_replaced_key":30}}}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a job run.","tags":["Scheduler"],"responses":{"204":{"description":"No Content | Successful deletion of job run."},"404":{"description":"Resource not found."}}}},"/v1/scheduler/operations":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns a list of supported operation types\n","tags":["Scheduler"],"responses":{"200":{"description":"OK","examples":{"application/json":{"supported_types":["key_rotation","database_backup","cckm_synchronization","cckm_key_rotation"]}}},"404":{"description":"Resource not found."}}}},"/v1/data-protection/protection-profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of protection profiles. The results can be filtered using the query parameters.","tags":["BDT/Protection Profiles","Beta"],"parameters":[{"name":"name","in":"query","type":"string","description":"Filters result by protection profile's name"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]}}}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Creates a new protection profile.\n","tags":["BDT/Protection Profiles","Beta"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","required":["name","key_id","algorithm"],"properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string","description":"Protection Profile key id."},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string","description":"Character set ID."},"mode":{"type":"string"},"padding":{"type":"string"},"aad":{"type":"string","description":"Additional authentication data."},"auth_tag_length":{"type":"string","description":"Output parameter to GCM i.e Authentication Tag, length."},"encoding":{"type":"string","description":"Valid options are UTF-8, UTF-16LE, UTF-16BE, UTF-32LE, UTF-32BE, ASCII and ISO-8859-1."},"format":{"type":"string"},"md_name":{"type":"string","description":"Algorithm name of message digest. Used in RSA with padding in local mode."},"mgf_name":{"type":"string","description":"Algorithm name for mask generating function. Used in RSA with padding in local mode."},"p_src":{"type":"string","description":"Used in RSA with padding in local mode."},"salt_length":{"type":"string"},"ca_list":{"type":"string"},"luhn_check":{"type":"boolean","description":"To ensure token is luhn compliant. Not supported for sequential tokens."},"save_exceptions":{"type":"string","description":"If used (for batches), does not throw an exception when an error occurs, else throws an exception on the first error."},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}},"example":{"name":"Credit Card Sales","key_id":"3604b51e-17d7-4d85-abc5-a414114955f1","tweak":"1628462495815733","tweak_algorithm":"SHA1","algorithm":"AES_CTR","character_set_id":"","allow_single_char_input":false}}}],"responses":{"201":{"description":"Successfully created protection profile.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/protection-profiles/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"get":{"summary":"Get","description":"Returns protection profile with given id.\n","tags":["BDT/Protection Profiles","Beta"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]}}}},"patch":{"summary":"Update","description":"Change the properties of a protection profile.\n","tags":["BDT/Protection Profiles","Beta"],"parameters":[{"name":"body","in":"body","description":"The protection profile properties to change.\n","schema":{"type":"object","properties":{"key_id":{"type":"string","description":"Protection Profile key id."},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string","description":"Character set ID."},"mode":{"type":"string"},"padding":{"type":"string"},"aad":{"type":"string","description":"Additional authentication data."},"auth_tag_length":{"type":"string","description":"Output parameter to GCM i.e Authentication Tag, length."},"encoding":{"type":"string","description":"Valid options are UTF-8, UTF-16LE, UTF-16BE, UTF-32LE, UTF-32BE, ASCII and ISO-8859-1"},"format":{"type":"string"},"md_name":{"type":"string","description":"Algorithm name of message digest. Used in RSA with padding in local mode."},"mgf_name":{"type":"string","description":"Algorithm name for mask generating function. Used in RSA with padding in local mode."},"p_src":{"type":"string","description":"Used in RSA with padding in local mode."},"salt_length":{"type":"string"},"ca_list":{"type":"string"},"luhn_check":{"type":"boolean","description":"To ensure token is luhn compliant. Not supported for sequential tokens."},"save_exceptions":{"type":"string","description":"If used (for batches), does not throw an exception when an error occurs, else throws an exception on the first error."},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}},"example":{"key_id":"3604b51e-17d7-4d85-abc5-a414114955f1","tweak":"1628462495815733","tweak_algorithm":"SHA1","algorithm":"AES_CTR","character_set_id":"","allow_single_char_input":false}}}],"responses":{"200":{"description":"Successful resource updation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Delete given protection profile.\n","tags":["BDT/Protection Profiles","Beta"],"responses":{"204":{"description":"No Content | Successful deletion of protection profile."}}}},"/v1/data-protection/protection-policies":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of protection policies. The results can be filtered using the query parameters.","tags":["Data Protection/Protection Policies"],"parameters":[{"name":"name","in":"query","type":"string","description":"Filters result by protection policy name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection policy name."},"version":{"type":"integer","description":"The version of the protection policy."},"latest_version":{"type":"boolean"},"key":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection policy IV."},"tweak":{"type":"string","description":"Protection policy tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection policy algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"allow_single_char_input":{"type":"boolean","description":"If set to true or null, the single-character inputs are passed untransformed. If set to false, row transformation fails"},"use_external_versioning":{"type":"boolean","description":"If set to true, external versioning is enabled for the protection policy. The version details are stored in a separate external parameter. The default value is false."},"disable_versioning":{"type":"boolean","description":"If set to true, versioning is not maintained for the protection policies. The default value is false."}}}]}}}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Creates a new protection policy.\n","tags":["Data Protection/Protection Policies"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","required":["name","key","algorithm"],"properties":{"name":{"type":"string","description":"Unique name for the protection policy."},"key":{"type":"string","description":"Name of the key."},"iv":{"type":"string","description":"IV to be used during crypto operations."},"tweak":{"type":"string","description":"Tweak data to be used during crypto operations."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Algorithm to be used during crypto operations."},"character_set_id":{"type":"string","description":"ID of the Characterset."},"allow_single_char_input":{"type":"boolean","description":"If set to true or null, the single-character inputs are passed untransformed. If set to false, row transformation fails."},"use_external_versioning":{"type":"boolean","description":"If set to true, external versioning is enabled for the protection policy. The version details are stored in a separate external parameter. The default value is false."},"disable_versioning":{"type":"boolean","description":"If set to true, versioning is not maintained for the protection policies. The default value is false."}},"example":{"name":"Credit Card Sales","key":"aes_key","algorithm":"AES/CBC/PKCS5Padding"}}}],"responses":{"201":{"description":"Successfully created protection policy.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection policy name."},"version":{"type":"integer","description":"The version of the protection policy."},"latest_version":{"type":"boolean"},"key":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection policy IV."},"tweak":{"type":"string","description":"Protection policy tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection policy algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"allow_single_char_input":{"type":"boolean","description":"If set to true or null, the single-character inputs are passed untransformed. If set to false, row transformation fails"},"use_external_versioning":{"type":"boolean","description":"If set to true, external versioning is enabled for the protection policy. The version details are stored in a separate external parameter. The default value is false."},"disable_versioning":{"type":"boolean","description":"If set to true, versioning is not maintained for the protection policies. The default value is false."}}}]}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/protection-policies/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The name of the resource.","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a protection policy with given name and version.\n","tags":["Data Protection/Protection Policies"],"parameters":[{"name":"version","in":"query","description":"The version of the object to be returned. If no version is specified, the latest version is returned.","type":"number"}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection policy name."},"version":{"type":"integer","description":"The version of the protection policy."},"latest_version":{"type":"boolean"},"key":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection policy IV."},"tweak":{"type":"string","description":"Protection policy tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection policy algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"allow_single_char_input":{"type":"boolean","description":"If set to true or null, the single-character inputs are passed untransformed. If set to false, row transformation fails"},"use_external_versioning":{"type":"boolean","description":"If set to true, external versioning is enabled for the protection policy. The version details are stored in a separate external parameter. The default value is false."},"disable_versioning":{"type":"boolean","description":"If set to true, versioning is not maintained for the protection policies. The default value is false."}}}]}}}},"patch":{"summary":"Update","description":"Updates a protection policy with the given name. The parameters that are to be updated are specified in the request body.\n","tags":["Data Protection/Protection Policies"],"parameters":[{"name":"body","in":"body","description":"The properties to be updated.\n","schema":{"type":"object","properties":{"key":{"type":"string","description":"Key to be updated."},"iv":{"type":"string","description":"IV to be updated."},"tweak":{"type":"string","description":"Tweak data to be updated."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Algorithm to be updated"},"character_set_id":{"type":"string","description":"Character set ID to be updation."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}},"example":{"key":"aes_key","algorithm":"AES/CBC/PKCS5Padding"}}}],"responses":{"200":{"description":"Successful resource updation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection policy name."},"version":{"type":"integer","description":"The version of the protection policy."},"latest_version":{"type":"boolean"},"key":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection policy IV."},"tweak":{"type":"string","description":"Protection policy tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection policy algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"allow_single_char_input":{"type":"boolean","description":"If set to true or null, the single-character inputs are passed untransformed. If set to false, row transformation fails"},"use_external_versioning":{"type":"boolean","description":"If set to true, external versioning is enabled for the protection policy. The version details are stored in a separate external parameter. The default value is false."},"disable_versioning":{"type":"boolean","description":"If set to true, versioning is not maintained for the protection policies. The default value is false."}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a protection policy with a given name.","tags":["Data Protection/Protection Policies"],"responses":{"204":{"description":"No Content | Protection policy is deleted successfully."}}}},"/v1/data-protection/character-sets":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of character sets. The results can be filtered using the query parameters.","tags":["Data Protection/Character Sets","BDT/Character Sets"],"parameters":[{"name":"name","in":"query","type":"string","description":"Filters result by character set name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Character Set name."},"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string","description":"Character Set encoding."}}}]}}}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Creates a new character set.\n","tags":["BDT/Character Sets"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","required":["name","range"],"properties":{"name":{"type":"string","description":"Unique name for the character set."},"range":{"type":"string","description":"Allowed range of characters in HEX format."},"encoding":{"type":"string","description":"Encoding modes."}},"example":{"name":"Latin","range":["0-1F","AF-100"],"encoding":"UTF-8"}}}],"responses":{"201":{"description":"Successfully created character set.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Character Set name."},"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string","description":"Character Set encoding."}}}]}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/character-sets/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"get":{"summary":"Get","description":"Returns the details of a character set with a given id.\n","tags":["Data Protection/Character Sets","BDT/Character Sets"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Character Set name."},"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string","description":"Character Set encoding."}}}]}}}},"patch":{"summary":"Update","description":"Updates a character set with a given id. The parameters that are to be updated are specified in the request body.\n","tags":["BDT/Character Sets"],"parameters":[{"name":"body","in":"body","description":"The character set properties to be updated.","schema":{"type":"object","properties":{"range":{"type":"string","description":"Range to be updated."}},"example":{"range":["0-1F","AF-100"]}}}],"responses":{"200":{"description":"Successfully updated resource.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"id":{"type":"string","description":"The unique identifier of the resource"},"name":{"type":"string","description":"Character Set name."},"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string","description":"Character Set encoding."}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a character set with a given id.\n","tags":["BDT/Character Sets"],"responses":{"204":{"description":"No Content | Character set deleted successfully."}}}},"/v1/data-protection/containers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of containers.","tags":["BDT/Containers","Beta"],"parameters":[{"name":"name","in":"query","type":"string","description":"Filter by container's name"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}}]}}}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Creates a new container.\n","tags":["BDT/Containers","Beta"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","required":["name"],"properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}},"example":{"name":"Cloud Database 1","description":"","type":"ORACLE","connection_url":"jdbc:oracle:thin:@localhost:1521:orclw","username":"admin","password":"password123!@","driverclass":"org.postgresql.Driver","filepath":"","delimiter":"","qualifier":"","column_count":0,"has_header_row":false,"unescape_input":false,"record_length":0,"line_separator":false,"column_position_info":[{"start":0,"end":0,"column":0}]}}}],"responses":{"201":{"description":"Successful container creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}}]}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/containers/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"get":{"summary":"Get","description":"Return container with given id.\n","tags":["BDT/Containers","Beta"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}}]}}}},"patch":{"summary":"Update","description":"Change the properties of a container\n","tags":["BDT/Containers","Beta"],"parameters":[{"name":"body","in":"body","description":"The container properties to change.\n","schema":{"type":"object","properties":{"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}},"example":{"description":"","type":"ORACLE","connection_url":"jdbc:oracle:thin:@localhost:1521:orclw","username":"admin","password":"password123!@","driverclass":"org.postgresql.Driver","filepath":"","delimiter":"","qualifier":"","column_count":0,"has_header_row":false,"unescape_input":false,"record_length":0,"line_separator":false,"column_position_info":[{"start":0,"end":0,"column":0}]}}}],"responses":{"200":{"description":"Successful resource update.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Delete given container.\n","tags":["BDT/Containers","Beta"],"responses":{"204":{"description":"No Content | Successful deletion of container."}}}},"/v1/data-protection/bdt-policies":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of bdt policies.","tags":["BDT/Policies","Beta"],"parameters":[{"name":"name","in":"query","type":"string","description":"Filter by bdt policy's name"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"BDT policy name."},"description":{"type":"string","description":"BDT policy description."},"in_place_update":{"type":"string","description":"True, if the transformation is done in the same container."},"create_bad_record_file":{"type":"string"},"fpemode":{"type":"string"},"case_sensitive":{"type":"boolean","description":"True, if the database name is case sensitive"},"source":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"destination":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"tables":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}}}}]}}}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Creates a new bdt policy.\n","tags":["BDT/Policies","Beta"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","required":["name"],"properties":{"name":{"type":"string","description":"BDT policy name."},"description":{"type":"string","description":"BDT policy description."},"case_sensitive":{"type":"boolean"},"in_place_update":{"type":"boolean"},"create_bad_record_file":{"type":"string"},"fpemode":{"type":"string"},"source_id":{"type":"string","description":"Container ID. If specified the field \"source\" is not required."},"source":{"type":"object","description":"Required if \"source_id\" is empty.","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"destination_id":{"type":"string","description":"Container ID. If specified the field \"destination\" is not required."},"destination":{"type":"object","description":"Required if \"destination_id\" is empty.","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"tables":{"type":"array","items":{"properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"Destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}}}}}},"example":{"name":"Migrate to AWS database","source_id":"","case_sensitive":false,"source":{"name":"MYSQL","description":"","type":"MYSQL","connection_url":"jdbc:mysql:thin:@localhost:1521:orclw","username":"admin","password":"password123!@","driverclass":"org.postgresql.Driver","column_position_info":[{"start":0,"end":0,"column":0}]},"destination_id":"","destination":{"name":"Oracle","description":"","type":"ORACLE","connection_url":"jdbc:oracle:thin:@localhost:1521:orclw","username":"admin","password":"password123!@","driverclass":"org.postgresql.Driver","column_position_info":[{"start":0,"end":0,"column":0}]},"create_bad_record_file":true,"in_place_update":false,"fpemode":"ASCII","tables":[{"source_table":"users","source_schema":"","destination_table":"users","destination_schema":"","create_destination_table":true,"subset":{"offset":0,"limit":0,"recurrency":0,"orderBy":"","order":"","filters":[{"selector":"S.*","operator":"like","expression":"name"}]},"columns":[{"name":"creditcard","action":"TOKENIZE","config":[{"action":"","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""}]},{"name":"ssn","action":"REKEY","config":[{"action":"DETOKENIZE","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""},{"action":"TOKENIZE","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""}]}]}]}}}],"responses":{"201":{"description":"Successful bdt policy creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"BDT policy name."},"description":{"type":"string","description":"BDT policy description."},"in_place_update":{"type":"string","description":"True, if the transformation is done in the same container."},"create_bad_record_file":{"type":"string"},"fpemode":{"type":"string"},"case_sensitive":{"type":"boolean","description":"True, if the database name is case sensitive"},"source":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"destination":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"tables":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}}}}]}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/bdt-policies/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"get":{"summary":"Get","description":"Return bdt policy with given id.\n","tags":["BDT/Policies","Beta"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"BDT policy name."},"description":{"type":"string","description":"BDT policy description."},"in_place_update":{"type":"string","description":"True, if the transformation is done in the same container."},"create_bad_record_file":{"type":"string"},"fpemode":{"type":"string"},"case_sensitive":{"type":"boolean","description":"True, if the database name is case sensitive"},"source":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"destination":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"tables":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}}}}]}}}},"patch":{"summary":"Update","description":"Change the properties of a BDT policy.\n","tags":["BDT/Policies","Beta"],"parameters":[{"name":"body","in":"body","description":"The bdt policy properties to change.\n","schema":{"type":"object","properties":{"description":{"type":"string","description":"BDT policy description."},"create_bad_record_file":{"type":"string"},"fpemode":{"type":"string"},"case_sensitive":{"type":"boolean"},"source_id":{"type":"string","description":"Container ID."},"destination_id":{"type":"string","description":"Container ID."},"in_place_update":{"type":"boolean"},"tables":{"type":"array","items":{"properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema"},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"Destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}}}}}},"example":{"description":"","source_id":"d94ef496-5e43-4424-a6e7-f4213c108416","case_sensitive":false,"destination_id":"d94ef496-5e43-4424-a6e7-f4213c108415","in_place_update":false,"create_bad_record_file":true,"fpemode":"ASCII","tables":[{"source_table":"users","source_schema":"","destination_table":"users","destination_schema":"","create_destination_table":true,"subset":{"offset":0,"limit":0,"recurrency":0,"orderBy":"","order":"","filters":[{"selector":"S.*","operator":"like","expression":"name"}]},"columns":[{"name":"creditcard","action":"TOKENIZE","config":[{"action":"","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""}]},{"name":"ssn","action":"REKEY","config":[{"action":"TOKENIZE","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""},{"action":"DETOKENIZE","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""}]}]}]}}}],"responses":{"200":{"description":"Successful resource updation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"BDT policy name."},"description":{"type":"string","description":"BDT policy description."},"in_place_update":{"type":"string","description":"True, if the transformation is done in the same container."},"create_bad_record_file":{"type":"string"},"fpemode":{"type":"string"},"case_sensitive":{"type":"boolean","description":"True, if the database name is case sensitive"},"source":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"destination":{"type":"object","properties":{"name":{"type":"string","description":"Container name."},"description":{"type":"string","description":"Container description."},"type":{"type":"string","description":"Container type."},"connection_url":{"type":"string","description":"Container connection url."},"username":{"type":"string","description":"database username."},"password":{"type":"string","description":"database password."},"filepath":{"type":"string","description":"CSV filepath."},"driverclass":{"type":"string"},"delimiter":{"type":"string"},"qualifier":{"type":"string"},"column_count":{"type":"integer"},"has_header_row":{"type":"boolean"},"unescape_input":{"type":"boolean"},"encoding":{"type":"string"},"column_position_info":{"type":"array","items":{"properties":{"start":{"type":"integer"},"end":{"type":"integer"},"column":{"type":"integer"}}}},"record_length":{"type":"integer"},"line_separator":{"type":"string"}}},"tables":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Delete given bdt policy.\n","tags":["BDT/Policies","Beta"],"responses":{"204":{"description":"No Content | Successful deletion of bdt policy."}}}},"/v1/data-protection/bdt-policies/{id}/tables":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"get":{"summary":"List","description":"Returns a list of tables belonging to a BDT policy.","tags":["BDT/Policies","Beta"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}}}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Creates a new bdt policy table.\n","tags":["BDT/Policies","Beta"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","required":["source_table"],"properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"Destination table schema"},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}}},"example":{"source_table":"users","source_schema":"","destination_table":"users","destination_schema":"","create_destination_table":true,"subset":{"offset":0,"limit":0,"recurrency":0,"orderBy":"","order":"","filters":[{"selector":"S.*","operator":"like","expression":"name"}]},"columns":[{"name":"creditcard","action":"ENCRYPT","config":[{"action":"","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""}]}]}}}],"responses":{"201":{"description":"Successful bdt policy table creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/bdt-policies/{id}/tables/{tableId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"},{"name":"tableId","in":"path","description":"An identifier of the table.","type":"string","required":true}],"patch":{"summary":"Update","description":"Change the properties of a BDT policy table.\n","tags":["BDT/Policies","Beta"],"parameters":[{"name":"body","in":"body","description":"The table properties to change.\n","schema":{"type":"object","properties":{"tables":{"type":"array","items":{"properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"Destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}}}}}},"example":{"source_table":"users","source_schema":"","destination_table":"users","create_destination_table":true,"subset":{"offset":0,"limit":0,"recurrency":0,"orderBy":"","order":"","filters":[{"selector":"S.*","operator":"like","expression":"name"}]},"columns":[{"name":"creditcard","action":"ENCRYPT","config":[{"action":"","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""}]}]}}}],"responses":{"200":{"description":"Successful resource updation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"source_table":{"type":"string","description":"Source table name."},"source_schema":{"type":"string","description":"Source table schema."},"destination_table":{"type":"string","description":"Destination table name."},"destination_schema":{"type":"string","description":"destination table schema."},"create_destination_table":{"type":"boolean","description":"Create table on the destination if it doesn't exist."},"subset":{"type":"object","properties":{"offset":{"type":"integer"},"limit":{"type":"integer"},"recurrency":{"type":"integer"},"orderBy":{"type":"string"},"order":{"type":"string"},"filters":{"type":"array","items":{"properties":{"selector":{"type":"string"},"operator":{"type":"string"},"expression":{"type":"string"}}}}}},"columns":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Delete given bdt policy table.\n","tags":["BDT/Policies","Beta"],"responses":{"204":{"description":"No Content | Successful deletion of bdt policy table."}}}},"/v1/data-protection/bdt-policies/{id}/tables/{tableId}/columns":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"},{"name":"tableId","in":"path","description":"An identifier of the table.","type":"string","required":true}],"get":{"summary":"List","description":"Returns a list of column belonging to a BDT policy table.","tags":["BDT/Policies","Beta"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}}}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Creates a new bdt column.\n","tags":["BDT/Policies","Beta"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","required":["name"],"properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}},"example":{"name":"creditcard","action":"ENCRYPT","config":[{"action":"","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""}]}}}],"responses":{"201":{"description":"Successful bdt column creation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/bdt-policies/{id}/tables/{tableId}/columns/{columnId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"},{"name":"tableId","in":"path","description":"An identifier of the table.","type":"string","required":true},{"name":"columnId","in":"path","description":"An identifier of the column.","type":"string","required":true}],"patch":{"summary":"Update","description":"Change the properties of a BDT column.\n","tags":["BDT/Policies","Beta"],"parameters":[{"name":"body","in":"body","description":"The table properties to change.\n","schema":{"type":"object","properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}},"example":{"action":"ENCRYPT","config":[{"action":"","protection_profile_id":"","token_template":"CTSUsers","token_group":"Sales","tweak_source":"","iv_source":"","header":"","input_encoding":"","output_encoding":""}]}}}],"responses":{"200":{"description":"Successful resource updation.","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Column name."},"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"config":{"type":"array","items":{"properties":{"action":{"type":"string","description":"Action (ENCRYPT, DECRYPT, REKEY, TOKENIZE ...)"},"protection_profile":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection Profile name."},"key_id":{"type":"string"},"key_name":{"type":"string"},"iv":{"type":"string","description":"Protection Profile IV."},"tweak":{"type":"string","description":"Protection Profile tweak."},"tweak_algorithm":{"type":"string","description":"Tweak algorithm to be used during crypto operations.\nOptions:\n- SHA1\n- SHA256\n- None\n"},"algorithm":{"type":"string","description":"Protection Profile algorithm."},"character_set_id":{"type":"string"},"character_set":{"type":"object","properties":{"range":{"type":"string","description":"Range of allowed characters in HEX."},"encoding":{"type":"string"}}},"keep_left":{"type":"integer","description":"Number of characters to leave unencrypted starting from the left."},"keep_right":{"type":"integer","description":"Number of characters to leave unencrypted starting from the right."},"prefix":{"type":"string","description":"Text to add to append to the beginning of the cipher text."},"suffix":{"type":"string","description":"Text to add to append to the end of the cipher text."},"mode":{"type":"string","description":"Specify the supported algorithm mode (CBC or ECB). The mode must be specified when using the DESede (that is, the 3DES) algorithm."},"padding":{"type":"string","description":"Valid options are PKCS5Padding or NoPadding."},"allow_single_char_input":{"type":"boolean","description":"If true, null or single-character inputs are passed through untransformed. If false, row transformation fails."}}}]},"token_template":{"type":"string","description":"Token template name (when using CTS)."},"token_group":{"type":"string","description":"Token group name (when using CTS)."},"tweak_source":{"type":"string","description":"Tweak used for the column. Overrides the protection profile tweak."},"iv_source":{"type":"string","description":"IV used for the column. Overrides the protection profile iv."},"header":{"type":"string","description":"Cipher header version for determining key version."},"input_encoding":{"type":"string","description":"Specifies how to decode input and create byte array from it"},"output_encoding":{"type":"string","description":"Specifies how to encode output byte array to a string."}}}}}}]}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Delete given bdt column.\n","tags":["BDT/Policies","Beta"],"responses":{"204":{"description":"No Content | Successful deletion of bdt column."}}}},"/v1/data-protection/dpg-policies":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of dpg policies. The results can be filtered using the query parameters.","tags":["Data Protection/DPG Policies"],"parameters":[{"name":"name","in":"query","type":"string","description":"Filters result by dpg policy name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Description of the DPG policy."},"description":{"type":"string","description":"Description of the DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}}]}}}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Creates a new DPG policy.\n","tags":["Data Protection/DPG Policies"],"parameters":[{"name":"body","in":"body","schema":{"example":{"name":"Policy1","description":"","proxy_config":[{"api_url":"/api/postrequest","destination_url":"http://localhost:8081","json_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_post_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_get_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_put_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_patch_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_delete_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}]}]},"type":"object","properties":{"name":{"type":"string","description":"Description of the DPG policy."},"description":{"type":"string","description":"Description of the DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}}}],"responses":{"201":{"description":"Successfully created DPG policy.","schema":{"type":"object"},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:dataprotection:dpgpolicy:Policy1","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"Policy1","updatedAt":"0001-01-01T00:00:00Z","description":"","proxy_config":[{"api_url":"/api/postrequest","destination_url":"http://localhost:8081","json_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","null":null,"external_version_header":"version"}],"json_response_post_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_get_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_put_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_patch_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_delete_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}]}]}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/dpg-policies/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"get":{"summary":"Get","description":"Returns the details of a DPG policy with a given id.\n","tags":["Data Protection/DPG Policies"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Description of the DPG policy."},"description":{"type":"string","description":"Description of the DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}}]}}}},"patch":{"summary":"Update","description":"Updates the properties of a DPG policy.\n","tags":["Data Protection/DPG Policies"],"parameters":[{"name":"body","in":"body","description":"The DPG policy properties to be updated.\n","schema":{"example":{"name":"Policy1","description":"","proxy_config":[{"api_url":"/api/postrequest","destination_url":"http://localhost:8081","json_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_post_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_get_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_put_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_patch_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_delete_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}]}]},"type":"object","properties":{"description":{"type":"string","description":"Unique name for DPG policy."},"proxy_config":{"type":"array","description":"List of API urls to be added to the proxy configuration.","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}}}],"responses":{"200":{"description":"Successfully updated resource.","schema":{"type":"object"},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:dataprotection:dpgpolicy:Proxy config","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","name":"Proxy config","updatedAt":"0001-01-01T00:00:00Z","description":"","proxy_config":[{"api_url":"/api/postrequest","destination_url":"http://localhost:8081","json_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_post_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_get_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_put_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_patch_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_delete_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}]}]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a DPG policy with a given id.\n","tags":["Data Protection/DPG Policies"],"responses":{"204":{"description":"No Content | Successfully deleted DPG policy."}}}},"/v1/data-protection/dpg-policies/{id}/api-urls":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"get":{"summary":"List","description":"Returns a list of api urls in a dpg policy. The results can be filtered using the query parameters.","tags":["Data Protection/DPG Policies"],"parameters":[{"name":"api_url","in":"query","type":"string","description":"Filters result by api_url name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}}]}},"400":{"description":"Bad Request | The provided JWT is missing required claims."}}},"post":{"summary":"Create","description":"Creates a new API URL in the given DPG policy.\n","tags":["Data Protection/DPG Policies"],"parameters":[{"name":"body","in":"body","schema":{"example":{"api_url":"users","destination_url":"http://localhost:8081","json_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_post_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_get_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_put_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_patch_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_delete_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}]},"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}],"responses":{"201":{"description":"Successfully created API URL.","schema":{"type":"object"},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:dataprotection:dpgapiurls:647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","updatedAt":"0001-01-01T00:00:00Z","api_url":"users","destination_url":"http://localhost:8081","json_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_post_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_get_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_put_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_patch_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_delete_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}]}}},"401":{"description":"Login failed."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/dpg-policies/{id}/api-urls/{apiUrlId}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"apiUrlId","in":"path","description":"The id of the API URL.","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a DPG API URL.\n","tags":["Data Protection/DPG Policies"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}}},"patch":{"summary":"Update","description":"Updates the properties of a DPG API URL.\n","tags":["Data Protection/DPG Policies"],"parameters":[{"name":"body","in":"body","description":"The API URL properties to be updated.\n","schema":{"example":{"destination_url":"http://localhost:8081","json_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_post_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_get_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_put_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_patch_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_delete_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}]},"type":"object","properties":{"api_url":{"type":"string","description":"URL of the application server from which the request will received."},"destination_url":{"type":"string","description":"URL of the application server where the request will be served."},"json_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"json_response_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_post_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_get_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_put_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_patch_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}},"url_request_delete_tokens":{"type":"array","items":{"properties":{"name":{"type":"string","description":"Name of the token."},"operation":{"type":"string","description":"Operation type."},"protection_policy":{"type":"string","description":"Protection policy identifier."},"access_policy":{"type":"string","description":"Access policy identifier."},"external_version_header":{"type":"string","description":"Parameter that stores version information when external versioning is enabled in the protection policy."}}}}}}}],"responses":{"200":{"description":"Successfully updated resource.","schema":{"type":"object"},"examples":{"application/json":{"id":"647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","uri":"kylo:kylo:dataprotection:dpgapiurls:647b01f3-dc8f-4d5f-a3ec-220c64e1ac1f","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2019-07-08T07:56:57.336829935Z","updatedAt":"0001-01-01T00:00:00Z","api_url":"users","destination_url":"http://localhost:8081","json_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_post_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_get_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_put_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_patch_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"json_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"json_response_delete_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_post_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_get_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_put_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}],"url_request_patch_tokens":[{"name":"token1","operation":"reveal","protection_policy":"CreditCard","access_policy":"CreditCard","external_version_header":"version"}],"url_request_delete_tokens":[{"name":"token1","operation":"protect","protection_policy":"CreditCard","external_version_header":"version"}]}}},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}}}},"delete":{"summary":"Delete","description":"Deletes a DPG policy API URL with a given id.\n","tags":["Data Protection/DPG Policies"],"responses":{"204":{"description":"No Content."}}}},"/v1/data-protection/client-profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of client profiles. The results can be filtered using the query parameters.","tags":["Data Protection/Client Profiles"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filters result by client profile name."},{"name":"reg_token","in":"query","type":"string","required":false,"description":"Filters result by registration token."},{"name":"app_connector_type","in":"query","type":"string","required":false,"description":"Filters result by app connector type."},{"name":"status","in":"query","type":"string","required":false,"description":"Filters result by status."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Client profile name."},"nae_iface_port":{"type":"integer","description":"nae interface name."},"app_connector_type":{"type":"string","description":"App connector type.\nOptions:\n- DPG\n- CADP For Java\n"},"policy_id":{"type":"string","description":"Policy identifier."},"generic_client_profile_id":{"type":"string","description":"Generic client profile identifier."},"client_configuration_id":{"type":"string","description":"Client configuration identifier."},"reg_token":{"type":"string","description":"Registration token."},"ca_id":{"type":"string","description":"Local CA."},"configurations":{"type":"object","description":"Configurations to be used by the client"},"csr_configuraions":{"type":"object","description":"CSR parameters to be used to created the signed certificate."},"meta":{"type":"object","description":"Meta information of the client profile."}}}]}}}}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}},"post":{"summary":"Create","description":"Creates a Client Profile.","tags":["Data Protection/Client Profiles"],"parameters":[{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","title":"Create","required":["name","app_connector_type"],"properties":{"name":{"type":"string","description":"Unique name for the client profile."},"nae_iface_port":{"type":"integer","description":"Nae interface mapped with client profile.\n"},"policy_id":{"type":"string","description":"Policy mapped with client profile.\n"},"ca_id":{"type":"string","description":"Local CA mapped with client profile.\n"},"heartbeat_threshold":{"type":"integer","description":"The Threshold by which client's connectivity_status will be moved to Error if not herabeat is received\n"},"app_connector_type":{"type":"string","description":"App connector type for which the client profile is created. Option:\n- DPG\n- CADP For Java\n"},"csr_parameters":{"type":"object","description":"Client certificate parameters to be updated.\n- csr_cn: common name\n- csr_country: country name\n- csr_state: state name\n- csr_city: city name\n- csr_org_name: organization name\n- csr_org_unit: organizational unit\n- csr_email: email\n"},"configurations":{"type":"object","description":"Parameters required to initialize connector.\n- symmetric_key_cache_enabled: Whether the symmetric key cache is enabled.\n Options.\n - true (Default)\n - false\n- symmetric_key_cache_expiry: Time after which the symmetric key cache will expire. Default: 43200\n- symmetric_key_cache_auto_refresh_interval: Time after which a cached key will become eligible for refresh in cache. Default: 0\n- local_crypto_context_expiry: Time after which local cipher needs to be reinitialized with cached key. Default: 0\n- local_crypto_provider: Name of the provider to perform local encryption\n- persistent_cache_enabled: Whether the persistent key caching is enable/disable.\n Options.\n - true\n - false (Default)\n- persistent_cache_expiry_keys: Time after which the which a key is fetched from key manager. Default: 43200\n- persistent_cache_max_size: Maximum number of keys allowed in the persistent cache. Default: 100\n- verify_ssl_certificate: Verification of Key Manager IP address(IPV4 or IPV6)/host name against Subject Common Name (CN) or Subject Alternative Name (DNS or IP) in the certificate for clients\n Options.\n - true\n - false (Default)\n- syslog_server_ip: IP address (IPV4/IPV6) of the syslog server.\n- syslog_server_port: Port of the syslog server.\n- syslog_server_protocol: Protocol used to connect to syslog server.\n- syslog_no_of_retries: No. of times the connection is retried to Syslog Server.\n- syslog_retry_interval: The duration in seconds after which the connection is retried since the last try on Syslog Server.\n- syslog_retry_limit: Maximum number of times the client can retry for a particular connection.\n- use_persistent_connections: Whether the persistent connections is enabled.\n Options.\n - true (Default)\n - false\n- size_of_connection_pool: The maximum number of connections that can persist in connection pool. Default: 300\n- load_balancing_algorithm: Determines how the client selects a Key Manager from a load balancing group.\n Options.\n - round-robin (Default)\n - random\n- connection_idle_timeout: The time a connection is allowed to be idle in the connection pool before it gets automatically closed. Default: 600000\n- connection_retry_interval: The amount of time to wait before trying to reconnect to a disabled server. Default: 600000\n- cluster_synchronization_delay: The total amount of time to spend trying to make requests on keys go to the same device the key create or latest key modify went. Default: 170\n- credentials_encrypted: Whether the credentials are obfuscated.\n Options.\n - true\n - false (Default)\n- asymmetric_key_cache_enabled: Whether the asymmetric key caching is enabled.\n Options.\n - true (Default)\n - false\n- log_level: The level of logging to determine verbosity of clients logs.\n Options.\n - ERROR\n - WARN (Default)\n - INFO\n - DEBUG\n- log_rotation: Specifies how frequently the log file is rotated.\n Options.\n - None\n - Daily (Default)\n - Weekly\n - Monthly\n - Size\n- log_size_limit: The maximum size of log file. Default: 100K\n- log_gmt: This value specifies if timestamp in logs should be formatted in GMT or not. Default disabled\n- log_type: Type of the log.\n Options.\n - Console (Default)\n - File\n - Multi\n - Syslog\n- key_non_exportable_policy: Whether the policy for non exportable keys is enabled. Applicable only when symmetric cache is enabled.\n Options.\n - true\n - false (Default)\n- connection_timeout: Connection timeout value for clients. Default: 60000\n- unreachable_server_retry_period: The amount of time to try establishing a connection on a load balancer with the server. Default: 60000\n- connection_read_timeout: Read timeout value for clients. Default: 7000\n- ssl_handshake_timeout: Allocates a time for SSL handshake. If SSL handshake is not complete within this time period, the connection is closed. Default: 0\n- ignore_dns_resolution_failure \n- heartbeat_interval: Frequency interval for sending heartbeat by connectors. Default: 300\n- heartbeat_timeout_count: heartbeat timeout missed communication counts with CM for connectors to decide on cleanup profile cache. Default: -1\n- tls_to_appserver\n- dial_timeout: Specifies the maximum duration (in seconds) the DPG server will wait for a connection with the Application Server to succeed.\n- dial_keep_alive: Specifies the interval (in seconds) between keep-alive probes for an active network connection.\n- auth_method_used the parameter is used to define how and from where to validate the application user\n - scheme_name: the type of authentication scheme to be used to fetch the suer\n Options.\n - Basic (Default)\n - Bearer\n - token_field: the json field which have the user information. Required when scheme_name is Bearer.\n\nDPG Connector doesn't require the following parameters:\n- credentials_encrypted\n- asymmetric_key_cache_enabled\n- persistent_cache_enabled\n- persistent_cache_expiry_keys\n- persistent_cache_max_size\n- log_rotation\n- log_size_limit\n- log_max_backup_index\n- syslog_no_of_retries\n- syslog_retry_interval\n- syslog_retry_limit\n- ignore_dns_resolution_failure\n"},"lifetime":{"type":"string","description":"Validity of registration token.\n"},"cert_duration":{"type":"integer","description":"Duration for which client credentials are valid.\n"},"max_clients":{"type":"integer","description":"Number of clients that can register using a registration token.\n"}},"example":{"name":"client_profile","nae_iface_port":9000,"app_connector_type":"DPG","policy_id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","lifetime":"30d","cert_duration":730,"max_clients":200,"ca_id":"a9c41e81-2689-4b2c-adc0-f0e1f3612215","heartbeat_threshold":5,"csr_parameters":{"csr_cn":"","csr_country":"","csr_state":"","csr_city":"","csr_org_name":"","csr_org_unit":"","csr_email":""},"configurations":{"symmetric_key_cache_enabled":true,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"credentials_encrypted":false,"asymmetric_key_cache_enabled":true,"persistent_cache_enabled":false,"persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"WARN","log_rotation":"Daily","log_size_limit":"100k","log_max_backup_index":10,"log_type":"Console","maximum_idle_connection":10000,"maximum_idle_connection_per_host":10000,"dial_timeout":10,"dial_keep_alive":10,"key_non_exportable_policy":true,"symmetric_key_cache_expiry":43200,"connection_timeout":60000,"connection_read_timeout":7000,"heartbeat_interval":300,"heartbeat_timeout_count":-1,"thread_count":1,"batch_size":1000,"tls_to_appserver":{"tls_skip_verify":true,"tls_enabled":false},"auth_method_used":{"scheme_name":"Bearer","token_field":"username"}}}}}],"responses":{"201":{"description":"Client profile created successfully.","examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:clientProfile:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"client_profile","nae_iface_port":9000,"owner":"local|246d654d-aa6b-46a3-822a-b14032083427","reg_token":"8ozvQ7pprWSdh8sl1MJrEaqZCBaeUoEWPwDoh3HvFyAskHvvylur1AjKNft2dZrg","app_connector_type":"DPG","policy_id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","heartbeat_threshold":5,"ca_id":"a9c41e81-2689-4b2c-adc0-f0e1f3612216","csr_parameters":{"csr_cn":"","csr_country":"","csr_state":"","csr_city":"","csr_org_name":"","csr_org_unit":"","csr_email":""},"configurations":{"symmetric_key_cache_enabled":true,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"credentials_encrypted":false,"asymmetric_key_cache_enabled":true,"persistent_cache_enabled":false,"persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"WARN","log_rotation":"Daily","log_size_limit":"100k","log_max_backup_index":10,"log_type":"Console","maximum_idle_connection":10000,"maximum_idle_connection_per_host":10000,"dial_timeout":10,"dial_keep_alive":10,"key_non_exportable_policy":true,"symmetric_key_cache_expiry":43200,"connection_timeout":60000,"connection_read_timeout":7000,"heartbeat_interval":300,"heartbeat_timeout_count":-1,"thread_count":1,"batch_size":1000,"tls_to_appserver":{"tls_skip_verify":true,"tls_enabled":false},"auth_method_used":{"scheme_name":"Bearer","token_field":"username"}}}},"400":{"description":"Bad Request"},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/client-profiles/count":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Summary","description":"Returns a summary of the client profiles statuses.","tags":["Data Protection/Client Profiles"],"parameters":[{"name":"app_connector_type","in":"query","type":"string","required":false,"description":"Filters result by app connector type."}],"responses":{"200":{"description":"OK","schema":{"properties":{"total":{"type":"integer"},"healthy":{"type":"integer"},"warning":{"type":"integer"},"error":{"type":"integer"}}}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}}},"/v1/data-protection/client-profiles/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a client profile with a given id.\n","tags":["Data Protection/Client Profiles"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Client profile name."},"nae_iface_port":{"type":"integer","description":"nae interface name."},"app_connector_type":{"type":"string","description":"App connector type.\nOptions:\n- DPG\n- CADP For Java\n"},"policy_id":{"type":"string","description":"Policy identifier."},"generic_client_profile_id":{"type":"string","description":"Generic client profile identifier."},"client_configuration_id":{"type":"string","description":"Client configuration identifier."},"reg_token":{"type":"string","description":"Registration token."},"ca_id":{"type":"string","description":"Local CA."},"configurations":{"type":"object","description":"Configurations to be used by the client"},"csr_configuraions":{"type":"object","description":"CSR parameters to be used to created the signed certificate."},"meta":{"type":"object","description":"Meta information of the client profile."}}}]},"examples":{"id\"":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:clientProfile:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"client_profile","nae_iface_port":9000,"app_connector_type":"DPG","policy_id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","ca_id":"a9c41e81-2689-4b2c-adc0-f0e1f3612216","heartbeat_threshold":5,"csr_parameters":{"csr_cn":"","csr_country":"","csr_state":"","csr_city":"","csr_org_name":"","csr_org_unit":"","csr_email":""},"configurations":{"symmetric_key_cache_enabled":true,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"credentials_encrypted":false,"asymmetric_key_cache_enabled":true,"persistent_cache_enabled":false,"persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"WARN","log_rotation":"Daily","log_size_limit":"100k","log_max_backup_index":10,"log_type":"Console","maximum_idle_connection":10000,"maximum_idle_connection_per_host":10000,"dial_timeout":10,"dial_keep_alive":10,"key_non_exportable_policy":true,"symmetric_key_cache_expiry":43200,"connection_timeout":60000,"connection_read_timeout":7000,"heartbeat_interval":300,"heartbeat_timeout_count":-1,"thread_count":1,"batch_size":1000,"tls_to_appserver":{"tls_skip_verify":true,"tls_enabled":false},"auth_method_used":{"scheme_name":"Bearer","token_field":"username"}},"meta":{"has_clients":true}}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the configurations of a given client profile.\n","tags":["Data Protection/Client Profiles"],"parameters":[{"name":"body","in":"body","description":"The client profile configurations to be updated.\n","schema":{"type":"object","properties":{"name":{"type":"string","description":"Name to be updated.\n"},"nae_iface_port":{"type":"integer","description":"Nae interface to be updated.\n"},"app_connector_type":{"type":"string","description":"App connector type to be updated. Options:\n- DPG\n- CADP For Java\n"},"ca_id":{"type":"string","description":"Local CA to be updated.\n"},"heartbeat_threshold":{"type":"integer","description":"The Threshold by which client's connectivity_status will be moved to Error if not herabeat is received\n"},"policy_id":{"type":"string","description":"Policy to be updated.\n"},"csr_parameters":{"type":"object","description":"Client certificate parameters to be updated.\n- csr_cn: common name\n- csr_country: country name\n- csr_state: state name\n- csr_city: city name\n- csr_org_name: organization name\n- csr_org_unit: organizational unit\n- csr_email: email\n"},"configurations":{"type":"object","description":"Parameters required to initialize connector.\n- symmetric_key_cache_enabled: Whether the symmetric key cache is enabled.\n Options.\n - true (Default)\n - false\n- symmetric_key_cache_expiry: Time after which the symmetric key cache will expire. Default: 43200\n- symmetric_key_cache_auto_refresh_interval: Time after which a cached key will become eligible for refresh in cache. Default: 0\n- local_crypto_context_expiry: Time after which local cipher needs to be reinitialized with cached key. Default: 0\n- local_crypto_provider: Name of the provider to perform local encryption\n- persistent_cache_enabled: Whether the persistent key caching is enable/disable.\n Options.\n - true\n - false (Default)\n- persistent_cache_expiry_keys: Time after which the which a key is fetched from key manager. Default: 43200\n- persistent_cache_max_size: Maximum number of keys allowed in the persistent cache. Default: 100\n- verify_ssl_certificate: Verification of Key Manager IP address(IPV4 or IPV6)/host name against Subject Common Name (CN) or Subject Alternative Name (DNS or IP) in the certificate for clients\n Options.\n - true\n - false (Default)\n- syslog_server_ip: IP address (IPV4/IPV6) of the syslog server.\n- syslog_server_port: Port of the syslog server.\n- syslog_server_protocol: Protocol used to connect to syslog server.\n- syslog_no_of_retries: No. of times the connection is retried to Syslog Server.\n- syslog_retry_interval: The duration in seconds after which the connection is retried since the last try on Syslog Server.\n- syslog_retry_limit: Maximum number of times the client can retry for a particular connection.\n- use_persistent_connections: Whether the persistent connections is enabled.\n Options.\n - true (Default)\n - false\n- size_of_connection_pool: The maximum number of connections that can persist in connection pool. Default: 300\n- load_balancing_algorithm: Determines how the client selects a Key Manager from a load balancing group.\n Options.\n - round-robin (Default)\n - random\n- connection_idle_timeout: The time a connection is allowed to be idle in the connection pool before it gets automatically closed. Default: 600000\n- connection_retry_interval: The amount of time to wait before trying to reconnect to a disabled server. Default: 600000\n- cluster_synchronization_delay: The total amount of time to spend trying to make requests on keys go to the same device the key create or latest key modify went. Default: 170\n- credentials_encrypted: Whether the credentials are obfuscated.\n Options.\n - true\n - false (Default)\n- asymmetric_key_cache_enabled: Whether the asymmetric key caching is enabled.\n Options.\n - true (Default)\n - false\n- log_level: The level of logging to determine verbosity of clients logs.\n Options.\n - ERROR\n - WARN (Default)\n - INFO\n - DEBUG\n- log_rotation: Specifies how frequently the log file is rotated.\n Options.\n - None\n - Daily (Default)\n - Weekly\n - Monthly\n - Size\n- log_size_limit: The maximum size of log file. Default: 100K\n- log_gmt: This value specifies if timestamp in logs should be formatted in GMT or not. Default disabled\n- log_type: Type of the log.\n Options.\n - Console (Default)\n - File\n - Multi\n - Syslog\n- key_non_exportable_policy: Whether the policy for non exportable keys is enabled. Applicable only when symmetric cache is enabled.\n Options.\n - true\n - false (Default)\n- connection_timeout: Connection timeout value for clients. Default: 60000\n- unreachable_server_retry_period: The amount of time to try establishing a connection on a load balancer with the server. Default: 60000\n- connection_read_timeout: Read timeout value for clients. Default: 7000\n- ssl_handshake_timeout: Allocates a time for SSL handshake. If SSL handshake is not complete within this time period, the connection is closed. Default: 0\n- ignore_dns_resolution_failure \n- heartbeat_interval: Frequency interval for sending heartbeat by connectors. Default: 300\n- heartbeat_timeout_count: heartbeat timeout missed communication counts with CM for connectors to decide on cleanup profile cache. Default: -1\n- tls_to_appserver\n- dial_timeout: Specifies the maximum duration (in seconds) the DPG server will wait for a connection with the Application Server to succeed.\n- dial_keep_alive: Specifies the interval (in seconds) between keep-alive probes for an active network connection.\n- auth_method_used the parameter is used to define how and from where to validate the application user\n - scheme_name: the type of authentication scheme to be used to fetch the suer\n Options.\n - Basic (Default)\n - Bearer\n - token_field: the json field which have the user information. Required when scheme_name is Bearer.\n\nDPG Connector doesn't require the following parameters:\n- credentials_encrypted\n- asymmetric_key_cache_enabled\n- persistent_cache_enabled\n- persistent_cache_expiry_keys\n- persistent_cache_max_size\n- log_rotation\n- log_size_limit\n- log_max_backup_index\n- syslog_no_of_retries\n- syslog_retry_interval\n- syslog_retry_limit\n- ignore_dns_resolution_failure\n"},"lifetime":{"type":"string","description":"Extended lifetime of client registration token from current time in days.\n"},"max_clients":{"type":"integer","description":"Modify maximum number of clients that can be registered using this registration token.\n"}},"example":{"name":"client_profile","nae_iface_port":9000,"app_connector_type":"DPG","policy_id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","ca_id":"a9c41e81-2689-4b2c-adc0-f0e1f3612216","heartbeat_threshold":5,"csr_parameters":{"csr_cn":"","csr_country":"","csr_state":"","csr_city":"","csr_org_name":"","csr_org_unit":"","csr_email":""},"configurations":{"symmetric_key_cache_enabled":true,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"credentials_encrypted":false,"asymmetric_key_cache_enabled":true,"persistent_cache_enabled":false,"persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"WARN","log_rotation":"Daily","log_size_limit":"100k","log_max_backup_index":10,"log_type":"Console","maximum_idle_connection":10000,"maximum_idle_connection_per_host":10000,"dial_timeout":10,"dial_keep_alive":10,"key_non_exportable_policy":true,"symmetric_key_cache_expiry":43200,"connection_timeout":60000,"connection_read_timeout":7000,"heartbeat_interval":300,"heartbeat_timeout_count":-1,"thread_count":1,"batch_size":1000,"tls_to_appserver":{"tls_skip_verify":true,"tls_enabled":false},"auth_method_used":{"scheme_name":"Bearer","token_field":"username"}}}}}],"responses":{"200":{"description":"Client Profile updated successfully.","schema":{"type":"object"},"examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:clientProfile:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"client_profile","nae_iface_port":9000,"app_connector_type":"DPG","policy_id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","ca_id":"a9c41e81-2689-4b2c-adc0-f0e1f3612216","heartbeat_threshold":5,"lifetime":"40d","max_clients":400,"csr_parameters":{"csr_cn":"","csr_country":"","csr_state":"","csr_city":"","csr_org_name":"","csr_org_unit":"","csr_email":""},"configurations":{"symmetric_key_cache_enabled":true,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"credentials_encrypted":false,"asymmetric_key_cache_enabled":true,"persistent_cache_enabled":false,"persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"WARN","log_rotation":"Daily","log_size_limit":"100k","log_max_backup_index":10,"log_type":"Console","maximum_idle_connection":10000,"maximum_idle_connection_per_host":10000,"dial_timeout":10,"dial_keep_alive":10,"key_non_exportable_policy":true,"symmetric_key_cache_expiry":43200,"connection_timeout":60000,"connection_read_timeout":7000,"heartbeat_interval":300,"heartbeat_timeout_count":-1,"thread_count":1,"batch_size":1000,"tls_to_appserver":{"tls_skip_verify":true,"tls_enabled":false}},"meta":{"has_clients":true}}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"delete":{"summary":"Delete","description":"Deletes a client profile with a given id.\n","tags":["Data Protection/Client Profiles","Danger"],"responses":{"204":{"description":"No Content | Client profile deleted successfully."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/client-profiles/{id}/configuration":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a client configuration with a given id and version.\n","tags":["Data Protection/Client Profiles"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"policy_id":{"type":"string","description":"Policy identifier."},"configurations":{"type":"string","description":"Configurations to be used by the client."},"ip":{"type":"string","description":"IP of all the nodes in cluster."},"nae_iface_port":{"type":"integer","description":"Port of the nae_iface configured in the client profile."},"nae_iface_mode":{"type":"string","description":"Mode of the nae_iface configured in the client profile."}}}]},"examples":{"application/json":{"policy_id":"b9c41e81-2689-4b2c-adc0-f0e1f3612214","configurations":{"symmetric_key_cache_enabled":true,"verify_ssl_certificate":false,"syslog_server_ip":"","syslog_server_port":514,"syslog_server_protocol":"tcp_ok","syslog_no_of_retries":3,"syslog_retry_interval":1,"syslog_retry_limit":2,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"cluster_synchronization_delay":170,"credentials_encrypted":false,"asymmetric_key_cache_enabled":true,"persistent_cache_enabled":false,"persistent_cache_expiry_keys":43200,"persistent_cache_max_size":100,"log_level":"WARN","log_rotation":"Daily","log_size_limit":"100k","log_max_backup_index":10,"log_type":"Console","maximum_idle_connection":10000,"maximum_idle_connection_per_host":10000,"dial_timeout":10,"dial_keep_alive":10,"key_non_exportable_policy":true,"symmetric_key_cache_expiry":43200,"connection_timeout":60000,"connection_read_timeout":7000,"heartbeat_interval":300,"heartbeat_timeout_count":-1,"tls_to_appserver":{"tls_skip_verify":true,"tls_enabled":false},"auth_method_used":{"scheme_name":"Bearer","token_field":"username"}},"ip":"","nae_iface_port":9000,"nae_iface_mode":"ssl","version":1}}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/client-profiles/{id}/clean":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"delete":{"summary":"Clean","description":"Delete all the error clients associated with the provided client profile.\n","tags":["Data Protection/Client Profiles"],"responses":{"204":{"description":"No Content | Client profile cleaned successfully."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/client-profile-templates/{app_connector_type}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"app_connector_type","in":"path","description":"app_connector_type.","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the template of a client profile for the given app_connector_type.\n","tags":["Data Protection/Client Profiles","Private"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","properties":{"name":{"type":"string","description":"Client profile name."},"nae_iface_port":{"type":"integer","description":"nae interface name."},"app_connector_type":{"type":"string","description":"App connector type.\nOptions:\n- DPG\n- CADP For Java\n"},"policy_id":{"type":"string","description":"Policy identifier."},"generic_client_profile_id":{"type":"string","description":"Generic client profile identifier."},"client_configuration_id":{"type":"string","description":"Client configuration identifier."},"reg_token":{"type":"string","description":"Registration token."},"ca_id":{"type":"string","description":"Local CA."},"configurations":{"type":"object","description":"Configurations to be used by the client"},"csr_configuraions":{"type":"object","description":"CSR parameters to be used to created the signed certificate."},"meta":{"type":"object","description":"Meta information of the client profile."}}}]},"examples":{"app_connector_type\"":"DPG","configurations":{"symmetric_key_cache_enabled":true,"verify_ssl_certificate":false,"use_persistent_connections":true,"size_of_connection_pool":300,"load_balancing_algorithm":"round-robin","connection_idle_timeout":600000,"connection_retry_interval":600000,"log_level":"WARN","heartbeat_interval":300,"heartbeat_timeout_count":-1,"tls_to_appserver":{"tls_skip_verify":true,"tls_enabled":false},"auth_method_used":{"scheme_name":"Bearer","token_field":"username"}}}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}}},"/v1/data-protection/clients/":{"post":{"summary":"Register","description":"Adds a client to the CipherTrust Manager.\n","tags":["Data Protection/Clients"],"parameters":[{"name":"body","in":"body","description":"Parameters required to register clients on the CipherTrust Manager.","schema":{"type":"object","title":"Registers a client on the CipherTrust Manager.","required":["registration_token","app_connector_type"],"properties":{"name":{"type":"string","description":"Name of the client to be registered on the CipherTrust Manager."},"registration_token":{"type":"string","description":"Registration token used to register client on the CipherTrust Manager."},"app_connector_type":{"type":"string","description":"App connector type to be registered. Option:\n- DPG\n- CADP For Java\n"},"app_connector_version":{"type":"string","description":"Version of the app connector."},"client_os_version":{"type":"string","description":"OS version installed on the client."},"client_host_name":{"type":"string","description":"Host name of client."}},"example":{"registration_token":"d94ef4965e4344246e7f4213c108415","app_connector_type":"DPG"}}}],"responses":{"201":{"description":"Client registered successfully.","schema":{"type":"object"},"examples":{"id":"e299a250-3b5f-41f8-b83b-0968b15e58a9","name":"regToken_10","web_server_ca_cert":"-----BEGIN CERTIFICATE-----\nMIIGEDCCA/igAwIBAgIRAOI5moN2OJfJY8srwIa/i/wwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDlaFw0yMzEwMzAwNTEzNDlaMFwxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEcMBoG\nA1UEAxMTd2ViLmtleXNlY3VyZS5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBAMo7ktftKeRM2ATJwjsRh/AAFXIqYmSlJ3UQzYoJJDCJ2o76yhNO\nONSmaWnPPCyHginFNn84BNhGgx4NUegWvHLFpqkylgI6eoWtTaY8+Pm11tg/fgHY\nQWbe5riP63x+Cc21WKg/2uA5l93vKgjQKe2C0bgHDlXV7DQC8SlyJu5IjvJ+4zko\nl9MPpMphBEpnhEFAti0fmpi8+IyiWdcoq7YXU11086hFY6M+JqNPuZ740HaNc+/b\nsZiIPTnl1zJD5I86PjR+zC+AfRurQ8rJUmXl742zLGHxDZGV8VoTIkYrcKiAhiAh\n8twKh+GXMIUGoYmciLuZtww462m7OSL7BA0B+XDKwWJJjq6BygA7flV32Llz8OKz\nE5jfL0tBjz0UHKSEwHgQWFWywLZYJUUihSofHUA/DiNgT5O+EUF6HRTlEgFeGc09\nIOfig+BWkhy4IS0AE1y3irV/DUPzA47MGoYDCZnnXPoX2eJh75vtfal2Uw9qaSlv\nPD5Sr703fvB8adVS7KOgKj82psr/WXNNNeKfByv8/q2TGyOuPFLCI8PKy0pBoVS8\nL1WgXo8M3DPxFBHh55Cp6mz18Kj4WfpfNg1lsR6yGkyFlCGUapEkYou6w10wCbFR\noQM+S1r6IuO5rh0Xx18ZIV9ZLnUiVfXbpHsvkdJ4PXU1TeX31OezoicpAgMBAAGj\ngc4wgcswDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud\nEwEB/wQCMAAwHwYDVR0jBBgwFoAUNsL1o1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0R\nBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNvbTBVBgNVHR8ETjBMMEqgSKBGhkRodHRw\nOi8va2V5c2VjdXJlLmxvY2FsL2NybHMvYzRjMmY1YjYtY2Y3MC00ZTRkLWE4MmMt\nOTAwODNjNWZkNDQ4LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAgpgU5ydBPYNhWhKS\ncJQ8NRN/dIumrtBCp866L8c5ZlJ10c4dk2UBRXhZjlEGX0yohte7QKfvZbDsZKN7\nsU/4sbThE/A50+zZ2sCixDjZPUvmeTQCSr73dgbIPL/eJMvpTsLtbbJOeeyM5nlj\nIyyAFeIfjowrAB24iOxfBpR5E55gaVFo7gM4x1AEdgN51X8+qn8JsVESnuxu903w\nS2y+5q04X54YZyzIl6p0UsMUSdEJkzie6oDS6qO0/HkyhVN+ORn0d0wTQR3Zjbau\nsUJY9UvD7FCkOMgYgo6DqjMAZWQcKJ8KoJLYB01TCZmumoTmjUJ5sHf0ByKg4yIz\nY0waIfa3Ya7F39wHxCPdgmUXFCp7aACpwRcXb/tFMXhTO4ihun4lt2skOaWjIZID\nRMVfQl7Y+T73dFZdetVNq9DNWdIJvz7oK6rDtAcv2P3nc50c+Ph6B3Icg9cgtoe8\nimA5jquIvBP12sm+LcdW07IveBYW0WZWthN1qlNL/GvqaO0pbE/YuoqdCjNK10s3\nmG4/circaVrNqoDprN0vqGt1sQ0A9CWq8tmKrB6qWveQ/pNL+l0irRXIHESiaBNA\nfoYKsmvsvLPFzqlEbkrnlPP6SFm5wDAWLHE6qnjxnqRs/+eC4Atikj+U7ukdCtQs\nRXjOFoxWAz74NCSZyy5lsagnAWo=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAOm7x3MADwyJjpEDpX3pcdQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDBaFw0zMTA3MjUwNTEzNDBaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDrSxppqYiAEL23AG6hHZRfoLDrFGlihNAVV1vMrxLva2qp0msSGtoz\nwNbXHgqGUMxkUKfe0gzd+seoWdzG0g2igXv9inss8sUp35t5Z+5FPab974SOancy\nPWjBlv/p3hm0YJnSp29sQSfzUYcSneegqcS6Kv03dDuPl9rSqoOseUAgVS2yVMwg\nmTKcoe3jG6Yck0LeAb0dUnZuU1HVB4wy00K0PQ7/fb/jocW7Y6Va2UhuQYW+QE2k\nyG2Azf+CXSXhK9i+Cq0nDXwBbcHOwtWL+8Tp9T6KzdnRXCfHSehKEM2y8wyOiOBL\nm60lKzDyHj1GhTqwOe0jUJYarJO35QvYPJW9eKUan33EmF2SUWk5HEciuUnQQrCd\n/KuxB49cW2otEv3q4/G0Z+NNokC0awDWI7jAsczmtATKnLcNCzynKNSvQymULpES\nQcBOof6d/231i78NPl0VmIYCL2SAwhi2DUCoVRWGuoqiAmhVPbkmoEK9D0YFCWhC\nL1bKB5JDVsS7bNLA5g1fam9BASIhltaPgCMknFQzgkFPyGWpCy2+j+v/b+85uLC4\n/4lr2fue7SRlMYfwPBlh7RKpJ93JQNTSP9F1rY4E2FSk/pzj1VNQMRZT+UlXlQRZ\nUayQago1s2BViqSI0NZZpFtfPb0oZM4lsGJnqTc36q8loGp7l8QsxwIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUNsL1\no1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEAQWO9bwW2IHWkdSEBUZHEWL8zrOmB9qAa8sUS\nK5Squ73aQYpYBFE0DuVcRavaoGH33ED32Ke/rF1PU19QH8SJJsMU7+jiMBtOIArC\nIpk6Dt7Qs8iqMcLVur+cTHalUBSGNhexS/R4iHd9fCkVSeo4iXDQ7TpiXyiaCcEs\nBKlJo3eiW5XmoUidc3Tt9dzQsZJGLVh7kT/H/jmc6wlJfjDjerc/PArJgI2s6zJC\njwl6WCV6JmNvpydriAHK/l2MKpqCvJ9hRCh6K0c0wKW312FElUcOFEzAm2p1D4yg\nyK4FIFHQnJ18W2/pZuB4wMkkQ9rzWN2jF4lPH9rmz4E+Uvo57qzfk4ni80nYTeU6\n7srFvE5d2oI/FiECOm0v3utvsBuyf+/f4FQmtXfxHTxInOsEjDNw2SUpd5GZ2mw3\nBsfMKgBCaqbCdR0Jf/5Hy1aS9n8MvXwcQu0qfccpJwpGR4QkF1g1fwzr5kTRVSsF\nNuBBBF0XYsFiOPFkOLiyzUnwohsP5zAKfPiGkB80gHB7LJbLs8JFtE1Sy572iF2i\nKYf4FwUzL++51sYVpJEX/Z6KJ6PXMrzd1ebxS5G5W4/a+so+NtSVRrbAo7GHsUht\nw05YTYmnFMDc+uiNPVr2TaQNLOZyemr8Z4ZiXpwkdWpSaqseAeNBl5v38lcqcEj2\nXJQwSGc=\n-----END CERTIFICATE-----\n","nae_server_ca_cert":"-----BEGIN CERTIFICATE-----\nMIIGEDCCA/igAwIBAgIRAMOurameDqwT4tvjwR5qlvQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDRaFw0yMzEwMzAwNTEzNDRaMFwxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEcMBoG\nA1UEAxMTbmFlLmtleXNlY3VyZS5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBALoUdZ2FUYrH3K9yIfa/8btxY/ib+zX01hYBVNLIy0TqygIgHUKV\nYrDqQcYicOEl27S74gau8p+7otzh/0q6o4qzJBkYWIjAobt06gwzOf5RNE0aKHK0\nflVAVvUjWeXVHWXJT0ROMRXmi8n2gHajQMVBMYALYzC1Ibmulqw5FPRd68wyXMzo\nfK1aa6ZNrnnEi82nXn8mFtetF/px8jzFguuQNGSegM/Bdcqb+DmwByUf/d/Lj3Oa\n0AKLzLZPj3TTNn6v6tzghXqrhKz/OqR6Pn+2LO3KX1TdHBXY0gyVmc6U8BTK4XLQ\nJBo3W664mAcialHtyegR2WvdWuA4lesIOcIqngD2r4rnO2s/9petyiCpxA/WSuFf\nLeMWFN7FME0dFICjKJDfIkE40mhLVQoMzZTbN5sDADj3EdkAbAH2s5mJUY0D/1AR\nS7dSDjjTJWh1LIqnIEV21dwk1ROR1fkC+FSrPZxEvj90g576PUQhePbeyemEZ5Bz\n9jjSx0anLF4YHyYhJHqJfVdVircRcCYmURjuJQHMFEIh+HbAysG6waFS7FULq8dR\nPk0nycE4mLE+H7ErbcbCwbQNMfK20b5rlW4EMzgCFGO0/5pLQG+ecgm22Rp3mfYP\nS2Ae9ohQGmBP2hDFXX8rpbB7VK+Y3nJ849mnc2aIyIYaOD9/3K1jiBSBAgMBAAGj\ngc4wgcswDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud\nEwEB/wQCMAAwHwYDVR0jBBgwFoAUNsL1o1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0R\nBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNvbTBVBgNVHR8ETjBMMEqgSKBGhkRodHRw\nOi8va2V5c2VjdXJlLmxvY2FsL2NybHMvYzRjMmY1YjYtY2Y3MC00ZTRkLWE4MmMt\nOTAwODNjNWZkNDQ4LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAIrL1SJYBYFPbGlDO\nP2B3uRnf97H0aAgiu7DJjWWHyVKAyxvCTN/l0NGdTAfz8bBFnGgVQdnL6XfSKkge\n5GK2t66MyeUOlUZKakvx0vd7Nlsvi9w/0OCj6HV7GN/9OGuqpc3qNeZqFzAoTBe8\nlnwtb9HvCYAHDxnh46Ys3BGnNXgrnepkelf7QbqRT6cJlKj3GpoFvUI+BtxePW10\nIyHqp0Fvs92/npgT4LNKHa7wwuvCE+R1FJH+hsKjMEQbaI3wm/JmMiajBcxkRdzv\nKtYGJca6Gx3Eo2yfo+wx2sBTNzbtr9CwsIfQ22rV6XY5pM289V8Zf70K7vSCNZi2\nBRfaKxxT4tZVxycMKtN1/fsStUZi3AIZ7J/gvTnyx43btvpS2e30+DjOxTHqaaOu\n2nnF4EIb4AImCVSJ98CmGuZYH3f4quX7rNC7hLAoxUfHXgFv+7NeRvO7Ml3ZifYn\n1Ll5uX2W5SZnbJH1xyGhuKp4KYLn1eDvUWhf1PKJa5CdNTS7md1JB1OGWVJG0PrX\nHn1xnC87688nJSCv5sLq3o8CqJ7tW9PIX3WgRVR13mcWJKfGShrCsbHLJ1dvmRMI\nOmnZDntACkJ0GnhS4L2TSqqpqY+4BRe9OeNFYKamsWtbvCeDUNUj2u07gnlGx+l1\n/SxhHTW+4Xi4AqTFLxiFZQJFxng=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAOm7x3MADwyJjpEDpX3pcdQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDBaFw0zMTA3MjUwNTEzNDBaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDrSxppqYiAEL23AG6hHZRfoLDrFGlihNAVV1vMrxLva2qp0msSGtoz\nwNbXHgqGUMxkUKfe0gzd+seoWdzG0g2igXv9inss8sUp35t5Z+5FPab974SOancy\nPWjBlv/p3hm0YJnSp29sQSfzUYcSneegqcS6Kv03dDuPl9rSqoOseUAgVS2yVMwg\nmTKcoe3jG6Yck0LeAb0dUnZuU1HVB4wy00K0PQ7/fb/jocW7Y6Va2UhuQYW+QE2k\nyG2Azf+CXSXhK9i+Cq0nDXwBbcHOwtWL+8Tp9T6KzdnRXCfHSehKEM2y8wyOiOBL\nm60lKzDyHj1GhTqwOe0jUJYarJO35QvYPJW9eKUan33EmF2SUWk5HEciuUnQQrCd\n/KuxB49cW2otEv3q4/G0Z+NNokC0awDWI7jAsczmtATKnLcNCzynKNSvQymULpES\nQcBOof6d/231i78NPl0VmIYCL2SAwhi2DUCoVRWGuoqiAmhVPbkmoEK9D0YFCWhC\nL1bKB5JDVsS7bNLA5g1fam9BASIhltaPgCMknFQzgkFPyGWpCy2+j+v/b+85uLC4\n/4lr2fue7SRlMYfwPBlh7RKpJ93JQNTSP9F1rY4E2FSk/pzj1VNQMRZT+UlXlQRZ\nUayQago1s2BViqSI0NZZpFtfPb0oZM4lsGJnqTc36q8loGp7l8QsxwIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUNsL1\no1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEAQWO9bwW2IHWkdSEBUZHEWL8zrOmB9qAa8sUS\nK5Squ73aQYpYBFE0DuVcRavaoGH33ED32Ke/rF1PU19QH8SJJsMU7+jiMBtOIArC\nIpk6Dt7Qs8iqMcLVur+cTHalUBSGNhexS/R4iHd9fCkVSeo4iXDQ7TpiXyiaCcEs\nBKlJo3eiW5XmoUidc3Tt9dzQsZJGLVh7kT/H/jmc6wlJfjDjerc/PArJgI2s6zJC\njwl6WCV6JmNvpydriAHK/l2MKpqCvJ9hRCh6K0c0wKW312FElUcOFEzAm2p1D4yg\nyK4FIFHQnJ18W2/pZuB4wMkkQ9rzWN2jF4lPH9rmz4E+Uvo57qzfk4ni80nYTeU6\n7srFvE5d2oI/FiECOm0v3utvsBuyf+/f4FQmtXfxHTxInOsEjDNw2SUpd5GZ2mw3\nBsfMKgBCaqbCdR0Jf/5Hy1aS9n8MvXwcQu0qfccpJwpGR4QkF1g1fwzr5kTRVSsF\nNuBBBF0XYsFiOPFkOLiyzUnwohsP5zAKfPiGkB80gHB7LJbLs8JFtE1Sy572iF2i\nKYf4FwUzL++51sYVpJEX/Z6KJ6PXMrzd1ebxS5G5W4/a+so+NtSVRrbAo7GHsUht\nw05YTYmnFMDc+uiNPVr2TaQNLOZyemr8Z4ZiXpwkdWpSaqseAeNBl5v38lcqcEj2\nXJQwSGc=\n-----END CERTIFICATE-----\n","key":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIH+7jDVp34i+PJxFkc+rldTE47SfozlvWFHSSRNHIaqUoAoGCCqGSM49\nAwEHoUQDQgAEYhwMN7DUXv22EezBsKbw47MPjg1w6dFFESBIGmpz4tqiNVsD1rNM\n+ID8Z7Jg0xvlaDh1O0n5wmMSTf9qqDecbQ==\n-----END EC PRIVATE KEY-----\n","client_certificate":"-----BEGIN CERTIFICATE-----\nMIID5TCCAc2gAwIBAgIRAKpwpbwOSpTmsgYxCssZnpMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjgxNjExMDVaFw0yMzA3MjgxNjExMDVaMA8xDTALBgNVBAMTBGZzZGYwWTAT\nBgcqhkjOPQIBBggqhkjOPQMBBwNCAARiHAw3sNRe/bYR7MGwpvDjsw+ODXDp0UUR\nIEgaanPi2qI1WwPWs0z4gPxnsmDTG+VoOHU7SfnCYxJN/2qoN5xto4G7MIG4MA4G\nA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA\nMB8GA1UdIwQYMBaAFDbC9aNbPDd0ssqEG8PDap+ls3DTMAsGA1UdEQQEMAKBADBV\nBgNVHR8ETjBMMEqgSKBGhkRodHRwOi8va2V5c2VjdXJlLmxvY2FsL2NybHMvYzRj\nMmY1YjYtY2Y3MC00ZTRkLWE4MmMtOTAwODNjNWZkNDQ4LmNybDANBgkqhkiG9w0B\nAQsFAAOCAgEAD2201mw1EdlvHBG1qjlJwyLH/Eaa6aYu/j7ePFlUTrgttYRDXwRH\nZO9zJ1fw4S9PXXGZkhZDootoMJam19sSHoxR4lWV2iA0qa4RgRkM+rqlfTuHhOjP\nKJzhpKYifkhqT4bzoLWyLPZlbB3DIA8zdiIV22oOE07pGjIcg+/uIaNJYwnPeUN7\nAtsUgrZs33kBUoZkUa6+kVe92OZIxo92Pw6S4fYlys4ertDkVYaR97pOmlO5TF2t\nEgFIcjbbZxaIHeKgJ4hMofYaiklF40GsgJVKu4AKc9pf56/YUSqohfJV1eVRXkWK\nQlJdV+G5mZUZG8kYnpp9FpYB0we5T9HoIPqFmnfPNgkRasnt1whvYd/juxRY8vMe\n6jUD5fkhEQVo20+KBZG8gKv9nsCnrpqU9QjbuleecaNc+ptqQn8zNNLFeikt1P7D\nAmGTru+fQpUCL7WUMja9h+ecAFRyL1+kETctntEdIE25vhNUCWrdlPtQICeIYmed\noDd3kEwt1FQTnkYSQ4W2L2bS1LEP9d2cUeN4WmiF7r8V+jJhcuigQtQl/77tPNXi\nLRljqbWcwYkRS77BVbnaSs1wPjIC9SHzoAtpfpgFeXHffzJjLCfA3psqvVMh5ReR\nkfSglSpPU5khAdcP63jU0czOe6fRAPsV0z73COcXd7RlBoZo4df1oHU=\n-----END CERTIFICATE-----\n","client_profile_id":"cdbf487a-7815-4f17-982c-cd7736e1a2dc","client_profile_name":"sample_app","updated_at":"2021-07-29T16:11:05.667267Z","created_at":"2021-07-29T16:11:05.667267Z","valid_until":"2023-07-28 16:11:05 +0000 UTC","last_connected_at":"2023-07-28 16:11:05 +0000 UTC"}},"400":{"description":"Bad Request."},"404":{"description":"Resource not found.","schema":{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}}},"422":{"description":"Required parameters are missing.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"get":{"summary":"List","description":"Returns the list of clients added to the CipherTrust Manager. The results can be filtered, using the query parameters.\n","tags":["Data Protection/Clients"],"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"query","required":false,"type":"string","description":"Filters the results by client id."},{"name":"name","in":"query","required":false,"type":"string","description":"Filters the results by client name."},{"name":"app_connector_type","in":"query","required":false,"type":"string","description":"Filters the results by app connector type."},{"name":"client_profile_id","in":"query","required":false,"type":"string","description":"Filters the results by client profile ID."},{"name":"connectivity_status","in":"query","type":"string","description":"Filters the results by connectivity status."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on the CipherTrust Manager.","type":"string"},"client_certificate":{"description":"Client certificate issued by the CipherTrust Manager.","type":"string"}}}]}}}}]},"examples":{"skip":0,"limit":10,"total":1,"resources":[{"id":"e299a250-3b5f-41f8-b83b-0968b15e58a9","name":"regToken_10","web_server_ca_cert":"-----BEGIN CERTIFICATE-----\nMIIGEDCCA/igAwIBAgIRAOI5moN2OJfJY8srwIa/i/wwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDlaFw0yMzEwMzAwNTEzNDlaMFwxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEcMBoG\nA1UEAxMTd2ViLmtleXNlY3VyZS5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBAMo7ktftKeRM2ATJwjsRh/AAFXIqYmSlJ3UQzYoJJDCJ2o76yhNO\nONSmaWnPPCyHginFNn84BNhGgx4NUegWvHLFpqkylgI6eoWtTaY8+Pm11tg/fgHY\nQWbe5riP63x+Cc21WKg/2uA5l93vKgjQKe2C0bgHDlXV7DQC8SlyJu5IjvJ+4zko\nl9MPpMphBEpnhEFAti0fmpi8+IyiWdcoq7YXU11086hFY6M+JqNPuZ740HaNc+/b\nsZiIPTnl1zJD5I86PjR+zC+AfRurQ8rJUmXl742zLGHxDZGV8VoTIkYrcKiAhiAh\n8twKh+GXMIUGoYmciLuZtww462m7OSL7BA0B+XDKwWJJjq6BygA7flV32Llz8OKz\nE5jfL0tBjz0UHKSEwHgQWFWywLZYJUUihSofHUA/DiNgT5O+EUF6HRTlEgFeGc09\nIOfig+BWkhy4IS0AE1y3irV/DUPzA47MGoYDCZnnXPoX2eJh75vtfal2Uw9qaSlv\nPD5Sr703fvB8adVS7KOgKj82psr/WXNNNeKfByv8/q2TGyOuPFLCI8PKy0pBoVS8\nL1WgXo8M3DPxFBHh55Cp6mz18Kj4WfpfNg1lsR6yGkyFlCGUapEkYou6w10wCbFR\noQM+S1r6IuO5rh0Xx18ZIV9ZLnUiVfXbpHsvkdJ4PXU1TeX31OezoicpAgMBAAGj\ngc4wgcswDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud\nEwEB/wQCMAAwHwYDVR0jBBgwFoAUNsL1o1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0R\nBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNvbTBVBgNVHR8ETjBMMEqgSKBGhkRodHRw\nOi8va2V5c2VjdXJlLmxvY2FsL2NybHMvYzRjMmY1YjYtY2Y3MC00ZTRkLWE4MmMt\nOTAwODNjNWZkNDQ4LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAgpgU5ydBPYNhWhKS\ncJQ8NRN/dIumrtBCp866L8c5ZlJ10c4dk2UBRXhZjlEGX0yohte7QKfvZbDsZKN7\nsU/4sbThE/A50+zZ2sCixDjZPUvmeTQCSr73dgbIPL/eJMvpTsLtbbJOeeyM5nlj\nIyyAFeIfjowrAB24iOxfBpR5E55gaVFo7gM4x1AEdgN51X8+qn8JsVESnuxu903w\nS2y+5q04X54YZyzIl6p0UsMUSdEJkzie6oDS6qO0/HkyhVN+ORn0d0wTQR3Zjbau\nsUJY9UvD7FCkOMgYgo6DqjMAZWQcKJ8KoJLYB01TCZmumoTmjUJ5sHf0ByKg4yIz\nY0waIfa3Ya7F39wHxCPdgmUXFCp7aACpwRcXb/tFMXhTO4ihun4lt2skOaWjIZID\nRMVfQl7Y+T73dFZdetVNq9DNWdIJvz7oK6rDtAcv2P3nc50c+Ph6B3Icg9cgtoe8\nimA5jquIvBP12sm+LcdW07IveBYW0WZWthN1qlNL/GvqaO0pbE/YuoqdCjNK10s3\nmG4/circaVrNqoDprN0vqGt1sQ0A9CWq8tmKrB6qWveQ/pNL+l0irRXIHESiaBNA\nfoYKsmvsvLPFzqlEbkrnlPP6SFm5wDAWLHE6qnjxnqRs/+eC4Atikj+U7ukdCtQs\nRXjOFoxWAz74NCSZyy5lsagnAWo=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAOm7x3MADwyJjpEDpX3pcdQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDBaFw0zMTA3MjUwNTEzNDBaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDrSxppqYiAEL23AG6hHZRfoLDrFGlihNAVV1vMrxLva2qp0msSGtoz\nwNbXHgqGUMxkUKfe0gzd+seoWdzG0g2igXv9inss8sUp35t5Z+5FPab974SOancy\nPWjBlv/p3hm0YJnSp29sQSfzUYcSneegqcS6Kv03dDuPl9rSqoOseUAgVS2yVMwg\nmTKcoe3jG6Yck0LeAb0dUnZuU1HVB4wy00K0PQ7/fb/jocW7Y6Va2UhuQYW+QE2k\nyG2Azf+CXSXhK9i+Cq0nDXwBbcHOwtWL+8Tp9T6KzdnRXCfHSehKEM2y8wyOiOBL\nm60lKzDyHj1GhTqwOe0jUJYarJO35QvYPJW9eKUan33EmF2SUWk5HEciuUnQQrCd\n/KuxB49cW2otEv3q4/G0Z+NNokC0awDWI7jAsczmtATKnLcNCzynKNSvQymULpES\nQcBOof6d/231i78NPl0VmIYCL2SAwhi2DUCoVRWGuoqiAmhVPbkmoEK9D0YFCWhC\nL1bKB5JDVsS7bNLA5g1fam9BASIhltaPgCMknFQzgkFPyGWpCy2+j+v/b+85uLC4\n/4lr2fue7SRlMYfwPBlh7RKpJ93JQNTSP9F1rY4E2FSk/pzj1VNQMRZT+UlXlQRZ\nUayQago1s2BViqSI0NZZpFtfPb0oZM4lsGJnqTc36q8loGp7l8QsxwIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUNsL1\no1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEAQWO9bwW2IHWkdSEBUZHEWL8zrOmB9qAa8sUS\nK5Squ73aQYpYBFE0DuVcRavaoGH33ED32Ke/rF1PU19QH8SJJsMU7+jiMBtOIArC\nIpk6Dt7Qs8iqMcLVur+cTHalUBSGNhexS/R4iHd9fCkVSeo4iXDQ7TpiXyiaCcEs\nBKlJo3eiW5XmoUidc3Tt9dzQsZJGLVh7kT/H/jmc6wlJfjDjerc/PArJgI2s6zJC\njwl6WCV6JmNvpydriAHK/l2MKpqCvJ9hRCh6K0c0wKW312FElUcOFEzAm2p1D4yg\nyK4FIFHQnJ18W2/pZuB4wMkkQ9rzWN2jF4lPH9rmz4E+Uvo57qzfk4ni80nYTeU6\n7srFvE5d2oI/FiECOm0v3utvsBuyf+/f4FQmtXfxHTxInOsEjDNw2SUpd5GZ2mw3\nBsfMKgBCaqbCdR0Jf/5Hy1aS9n8MvXwcQu0qfccpJwpGR4QkF1g1fwzr5kTRVSsF\nNuBBBF0XYsFiOPFkOLiyzUnwohsP5zAKfPiGkB80gHB7LJbLs8JFtE1Sy572iF2i\nKYf4FwUzL++51sYVpJEX/Z6KJ6PXMrzd1ebxS5G5W4/a+so+NtSVRrbAo7GHsUht\nw05YTYmnFMDc+uiNPVr2TaQNLOZyemr8Z4ZiXpwkdWpSaqseAeNBl5v38lcqcEj2\nXJQwSGc=\n-----END CERTIFICATE-----\n","nae_server_ca_cert":"-----BEGIN CERTIFICATE-----\nMIIGEDCCA/igAwIBAgIRAMOurameDqwT4tvjwR5qlvQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDRaFw0yMzEwMzAwNTEzNDRaMFwxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEcMBoG\nA1UEAxMTbmFlLmtleXNlY3VyZS5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBALoUdZ2FUYrH3K9yIfa/8btxY/ib+zX01hYBVNLIy0TqygIgHUKV\nYrDqQcYicOEl27S74gau8p+7otzh/0q6o4qzJBkYWIjAobt06gwzOf5RNE0aKHK0\nflVAVvUjWeXVHWXJT0ROMRXmi8n2gHajQMVBMYALYzC1Ibmulqw5FPRd68wyXMzo\nfK1aa6ZNrnnEi82nXn8mFtetF/px8jzFguuQNGSegM/Bdcqb+DmwByUf/d/Lj3Oa\n0AKLzLZPj3TTNn6v6tzghXqrhKz/OqR6Pn+2LO3KX1TdHBXY0gyVmc6U8BTK4XLQ\nJBo3W664mAcialHtyegR2WvdWuA4lesIOcIqngD2r4rnO2s/9petyiCpxA/WSuFf\nLeMWFN7FME0dFICjKJDfIkE40mhLVQoMzZTbN5sDADj3EdkAbAH2s5mJUY0D/1AR\nS7dSDjjTJWh1LIqnIEV21dwk1ROR1fkC+FSrPZxEvj90g576PUQhePbeyemEZ5Bz\n9jjSx0anLF4YHyYhJHqJfVdVircRcCYmURjuJQHMFEIh+HbAysG6waFS7FULq8dR\nPk0nycE4mLE+H7ErbcbCwbQNMfK20b5rlW4EMzgCFGO0/5pLQG+ecgm22Rp3mfYP\nS2Ae9ohQGmBP2hDFXX8rpbB7VK+Y3nJ849mnc2aIyIYaOD9/3K1jiBSBAgMBAAGj\ngc4wgcswDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud\nEwEB/wQCMAAwHwYDVR0jBBgwFoAUNsL1o1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0R\nBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNvbTBVBgNVHR8ETjBMMEqgSKBGhkRodHRw\nOi8va2V5c2VjdXJlLmxvY2FsL2NybHMvYzRjMmY1YjYtY2Y3MC00ZTRkLWE4MmMt\nOTAwODNjNWZkNDQ4LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAIrL1SJYBYFPbGlDO\nP2B3uRnf97H0aAgiu7DJjWWHyVKAyxvCTN/l0NGdTAfz8bBFnGgVQdnL6XfSKkge\n5GK2t66MyeUOlUZKakvx0vd7Nlsvi9w/0OCj6HV7GN/9OGuqpc3qNeZqFzAoTBe8\nlnwtb9HvCYAHDxnh46Ys3BGnNXgrnepkelf7QbqRT6cJlKj3GpoFvUI+BtxePW10\nIyHqp0Fvs92/npgT4LNKHa7wwuvCE+R1FJH+hsKjMEQbaI3wm/JmMiajBcxkRdzv\nKtYGJca6Gx3Eo2yfo+wx2sBTNzbtr9CwsIfQ22rV6XY5pM289V8Zf70K7vSCNZi2\nBRfaKxxT4tZVxycMKtN1/fsStUZi3AIZ7J/gvTnyx43btvpS2e30+DjOxTHqaaOu\n2nnF4EIb4AImCVSJ98CmGuZYH3f4quX7rNC7hLAoxUfHXgFv+7NeRvO7Ml3ZifYn\n1Ll5uX2W5SZnbJH1xyGhuKp4KYLn1eDvUWhf1PKJa5CdNTS7md1JB1OGWVJG0PrX\nHn1xnC87688nJSCv5sLq3o8CqJ7tW9PIX3WgRVR13mcWJKfGShrCsbHLJ1dvmRMI\nOmnZDntACkJ0GnhS4L2TSqqpqY+4BRe9OeNFYKamsWtbvCeDUNUj2u07gnlGx+l1\n/SxhHTW+4Xi4AqTFLxiFZQJFxng=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAOm7x3MADwyJjpEDpX3pcdQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDBaFw0zMTA3MjUwNTEzNDBaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDrSxppqYiAEL23AG6hHZRfoLDrFGlihNAVV1vMrxLva2qp0msSGtoz\nwNbXHgqGUMxkUKfe0gzd+seoWdzG0g2igXv9inss8sUp35t5Z+5FPab974SOancy\nPWjBlv/p3hm0YJnSp29sQSfzUYcSneegqcS6Kv03dDuPl9rSqoOseUAgVS2yVMwg\nmTKcoe3jG6Yck0LeAb0dUnZuU1HVB4wy00K0PQ7/fb/jocW7Y6Va2UhuQYW+QE2k\nyG2Azf+CXSXhK9i+Cq0nDXwBbcHOwtWL+8Tp9T6KzdnRXCfHSehKEM2y8wyOiOBL\nm60lKzDyHj1GhTqwOe0jUJYarJO35QvYPJW9eKUan33EmF2SUWk5HEciuUnQQrCd\n/KuxB49cW2otEv3q4/G0Z+NNokC0awDWI7jAsczmtATKnLcNCzynKNSvQymULpES\nQcBOof6d/231i78NPl0VmIYCL2SAwhi2DUCoVRWGuoqiAmhVPbkmoEK9D0YFCWhC\nL1bKB5JDVsS7bNLA5g1fam9BASIhltaPgCMknFQzgkFPyGWpCy2+j+v/b+85uLC4\n/4lr2fue7SRlMYfwPBlh7RKpJ93JQNTSP9F1rY4E2FSk/pzj1VNQMRZT+UlXlQRZ\nUayQago1s2BViqSI0NZZpFtfPb0oZM4lsGJnqTc36q8loGp7l8QsxwIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUNsL1\no1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEAQWO9bwW2IHWkdSEBUZHEWL8zrOmB9qAa8sUS\nK5Squ73aQYpYBFE0DuVcRavaoGH33ED32Ke/rF1PU19QH8SJJsMU7+jiMBtOIArC\nIpk6Dt7Qs8iqMcLVur+cTHalUBSGNhexS/R4iHd9fCkVSeo4iXDQ7TpiXyiaCcEs\nBKlJo3eiW5XmoUidc3Tt9dzQsZJGLVh7kT/H/jmc6wlJfjDjerc/PArJgI2s6zJC\njwl6WCV6JmNvpydriAHK/l2MKpqCvJ9hRCh6K0c0wKW312FElUcOFEzAm2p1D4yg\nyK4FIFHQnJ18W2/pZuB4wMkkQ9rzWN2jF4lPH9rmz4E+Uvo57qzfk4ni80nYTeU6\n7srFvE5d2oI/FiECOm0v3utvsBuyf+/f4FQmtXfxHTxInOsEjDNw2SUpd5GZ2mw3\nBsfMKgBCaqbCdR0Jf/5Hy1aS9n8MvXwcQu0qfccpJwpGR4QkF1g1fwzr5kTRVSsF\nNuBBBF0XYsFiOPFkOLiyzUnwohsP5zAKfPiGkB80gHB7LJbLs8JFtE1Sy572iF2i\nKYf4FwUzL++51sYVpJEX/Z6KJ6PXMrzd1ebxS5G5W4/a+so+NtSVRrbAo7GHsUht\nw05YTYmnFMDc+uiNPVr2TaQNLOZyemr8Z4ZiXpwkdWpSaqseAeNBl5v38lcqcEj2\nXJQwSGc=\n-----END CERTIFICATE-----\n","key":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIH+7jDVp34i+PJxFkc+rldTE47SfozlvWFHSSRNHIaqUoAoGCCqGSM49\nAwEHoUQDQgAEYhwMN7DUXv22EezBsKbw47MPjg1w6dFFESBIGmpz4tqiNVsD1rNM\n+ID8Z7Jg0xvlaDh1O0n5wmMSTf9qqDecbQ==\n-----END EC PRIVATE KEY-----\n","client_certificate":"-----BEGIN CERTIFICATE-----\nMIID5TCCAc2gAwIBAgIRAKpwpbwOSpTmsgYxCssZnpMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjgxNjExMDVaFw0yMzA3MjgxNjExMDVaMA8xDTALBgNVBAMTBGZzZGYwWTAT\nBgcqhkjOPQIBBggqhkjOPQMBBwNCAARiHAw3sNRe/bYR7MGwpvDjsw+ODXDp0UUR\nIEgaanPi2qI1WwPWs0z4gPxnsmDTG+VoOHU7SfnCYxJN/2qoN5xto4G7MIG4MA4G\nA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA\nMB8GA1UdIwQYMBaAFDbC9aNbPDd0ssqEG8PDap+ls3DTMAsGA1UdEQQEMAKBADBV\nBgNVHR8ETjBMMEqgSKBGhkRodHRwOi8va2V5c2VjdXJlLmxvY2FsL2NybHMvYzRj\nMmY1YjYtY2Y3MC00ZTRkLWE4MmMtOTAwODNjNWZkNDQ4LmNybDANBgkqhkiG9w0B\nAQsFAAOCAgEAD2201mw1EdlvHBG1qjlJwyLH/Eaa6aYu/j7ePFlUTrgttYRDXwRH\nZO9zJ1fw4S9PXXGZkhZDootoMJam19sSHoxR4lWV2iA0qa4RgRkM+rqlfTuHhOjP\nKJzhpKYifkhqT4bzoLWyLPZlbB3DIA8zdiIV22oOE07pGjIcg+/uIaNJYwnPeUN7\nAtsUgrZs33kBUoZkUa6+kVe92OZIxo92Pw6S4fYlys4ertDkVYaR97pOmlO5TF2t\nEgFIcjbbZxaIHeKgJ4hMofYaiklF40GsgJVKu4AKc9pf56/YUSqohfJV1eVRXkWK\nQlJdV+G5mZUZG8kYnpp9FpYB0we5T9HoIPqFmnfPNgkRasnt1whvYd/juxRY8vMe\n6jUD5fkhEQVo20+KBZG8gKv9nsCnrpqU9QjbuleecaNc+ptqQn8zNNLFeikt1P7D\nAmGTru+fQpUCL7WUMja9h+ecAFRyL1+kETctntEdIE25vhNUCWrdlPtQICeIYmed\noDd3kEwt1FQTnkYSQ4W2L2bS1LEP9d2cUeN4WmiF7r8V+jJhcuigQtQl/77tPNXi\nLRljqbWcwYkRS77BVbnaSs1wPjIC9SHzoAtpfpgFeXHffzJjLCfA3psqvVMh5ReR\nkfSglSpPU5khAdcP63jU0czOe6fRAPsV0z73COcXd7RlBoZo4df1oHU=\n-----END CERTIFICATE-----\n","client_profile_id":"cdbf487a-7815-4f17-982c-cd7736e1a2dc","updated_at":"2021-07-29T16:11:05.667267Z","created_at":"2021-07-29T16:11:05.667267Z","valid_until":"2023-07-28 16:11:05 +0000 UTC","last_connected_at":"2023-07-28 16:11:05 +0000 UTC"}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}}},"/v1/data-protection/clients/count":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Summary","description":"Returns a summary of the clients statuses.","tags":["Data Protection/Clients"],"parameters":[{"name":"client_profile_id","in":"query","required":false,"type":"string","description":"Filters the results by client profile ID."}],"responses":{"200":{"description":"OK","schema":{"properties":{"total":{"type":"integer"},"healthy":{"type":"integer"},"warning":{"type":"integer"},"error":{"type":"integer"}}}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}}},"/v1/data-protection/clients/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a client with a given id.","tags":["Data Protection/Clients"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","description":"Date/time the application was created"},"updatedAt":{"type":"string","format":"date-time","description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"description":"Name to identify a client on the CipherTrust Manager.","type":"string"},"client_certificate":{"description":"Client certificate issued by the CipherTrust Manager.","type":"string"}}}]},"examples":{"id":"e299a250-3b5f-41f8-b83b-0968b15e58a9","name":"regToken_10","web_server_ca_cert":"-----BEGIN CERTIFICATE-----\nMIIGEDCCA/igAwIBAgIRAOI5moN2OJfJY8srwIa/i/wwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDlaFw0yMzEwMzAwNTEzNDlaMFwxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEcMBoG\nA1UEAxMTd2ViLmtleXNlY3VyZS5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBAMo7ktftKeRM2ATJwjsRh/AAFXIqYmSlJ3UQzYoJJDCJ2o76yhNO\nONSmaWnPPCyHginFNn84BNhGgx4NUegWvHLFpqkylgI6eoWtTaY8+Pm11tg/fgHY\nQWbe5riP63x+Cc21WKg/2uA5l93vKgjQKe2C0bgHDlXV7DQC8SlyJu5IjvJ+4zko\nl9MPpMphBEpnhEFAti0fmpi8+IyiWdcoq7YXU11086hFY6M+JqNPuZ740HaNc+/b\nsZiIPTnl1zJD5I86PjR+zC+AfRurQ8rJUmXl742zLGHxDZGV8VoTIkYrcKiAhiAh\n8twKh+GXMIUGoYmciLuZtww462m7OSL7BA0B+XDKwWJJjq6BygA7flV32Llz8OKz\nE5jfL0tBjz0UHKSEwHgQWFWywLZYJUUihSofHUA/DiNgT5O+EUF6HRTlEgFeGc09\nIOfig+BWkhy4IS0AE1y3irV/DUPzA47MGoYDCZnnXPoX2eJh75vtfal2Uw9qaSlv\nPD5Sr703fvB8adVS7KOgKj82psr/WXNNNeKfByv8/q2TGyOuPFLCI8PKy0pBoVS8\nL1WgXo8M3DPxFBHh55Cp6mz18Kj4WfpfNg1lsR6yGkyFlCGUapEkYou6w10wCbFR\noQM+S1r6IuO5rh0Xx18ZIV9ZLnUiVfXbpHsvkdJ4PXU1TeX31OezoicpAgMBAAGj\ngc4wgcswDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud\nEwEB/wQCMAAwHwYDVR0jBBgwFoAUNsL1o1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0R\nBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNvbTBVBgNVHR8ETjBMMEqgSKBGhkRodHRw\nOi8va2V5c2VjdXJlLmxvY2FsL2NybHMvYzRjMmY1YjYtY2Y3MC00ZTRkLWE4MmMt\nOTAwODNjNWZkNDQ4LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAgpgU5ydBPYNhWhKS\ncJQ8NRN/dIumrtBCp866L8c5ZlJ10c4dk2UBRXhZjlEGX0yohte7QKfvZbDsZKN7\nsU/4sbThE/A50+zZ2sCixDjZPUvmeTQCSr73dgbIPL/eJMvpTsLtbbJOeeyM5nlj\nIyyAFeIfjowrAB24iOxfBpR5E55gaVFo7gM4x1AEdgN51X8+qn8JsVESnuxu903w\nS2y+5q04X54YZyzIl6p0UsMUSdEJkzie6oDS6qO0/HkyhVN+ORn0d0wTQR3Zjbau\nsUJY9UvD7FCkOMgYgo6DqjMAZWQcKJ8KoJLYB01TCZmumoTmjUJ5sHf0ByKg4yIz\nY0waIfa3Ya7F39wHxCPdgmUXFCp7aACpwRcXb/tFMXhTO4ihun4lt2skOaWjIZID\nRMVfQl7Y+T73dFZdetVNq9DNWdIJvz7oK6rDtAcv2P3nc50c+Ph6B3Icg9cgtoe8\nimA5jquIvBP12sm+LcdW07IveBYW0WZWthN1qlNL/GvqaO0pbE/YuoqdCjNK10s3\nmG4/circaVrNqoDprN0vqGt1sQ0A9CWq8tmKrB6qWveQ/pNL+l0irRXIHESiaBNA\nfoYKsmvsvLPFzqlEbkrnlPP6SFm5wDAWLHE6qnjxnqRs/+eC4Atikj+U7ukdCtQs\nRXjOFoxWAz74NCSZyy5lsagnAWo=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAOm7x3MADwyJjpEDpX3pcdQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDBaFw0zMTA3MjUwNTEzNDBaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDrSxppqYiAEL23AG6hHZRfoLDrFGlihNAVV1vMrxLva2qp0msSGtoz\nwNbXHgqGUMxkUKfe0gzd+seoWdzG0g2igXv9inss8sUp35t5Z+5FPab974SOancy\nPWjBlv/p3hm0YJnSp29sQSfzUYcSneegqcS6Kv03dDuPl9rSqoOseUAgVS2yVMwg\nmTKcoe3jG6Yck0LeAb0dUnZuU1HVB4wy00K0PQ7/fb/jocW7Y6Va2UhuQYW+QE2k\nyG2Azf+CXSXhK9i+Cq0nDXwBbcHOwtWL+8Tp9T6KzdnRXCfHSehKEM2y8wyOiOBL\nm60lKzDyHj1GhTqwOe0jUJYarJO35QvYPJW9eKUan33EmF2SUWk5HEciuUnQQrCd\n/KuxB49cW2otEv3q4/G0Z+NNokC0awDWI7jAsczmtATKnLcNCzynKNSvQymULpES\nQcBOof6d/231i78NPl0VmIYCL2SAwhi2DUCoVRWGuoqiAmhVPbkmoEK9D0YFCWhC\nL1bKB5JDVsS7bNLA5g1fam9BASIhltaPgCMknFQzgkFPyGWpCy2+j+v/b+85uLC4\n/4lr2fue7SRlMYfwPBlh7RKpJ93JQNTSP9F1rY4E2FSk/pzj1VNQMRZT+UlXlQRZ\nUayQago1s2BViqSI0NZZpFtfPb0oZM4lsGJnqTc36q8loGp7l8QsxwIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUNsL1\no1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEAQWO9bwW2IHWkdSEBUZHEWL8zrOmB9qAa8sUS\nK5Squ73aQYpYBFE0DuVcRavaoGH33ED32Ke/rF1PU19QH8SJJsMU7+jiMBtOIArC\nIpk6Dt7Qs8iqMcLVur+cTHalUBSGNhexS/R4iHd9fCkVSeo4iXDQ7TpiXyiaCcEs\nBKlJo3eiW5XmoUidc3Tt9dzQsZJGLVh7kT/H/jmc6wlJfjDjerc/PArJgI2s6zJC\njwl6WCV6JmNvpydriAHK/l2MKpqCvJ9hRCh6K0c0wKW312FElUcOFEzAm2p1D4yg\nyK4FIFHQnJ18W2/pZuB4wMkkQ9rzWN2jF4lPH9rmz4E+Uvo57qzfk4ni80nYTeU6\n7srFvE5d2oI/FiECOm0v3utvsBuyf+/f4FQmtXfxHTxInOsEjDNw2SUpd5GZ2mw3\nBsfMKgBCaqbCdR0Jf/5Hy1aS9n8MvXwcQu0qfccpJwpGR4QkF1g1fwzr5kTRVSsF\nNuBBBF0XYsFiOPFkOLiyzUnwohsP5zAKfPiGkB80gHB7LJbLs8JFtE1Sy572iF2i\nKYf4FwUzL++51sYVpJEX/Z6KJ6PXMrzd1ebxS5G5W4/a+so+NtSVRrbAo7GHsUht\nw05YTYmnFMDc+uiNPVr2TaQNLOZyemr8Z4ZiXpwkdWpSaqseAeNBl5v38lcqcEj2\nXJQwSGc=\n-----END CERTIFICATE-----\n","nae_server_ca_cert":"-----BEGIN CERTIFICATE-----\nMIIGEDCCA/igAwIBAgIRAMOurameDqwT4tvjwR5qlvQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDRaFw0yMzEwMzAwNTEzNDRaMFwxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEcMBoG\nA1UEAxMTbmFlLmtleXNlY3VyZS5sb2NhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBALoUdZ2FUYrH3K9yIfa/8btxY/ib+zX01hYBVNLIy0TqygIgHUKV\nYrDqQcYicOEl27S74gau8p+7otzh/0q6o4qzJBkYWIjAobt06gwzOf5RNE0aKHK0\nflVAVvUjWeXVHWXJT0ROMRXmi8n2gHajQMVBMYALYzC1Ibmulqw5FPRd68wyXMzo\nfK1aa6ZNrnnEi82nXn8mFtetF/px8jzFguuQNGSegM/Bdcqb+DmwByUf/d/Lj3Oa\n0AKLzLZPj3TTNn6v6tzghXqrhKz/OqR6Pn+2LO3KX1TdHBXY0gyVmc6U8BTK4XLQ\nJBo3W664mAcialHtyegR2WvdWuA4lesIOcIqngD2r4rnO2s/9petyiCpxA/WSuFf\nLeMWFN7FME0dFICjKJDfIkE40mhLVQoMzZTbN5sDADj3EdkAbAH2s5mJUY0D/1AR\nS7dSDjjTJWh1LIqnIEV21dwk1ROR1fkC+FSrPZxEvj90g576PUQhePbeyemEZ5Bz\n9jjSx0anLF4YHyYhJHqJfVdVircRcCYmURjuJQHMFEIh+HbAysG6waFS7FULq8dR\nPk0nycE4mLE+H7ErbcbCwbQNMfK20b5rlW4EMzgCFGO0/5pLQG+ecgm22Rp3mfYP\nS2Ae9ohQGmBP2hDFXX8rpbB7VK+Y3nJ849mnc2aIyIYaOD9/3K1jiBSBAgMBAAGj\ngc4wgcswDgYDVR0PAQH/BAQDAgOIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1Ud\nEwEB/wQCMAAwHwYDVR0jBBgwFoAUNsL1o1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0R\nBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNvbTBVBgNVHR8ETjBMMEqgSKBGhkRodHRw\nOi8va2V5c2VjdXJlLmxvY2FsL2NybHMvYzRjMmY1YjYtY2Y3MC00ZTRkLWE4MmMt\nOTAwODNjNWZkNDQ4LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAIrL1SJYBYFPbGlDO\nP2B3uRnf97H0aAgiu7DJjWWHyVKAyxvCTN/l0NGdTAfz8bBFnGgVQdnL6XfSKkge\n5GK2t66MyeUOlUZKakvx0vd7Nlsvi9w/0OCj6HV7GN/9OGuqpc3qNeZqFzAoTBe8\nlnwtb9HvCYAHDxnh46Ys3BGnNXgrnepkelf7QbqRT6cJlKj3GpoFvUI+BtxePW10\nIyHqp0Fvs92/npgT4LNKHa7wwuvCE+R1FJH+hsKjMEQbaI3wm/JmMiajBcxkRdzv\nKtYGJca6Gx3Eo2yfo+wx2sBTNzbtr9CwsIfQ22rV6XY5pM289V8Zf70K7vSCNZi2\nBRfaKxxT4tZVxycMKtN1/fsStUZi3AIZ7J/gvTnyx43btvpS2e30+DjOxTHqaaOu\n2nnF4EIb4AImCVSJ98CmGuZYH3f4quX7rNC7hLAoxUfHXgFv+7NeRvO7Ml3ZifYn\n1Ll5uX2W5SZnbJH1xyGhuKp4KYLn1eDvUWhf1PKJa5CdNTS7md1JB1OGWVJG0PrX\nHn1xnC87688nJSCv5sLq3o8CqJ7tW9PIX3WgRVR13mcWJKfGShrCsbHLJ1dvmRMI\nOmnZDntACkJ0GnhS4L2TSqqpqY+4BRe9OeNFYKamsWtbvCeDUNUj2u07gnlGx+l1\n/SxhHTW+4Xi4AqTFLxiFZQJFxng=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIRAOm7x3MADwyJjpEDpX3pcdQwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjcwNTEzNDBaFw0zMTA3MjUwNTEzNDBaMFoxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJNRDEQMA4GA1UEBxMHQmVsY2FtcDEQMA4GA1UEChMHR2VtYWx0bzEaMBgG\nA1UEAxMRS2V5U2VjdXJlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDrSxppqYiAEL23AG6hHZRfoLDrFGlihNAVV1vMrxLva2qp0msSGtoz\nwNbXHgqGUMxkUKfe0gzd+seoWdzG0g2igXv9inss8sUp35t5Z+5FPab974SOancy\nPWjBlv/p3hm0YJnSp29sQSfzUYcSneegqcS6Kv03dDuPl9rSqoOseUAgVS2yVMwg\nmTKcoe3jG6Yck0LeAb0dUnZuU1HVB4wy00K0PQ7/fb/jocW7Y6Va2UhuQYW+QE2k\nyG2Azf+CXSXhK9i+Cq0nDXwBbcHOwtWL+8Tp9T6KzdnRXCfHSehKEM2y8wyOiOBL\nm60lKzDyHj1GhTqwOe0jUJYarJO35QvYPJW9eKUan33EmF2SUWk5HEciuUnQQrCd\n/KuxB49cW2otEv3q4/G0Z+NNokC0awDWI7jAsczmtATKnLcNCzynKNSvQymULpES\nQcBOof6d/231i78NPl0VmIYCL2SAwhi2DUCoVRWGuoqiAmhVPbkmoEK9D0YFCWhC\nL1bKB5JDVsS7bNLA5g1fam9BASIhltaPgCMknFQzgkFPyGWpCy2+j+v/b+85uLC4\n/4lr2fue7SRlMYfwPBlh7RKpJ93JQNTSP9F1rY4E2FSk/pzj1VNQMRZT+UlXlQRZ\nUayQago1s2BViqSI0NZZpFtfPb0oZM4lsGJnqTc36q8loGp7l8QsxwIDAQABo2Iw\nYDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUNsL1\no1s8N3SyyoQbw8Nqn6WzcNMwHgYDVR0RBBcwFYETc3VwcG9ydEBnZW1hbHRvLmNv\nbTANBgkqhkiG9w0BAQsFAAOCAgEAQWO9bwW2IHWkdSEBUZHEWL8zrOmB9qAa8sUS\nK5Squ73aQYpYBFE0DuVcRavaoGH33ED32Ke/rF1PU19QH8SJJsMU7+jiMBtOIArC\nIpk6Dt7Qs8iqMcLVur+cTHalUBSGNhexS/R4iHd9fCkVSeo4iXDQ7TpiXyiaCcEs\nBKlJo3eiW5XmoUidc3Tt9dzQsZJGLVh7kT/H/jmc6wlJfjDjerc/PArJgI2s6zJC\njwl6WCV6JmNvpydriAHK/l2MKpqCvJ9hRCh6K0c0wKW312FElUcOFEzAm2p1D4yg\nyK4FIFHQnJ18W2/pZuB4wMkkQ9rzWN2jF4lPH9rmz4E+Uvo57qzfk4ni80nYTeU6\n7srFvE5d2oI/FiECOm0v3utvsBuyf+/f4FQmtXfxHTxInOsEjDNw2SUpd5GZ2mw3\nBsfMKgBCaqbCdR0Jf/5Hy1aS9n8MvXwcQu0qfccpJwpGR4QkF1g1fwzr5kTRVSsF\nNuBBBF0XYsFiOPFkOLiyzUnwohsP5zAKfPiGkB80gHB7LJbLs8JFtE1Sy572iF2i\nKYf4FwUzL++51sYVpJEX/Z6KJ6PXMrzd1ebxS5G5W4/a+so+NtSVRrbAo7GHsUht\nw05YTYmnFMDc+uiNPVr2TaQNLOZyemr8Z4ZiXpwkdWpSaqseAeNBl5v38lcqcEj2\nXJQwSGc=\n-----END CERTIFICATE-----\n","key":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIH+7jDVp34i+PJxFkc+rldTE47SfozlvWFHSSRNHIaqUoAoGCCqGSM49\nAwEHoUQDQgAEYhwMN7DUXv22EezBsKbw47MPjg1w6dFFESBIGmpz4tqiNVsD1rNM\n+ID8Z7Jg0xvlaDh1O0n5wmMSTf9qqDecbQ==\n-----END EC PRIVATE KEY-----\n","client_certificate":"-----BEGIN CERTIFICATE-----\nMIID5TCCAc2gAwIBAgIRAKpwpbwOSpTmsgYxCssZnpMwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMRAwDgYDVQQHEwdCZWxjYW1wMRAw\nDgYDVQQKEwdHZW1hbHRvMRowGAYDVQQDExFLZXlTZWN1cmUgUm9vdCBDQTAeFw0y\nMTA3MjgxNjExMDVaFw0yMzA3MjgxNjExMDVaMA8xDTALBgNVBAMTBGZzZGYwWTAT\nBgcqhkjOPQIBBggqhkjOPQMBBwNCAARiHAw3sNRe/bYR7MGwpvDjsw+ODXDp0UUR\nIEgaanPi2qI1WwPWs0z4gPxnsmDTG+VoOHU7SfnCYxJN/2qoN5xto4G7MIG4MA4G\nA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA\nMB8GA1UdIwQYMBaAFDbC9aNbPDd0ssqEG8PDap+ls3DTMAsGA1UdEQQEMAKBADBV\nBgNVHR8ETjBMMEqgSKBGhkRodHRwOi8va2V5c2VjdXJlLmxvY2FsL2NybHMvYzRj\nMmY1YjYtY2Y3MC00ZTRkLWE4MmMtOTAwODNjNWZkNDQ4LmNybDANBgkqhkiG9w0B\nAQsFAAOCAgEAD2201mw1EdlvHBG1qjlJwyLH/Eaa6aYu/j7ePFlUTrgttYRDXwRH\nZO9zJ1fw4S9PXXGZkhZDootoMJam19sSHoxR4lWV2iA0qa4RgRkM+rqlfTuHhOjP\nKJzhpKYifkhqT4bzoLWyLPZlbB3DIA8zdiIV22oOE07pGjIcg+/uIaNJYwnPeUN7\nAtsUgrZs33kBUoZkUa6+kVe92OZIxo92Pw6S4fYlys4ertDkVYaR97pOmlO5TF2t\nEgFIcjbbZxaIHeKgJ4hMofYaiklF40GsgJVKu4AKc9pf56/YUSqohfJV1eVRXkWK\nQlJdV+G5mZUZG8kYnpp9FpYB0we5T9HoIPqFmnfPNgkRasnt1whvYd/juxRY8vMe\n6jUD5fkhEQVo20+KBZG8gKv9nsCnrpqU9QjbuleecaNc+ptqQn8zNNLFeikt1P7D\nAmGTru+fQpUCL7WUMja9h+ecAFRyL1+kETctntEdIE25vhNUCWrdlPtQICeIYmed\noDd3kEwt1FQTnkYSQ4W2L2bS1LEP9d2cUeN4WmiF7r8V+jJhcuigQtQl/77tPNXi\nLRljqbWcwYkRS77BVbnaSs1wPjIC9SHzoAtpfpgFeXHffzJjLCfA3psqvVMh5ReR\nkfSglSpPU5khAdcP63jU0czOe6fRAPsV0z73COcXd7RlBoZo4df1oHU=\n-----END CERTIFICATE-----\n","client_profile_id":"cdbf487a-7815-4f17-982c-cd7736e1a2dc","updated_at":"2021-07-29T16:11:05.667267Z","created_at":"2021-07-29T16:11:05.667267Z","valid_until":"2023-07-28 16:11:05 +0000 UTC","last_connected_at":"2023-07-28 16:11:05 +0000 UTC"}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a client from the CipherTrust Manager with a given id.\n\n_Caution: Deleting a client removes its link with all the associated rules. This is an irreversible event, practice caution._\n","tags":["Data Protection/Clients","Danger"],"responses":{"204":{"description":"No Content | Successful deletion of client.","schema":{"type":"string"}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/user-sets":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of user sets. The results can be filtered using the query parameters.","tags":["Data Protection/User Sets"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filters result by user list name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"User set name."},"description":{"type":"string","description":"Description of the User Set"},"users":{"type":"array","items":{"type":"string"},"description":"List of users"}}}]}}}}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}},"post":{"summary":"Create","description":"Creates a user set.","tags":["Data Protection/User Sets"],"parameters":[{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","required":["name"],"title":"Create","properties":{"name":{"type":"string","description":"Unique name for the user set."},"users":{"type":"array","items":{"type":"string"},"description":"List of users to be added in user set.\n"},"description":{"type":"string","description":"The description of user-set."}},"example":{"name":"user_set","description":"user set description","users":["user1","user2"]}}}],"responses":{"201":{"description":"User set created successfully.","examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"user_set","description":"user set description","users":["user1","user2"],"version":1}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/user-sets/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a user set with a given id.\n","tags":["Data Protection/User Sets"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"User set name."},"description":{"type":"string","description":"Description of the User Set"},"users":{"type":"array","items":{"type":"string"},"description":"List of users"}}}]},"examples":{"id\"":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"user_set","description":"user set description","users":["user1","user2"],"version":1}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the user set.\n","tags":["Data Protection/User Sets"],"parameters":[{"name":"body","in":"body","description":"The user set to be updated.\n","schema":{"type":"object","properties":{"name":{"type":"string","description":"Name to be updated.\n"},"users":{"type":"array","items":{"type":"string"},"description":"Users to be updated.\n"},"description":{"type":"string","description":"The description of user-set to be updated."}},"example":{"name":"user_set","description":"user set description","users":["user1","user2"]}}}],"responses":{"200":{"description":"User set updated successfully.","schema":{"type":"object"},"examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"user_set","description":"user set description","users":["user1","user2"],"version":2}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"delete":{"summary":"Delete","description":"Deletes a user set with a given id.\n","tags":["Data Protection/User Sets"],"responses":{"204":{"description":"No Content | User set deleted successfully."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/user-sets/{id}/users":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List","description":"Returns a list of users in a given user set. The results can be filtered using the query parameters.","tags":["Data Protection/User Sets"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filters result by user name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"string"}}}}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}},"post":{"summary":"Add Users","description":"Add users in the user set.\n","tags":["Data Protection/User Sets"],"parameters":[{"name":"body","in":"body","description":"The user set to be added.\n","schema":{"type":"object","properties":{"users":{"type":"array","items":{"type":"string"},"description":"Users to be added.\n"}},"example":{"users":["user1","user2"]}}}],"responses":{"201":{"description":"Users added successfully.","schema":{"type":"object"},"examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"user_set","description":"user set description","users":["user1","user2"],"version":2}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Name already exists.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"delete":{"summary":"Remove Users","description":"Remove users from the user set.\n","tags":["Data Protection/User Sets"],"parameters":[{"name":"body","in":"body","description":"User set to be removed.\n","schema":{"type":"object","properties":{"users":{"type":"array","items":{"type":"string"},"description":"Users to be removed.\n"}},"example":{"users":["user1","user2"]}}}],"responses":{"204":{"description":"Users removed successfully."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/user-sets/{id}/users/{user}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"user","in":"path","description":"The name of the user.","type":"string","required":true}],"patch":{"summary":"Modify Username","description":"modify a user in the user set.\n","tags":["Data Protection/User Sets"],"parameters":[{"name":"body","in":"body","description":"The user set to be added.\n","schema":{"type":"object","properties":{"user":{"type":"string","description":"new username to be modified.\n"}},"example":{"user":"user1"}}}],"responses":{"201":{"description":"username modified successfully.","schema":{"type":"object"},"examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"user_set","description":"user set description","users":["user1","user2"],"version":2}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Name already exists.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/masking-formats":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of masking formats. The results can be filtered using the query parameters.","tags":["Data Protection/Masking Formats"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filters result by masking format name."},{"name":"mask_char","in":"query","required":false,"type":"string","description":"Filters result by masking character."},{"name":"show","in":"query","required":false,"type":"boolean","description":"Filters result by flag to show/hide the starting/ending characters while revealing the data."},{"name":"predefined","in":"query","required":false,"type":"boolean","description":"Filters result by predefined masking format."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Masking format name."},"starting_characters":{"type":"integer","description":"Number of starting characters."},"ending_characters":{"type":"integer","description":"Number of ending characters."},"mask_char":{"type":"string","description":"Masking character"},"show":{"type":"boolean","description":"Flag to show/hide the starting/ending characters while revealing the data."},"predefined":{"type":"boolean","description":"Whether it is a predefined masking format."}}}]}}}}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}},"post":{"summary":"Create","description":"Creates a masking format.","tags":["Data Protection/Masking Formats"],"parameters":[{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","required":["name"],"title":"Create","properties":{"name":{"type":"string","description":"Unique name for the masking format."},"starting_characters":{"type":"integer","description":"Number of starting characters to be masked.\n"},"ending_characters":{"type":"integer","description":"Number of ending characters to be masked.\n"},"mask_char":{"type":"string","description":"Character used for masking.\n"},"show":{"type":"boolean","description":"Flag to show/hide the starting/ending characters while revealing the data.\n"}},"example":{"name":"masking_format","starting_characters":2,"ending_characters":2,"show":true,"mask_char":"X"}}}],"responses":{"201":{"description":"Masking format created successfully.","examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"masking_format","starting_characters":2,"ending_characters":2,"show":true,"mask_char":"X","predefined":false}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Name already exist."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/masking-formats/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a masking format with a given id.\n","tags":["Data Protection/Masking Formats"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Masking format name."},"starting_characters":{"type":"integer","description":"Number of starting characters."},"ending_characters":{"type":"integer","description":"Number of ending characters."},"mask_char":{"type":"string","description":"Masking character"},"show":{"type":"boolean","description":"Flag to show/hide the starting/ending characters while revealing the data."},"predefined":{"type":"boolean","description":"Whether it is a predefined masking format."}}}]},"examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"masking_format","starting_characters":2,"ending_characters":2,"show":true,"mask_char":"X","predefined":false}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the masking format.\n","tags":["Data Protection/Masking Formats"],"parameters":[{"name":"body","in":"body","description":"The masking format to be updated.\n","schema":{"type":"object","properties":{"name":{"type":"string","description":"Unique name for the masking character."},"starting_characters":{"type":"integer","description":"Number of starting characters to be masked.\n"},"ending_characters":{"type":"integer","description":"Number of ending characters to be masked.\n"},"mask_char":{"type":"string","description":"Character used for masking.\n"},"show":{"type":"boolean","description":"Flag to show/hide the starting/ending characters while revealing the data.\n"}},"example":{"name":"masking_format","starting_characters":2,"ending_characters":2,"show":true,"mask_char":"X"}}}],"responses":{"200":{"description":"Masking format updated successfully.","schema":{"type":"object"},"examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"masking_format","starting_characters":2,"ending_characters":2,"show":true,"mask_char":"X","predefined":false}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"delete":{"summary":"Delete","description":"Deletes a masking format with a given id.\n","tags":["Data Protection/Masking Formats"],"responses":{"204":{"description":"Masking format deleted successfully."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/access-policies":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of access policies. The results can be filtered using the query parameters.","tags":["Data Protection/Access Policies"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filters result by access policies name."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"name":{"type":"string","description":"Access Policy name."},"default_reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"default_error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'."},"default_masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."},"description":{"type":"string","description":"Description of the Access Policy"},"user_set_policy":{"type":"array","description":"List of policies to be added to the access policy.","items":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}}}}}}}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}},"post":{"summary":"Create","description":"Creates access policy.","tags":["Data Protection/Access Policies"],"parameters":[{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"example":{"name":"access_policy","description":"access policy description","default_reveal_type":"Error Replacement Value","default_error_replacement_value":"143001","user_set_policy":[{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},{"user_set_id":"36af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Ciphertext"}]},"type":"object","properties":{"name":{"type":"string","description":"Access Policy name."},"default_reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"default_error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'."},"default_masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."},"description":{"type":"string","description":"Description of the Access Policy"},"user_set_policy":{"type":"array","description":"List of policies to be added to the access policy.","items":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}}}}}],"responses":{"201":{"description":"Access policy created successfully.","examples":{"id":"43af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"access_policy","description":"access policy description","default_reveal_type":"Error Replacement Value","version":"1","default_error_replacement_value":"143001","user_set_policy":[{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},{"user_set_id":"36af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Ciphertext"}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/access-policies/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of the access policy with a given id.\n","parameters":[{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"tags":["Data Protection/Access Policies"],"responses":{"200":{"description":"OK","schema":{"type":"object","properties":{"name":{"type":"string","description":"Access Policy name."},"default_reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"default_error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'."},"default_masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."},"description":{"type":"string","description":"Description of the Access Policy"},"user_set_policy":{"type":"array","description":"List of policies to be added to the access policy.","items":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}}}},"examples":{"id":"43af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"access_policy","description":"access policy description","default_reveal_type":"Error Replacement Value","version":"1","default_error_replacement_value":"143001","user_set_policy":[{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},{"user_set_id":"36af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Ciphertext"}]}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the access policy.\n","tags":["Data Protection/Access Policies"],"parameters":[{"name":"body","in":"body","description":"Access policy to be updated.\n","schema":{"example":{"name":"access_policy","description":"access policy description","default_reveal_type":"Error Replacement Value","default_error_replacement_value":"143001","user_set_policy":[{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},{"user_set_id":"36af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Ciphertext"}]},"type":"object","properties":{"name":{"type":"string","description":"Access Policy name."},"default_reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"default_error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'."},"default_masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."},"description":{"type":"string","description":"Description of the Access Policy"},"user_set_policy":{"type":"array","description":"List of policies to be added to the access policy.","items":{"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}}}}}],"responses":{"200":{"description":"Access policy updated successfully.","schema":{"type":"object"},"examples":{"id":"43af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"access_policy","description":"access policy description","default_reveal_type":"Error Replacement Value","version":"1","default_error_replacement_value":"143001","policy":[{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},{"user_set_id":"36af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Ciphertext"}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"delete":{"summary":"Delete","description":"Deletes the access policy with a given id.\n","tags":["Data Protection/Access Policies"],"responses":{"204":{"description":"Access policy deleted successfully."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/access-policies/{id}/error-replacement-value-null":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"patch":{"summary":"Update","description":"Updates the access policy.\n","tags":["Data Protection/Access Policies"],"parameters":[{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"responses":{"201":{"description":"Access policy updated successfully.","schema":{"type":"object"},"examples":{"id":"43af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"access_policy","description":"access policy description","default_reveal_type":"Error Replacement Value","version":"1","default_error_replacement_value":null,"policy":[{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},{"user_set_id":"36af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Ciphertext"}]}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/access-policies/{id}/user-set":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Add User-Set","description":"Add user sets to the access policy.\n","tags":["Data Protection/Access Policies"],"parameters":[{"name":"body","in":"body","description":"The user set to be added in the access policy.\n","schema":{"example":{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},"type":"object","properties":{"user_set_id":{"type":"string","description":"User set to which the policy is applied."},"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}}],"responses":{"201":{"description":"User set added successfully.","schema":{"type":"object"},"examples":{"id":"43af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"access_policy","description":"access policy description","default_reveal_type":"Error Replacement Value","version":"1","default_error_replacement_value":"143001","user_set_policy":[{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},{"user_set_id":"36af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Ciphertext"}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/access-policies/{id}/user-set/{userSetID}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"userSetID","in":"path","description":"The id of the user set.","type":"string","required":true}],"patch":{"summary":"Update user set","description":"Update policy for a user set in the access policy.\n","tags":["Data Protection/Access Policies"],"parameters":[{"name":"body","in":"body","description":"The user set to be added.\n","schema":{"example":{"reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},"type":"object","properties":{"reveal_type":{"type":"string","description":"Value using which data should be revealed.\n\nPossible Values:\n- Error Replacement Value\n- Masked Value\n- Ciphertext\n- Plaintext\n"},"error_replacement_value":{"type":"string","description":"Value to be revealed if the type is 'Error Replacement Value'.\n"},"masking_format_id":{"type":"string","description":"Masking format used to reveal if the type is 'Masked Value'."}}}}],"responses":{"201":{"description":"User set updated successfully.","schema":{"type":"object"},"examples":{"id":"43af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"access_policy","description":"access policy description","default_reveal_type":"Error Replacement Value","version":"1","default_error_replacement_value":"143001","user_set_policy":[{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Masked Value","masking_format_id":"35af4ce0-2fac-46ec-9203-a74b0d73ca1d"},{"user_set_id":"36af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Ciphertext"}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"delete":{"summary":"Remove user set","description":"Remove users from the user set.\n","tags":["Data Protection/Access Policies"],"responses":{"204":{"description":"User set removed successfully."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/access-policies/{id}/user-set/{userSetID}/error-replacement-value-null":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"userSetID","in":"path","description":"The id of the user set.","type":"string","required":true}],"patch":{"summary":"Update","description":"Updates the access policy.\n","tags":["Data Protection/Access Policies"],"parameters":[{"name":"id_type","in":"query","description":"The identifier type used in the URL. This can be either id, name, uri.","type":"string"}],"responses":{"201":{"description":"Access policy updated successfully.","schema":{"type":"object"},"examples":{"id":"43af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"access_policy","description":"access policy description","default_reveal_type":"Error Replacement Value","version":"1","default_error_replacement_value":null,"policy":[{"user_set_id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Error Replacement Value","error_replacement_value":null},{"user_set_id":"36af4ce0-2fac-46ec-9203-a74b0d73ca1d","reveal_type":"Ciphertext"}]}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/data-protection/protection-formats":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns the list of protection formats. The results can be filtered using the query parameters.","tags":["Data Protection/Protection Formats","Private"],"parameters":[{"name":"name","in":"query","required":false,"type":"string","description":"Filters result by protection format name."},{"name":"predefined","in":"query","required":false,"type":"boolean","description":"Filters result by predefined protection format."},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total","resources"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"resources":{"description":"The array of the resources.","type":"array","items":{"type":"object"}}}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection format name."},"starting_characters":{"type":"integer","description":"Number of starting characters."},"ending_characters":{"type":"integer","description":"Number of ending characters."},"predefined":{"type":"boolean","description":"Whether it is a predefined protection format."}}}]}}}}]}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."}}},"post":{"summary":"Create","description":"Creates a masking format.","tags":["Data Protection/Protection Formats","Private"],"parameters":[{"name":"body","in":"body","description":"The body of the request should contain the username and password\nof the user acquiring the token and optionally grant type or the refresh token\nwith grant type.\n","schema":{"type":"object","required":["name"],"title":"Create","properties":{"name":{"type":"string","description":"Unique name for the protection format."},"starting_characters":{"type":"integer","description":"Number of starting characters to be preserved.\n"},"ending_characters":{"type":"integer","description":"Number of ending characters to be preserved.\n"}},"example":{"name":"protection_format","starting_characters":2,"ending_characters":2}}}],"responses":{"201":{"description":"Protection format created successfully.","examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"masking_format","starting_characters":2,"ending_characters":2,"predefined":false}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Name already exist."},"422":{"description":"Validation error.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}}},"/v1/data-protection/protection-formats/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Get","description":"Returns the details of a masking format with a given id.\n","tags":["Data Protection/Protection Formats","Private"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"labels":{"type":"object"},"createdAt":{"type":"string","format":"date-time","description":"Date/time when the resource was created."}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"name":{"type":"string","description":"Protection format name."},"starting_characters":{"type":"integer","description":"Number of starting characters."},"ending_characters":{"type":"integer","description":"Number of ending characters."},"predefined":{"type":"boolean","description":"Whether it is a predefined protection format."}}}]},"examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"masking_format","starting_characters":2,"ending_characters":2,"predefined":false}},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates the protection format.\n","tags":["Data Protection/Protection Formats","Private"],"parameters":[{"name":"body","in":"body","description":"The protection format to be updated.\n","schema":{"type":"object","properties":{"name":{"type":"string","description":"Unique name for the protection character."},"starting_characters":{"type":"integer","description":"Number of starting characters to be preserved.\n"},"ending_characters":{"type":"integer","description":"Number of ending characters to be preserved.\n"}},"example":{"name":"masking_format","starting_characters":2,"ending_characters":2}}}],"responses":{"200":{"description":"Protection format updated successfully.","schema":{"type":"object"},"examples":{"id":"34af4ce0-2fac-46ec-9203-a74b0d73ca1d","uri":"kylo:kylo:cadp-central-configuration:userSet:34af4ce0-2fac-46ec-9203-a74b0d73ca1d","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-08-26T03:46:59.627961422Z","updatedAt":"2021-08-26T03:46:59.627961422Z","name":"masking_format","starting_characters":2,"ending_characters":2,"predefined":false}},"400":{"description":"Bad Request."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."},"409":{"description":"Could not create as name already exist.","schema":{"description":"The body of an error response","type":"object","allOf":[{"description":"The body of an error response","type":"object","properties":{"message":{"type":"string"},"statusCode":{"type":"integer"}}},{"additionalProperties":{"type":"array","items":{"type":"string","description":"a validation error message about this property"}}}]}}}},"delete":{"summary":"Delete","description":"Deletes a protection format with a given id.\n","tags":["Data Protection/Protection Formats","Private"],"responses":{"204":{"description":"Protection format deleted successfully."},"401":{"description":"Login failed."},"403":{"description":"Insufficient permissions."},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Returns a list of all connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"service","in":"query","type":"string","description":"Filter the result based on the external services associated with the connections. (e.g. aws, azure, gcp, hadoop-knox, luna network).","enum":["aws","azure","gcp","luna network","hadoop-knox"]},{"name":"category","in":"query","type":"string","description":"Filter the result based on category.","enum":["cloud","hsm"]},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"14c3e04b-c5f2-4436-a62a-2dea3c1086cb","uri":"kylo:kylo:connectionmgmt:connections:14c3e04b-c5f2-4436-a62a-2dea3c1086cb","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-06-05T09:32:00.506116599Z","name":"aws-connection","updatedAt":"2020-06-05T09:32:00.506116599Z","service":"aws","category":"cloud","url":"/v1/connectionmgmt/services/aws/connections:14c3e04b-c5f2-4436-a62a-2dea3c1086cb","last_connection_ok":"true","last_connection_at":"2020-06-25T15:13:35.158082Z"},{"id":"18003005-3d59-452a-a179-dbb4ec3b603b","uri":"kylo:kylo:connectionmgmt:connections:18003005-3d59-452a-a179-dbb4ec3b603b","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-06-05T09:32:00.506116599Z","name":"aws-connection-2","updatedAt":"2020-06-05T09:32:00.506116599Z","service":"aws","category":"cloud","url":"/v1/connectionmgmt/services/aws/connections:18003005-3d59-452a-a179-dbb4ec3b603b","last_connection_ok":"false","last_connection_error":"IncompleteSignature: 'ID/20200625/us-east-1/sts/aws4_request' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 Credential=Sample ID/20200625/us-east-1/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=e663c313b0a211f9e5a09a29c09acc1217e0bdc812f881de7241d6c201821bf9'.\n\tstatus code: 400, request id: 6ee67b15-8d3c-43cf-a308-75e7e431a3cb","last_connection_at":"2020-06-25T15:13:35.158082Z"}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."},"409":{"description":"Conflict with the current state of the resource"}}}},"/v1/connectionmgmt/connections/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Force delete an existing connection.","description":"Deletes a connection with the given name, ID, or URI. \nThe `force` flag is used to delete the in-use connections.\n","tags":["Connection Manager"],"parameters":[{"in":"body","name":"connection","schema":{"title":"Delete Connection Parameters","example":{"force":true},"description":"Parameters required for deleting an in-use connection.","type":"object","properties":{"force":{"type":"boolean","description":"If set to true, the in-use connection will be deleted forcefully."}}}}],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."},"409":{"description":"Conflict with the current state of the resource"}}}},"/v1/connectionmgmt/services/aws/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create a new AWS connection.","description":"Create a new AWS connection.","tags":["Connection Manager/AWS Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["access_key_id","secret_access_key"],"allOf":[{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}},{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}}]}],"example":{"application/json":{"name":"aws-connection","products":["cckm"],"meta":{"color":"blue"},"access_key_id":"Sample ID","secret_access_key":"Sample Secret","cloud_name":"aws"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of AWS connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/AWS Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the result based on cloud name."},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"14c3e04b-c5f2-4436-a62a-2dea3c1086cb","uri":"kylo:kylo:cckm:connection:azure-connection","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-06-05T09:32:00.506116599Z","name":"aws-connection","updatedAt":"2020-06-05T09:32:00.506116599Z","service":"aws","category":"cloud","url":"/v1/connectionmgmt/services/aws/connections:14c3e04b-c5f2-4436-a62a-2dea3c1086cb","cloud_name":"aws-gov","access_key_id":"aws-access-key-id"}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/aws/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager/AWS Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager/AWS Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID or URI.\nThe type query parameter can be used to specify the type of ID.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/AWS Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}},{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}}]},{"type":"object","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"secret_access_key":{"type":"string","description":"Secret associated with the access key of the AWS user."}}}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"red"},"access_key_id":"Sample ID","secret_access_key":"Sample Secret"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/aws/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests that an existing connection with the given name, ID, or URI reaches the AWS cloud.\nThe type query parameter can be used to specify the type of ID.\nThe connection parameters in request can be used to reach the AWS account.\nThis does not create a persistent connection.\n","tags":["Connection Manager/AWS Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}},{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}}],"example":{"application/json":{"access_key_id":"ALKDFLIOJKLJQ","secret_access_key":"akldfakldsfjOI;kljasdffo;i"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/aws/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests that the connection parameters can be used to reach the AWS account.\nThis does not create a persistent connection.\n","tags":["Connection Manager/AWS Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"required":["access_key_id","secret_access_key"],"allOf":[{"type":"object","description":"Non-sensitive parameters specific to an AWS connection.","properties":{"access_key_id":{"type":"string","description":"Key ID of the AWS user."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["aws (default)","aws-us-gov","aws-cn"]},"assume_role_arn":{"type":"string","description":"AWS IAM role ARN"},"assume_role_external_id":{"type":"string","description":"AWS role external ID"}}},{"type":"object","description":"Sensitive parameters specific to an AWS connection.","properties":{"secret_access_key":{"type":"string","description":"Secret associated with the access key ID of the AWS user."}}},{"type":"object","description":"information regarding AWS STS Endpoints","properties":{"aws_sts_regional_endpoints":{"type":"string","description":"By default, AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests\ngo to a single endpoint at https://sts.amazonaws.com. Global requests map to the US East (N. Virginia) Region.\nAWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency,\nbuild in redundancy, and increase session token validity.\nvalid values are:\n- legacy (default): Uses the global AWS STS endpoint, sts.amazonaws.com\n- regional: The SDK or tool always uses the AWS STS endpoint for the currently configured Region.\n\nTo know more about AWS STS please go through the following link \nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\n"},"aws_region":{"type":"string","description":"AWS region. only used when aws_sts_regional_endpoints is equal to regional otherwise, it takes default values\naccording to Cloud Name given. Default values are:\n- for aws, default region will be \"us-east-1\"\n- for aws-us-gov, default region will be \"us-gov-east-1\"\n- for aws-cn, default region will be \"cn-north-1\" \n"}}}],"example":{"application/json":{"access_key_id":"ALKDFLIOJKLJQ","secret_access_key":"akldfakldsfjOI;kljasdffo;i","aws_sts_regional_endpoints":"regional","aws_region":"ap-northeast-1"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/azure/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create a new Azure connection.","description":"Create a new Azure connection. The connection can be created with Client Secret or Certificate authentication. Currently Azure Stack connection supports only Client Secret.","tags":["Connection Manager/Azure Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["client_id","tenant_id"],"allOf":[{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]}],"example":{"application/json":{"name":"azure-connection","products":["cckm"],"meta":{"color":"blue"},"client_secret":"3bf0dbe6-a2c7-431d-9a6f-4843b74c71285nfjdu2","cloud_name":"AzureCloud","client_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12","tenant_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c71285nfjdu2"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of Azure connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Azure Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the result based on cloud name."},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"external_certificate_used","in":"query","type":"string","description":"Filter the result based on if external certificate is used for connection.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"14c3e04b-c5f2-4436-a62a-2dea3c1086cb","uri":"kylo:kylo:cckm:connection:azure-connection","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-06-05T09:32:00.506116599Z","name":"aws-connection","updatedAt":"2020-06-05T09:32:00.506116599Z","service":"aws","category":"cloud","url":"/v1/connectionmgmt/services/azure/connections:14c3e04b-c5f2-4436-a62a-2dea3c1086cb","cloud_name":"AzureCloud","client_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12","tenant_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c71285nfjdu2"}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/azure/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager/Azure Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager/Azure Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/Azure Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"client_secret":"3bf0dbe6-a2c7-431d-9a6f-4843b74c71285nfjdu2"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Secret for Azure Cloud connection. In order to use the Certificate, set it to true. Once the connection is created, in the response user will get a certificate.\nBy default, the certificate is valid for 2 Years. User can update the certificate in the existing connection by setting it to true in Update (PATCH) API call.\n"},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret.User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours. \n"},"cert_duration":{"type":"integer","description":"Duration in days for which the azure certificate is valid, default (730 i.e. 2 Years)."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."},"vault_resource_url":{"type":"string","description":"Azure stack vault service resource URL"},"key_vault_dns_suffix":{"type":"string","description":"Azure stack key vault dns suffix"},"resource_manager_url":{"type":"string","description":"Azure stack resource manager URL."}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/azure/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests an existing connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\nThe connection parameters in request can be used to reach the Azure account.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Azure Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}}],"example":{"application/json":{"client_secret":"3bf0dbe6-a2c7-431d-9a6f-4843b74c71285nfjdu2","cloud_name":"AzureCloud","client_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12","tenant_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c71285nfjdu2"}}}}],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/azure/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests that the connection parameters can be used to reach the Azure account.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Azure Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"required":["client_id","client_secret","tenant_id"],"allOf":[{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID) for the Azure application."},"tenant_id":{"type":"string","description":"Tenant ID of the Azure application."},"cloud_name":{"type":"string","description":"Name of the cloud.\n","enum":["AzureCloud","AzureChinaCloud","AzureUSGovernment","AzureStack"]},"certificate":{"type":"string","description":"User has the option to upload external certificate for Azure Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 2048 or 4096.\t\n"},"active_directory_endpoint":{"type":"string","description":"Azure stack active directory authority URL"},"management_url":{"type":"string","description":"Azure stack management URL"},"azure_stack_server_cert":{"type":"string","description":"Azure stack server certificate"},"azure_stack_connection_type":{"type":"string","description":"Azure stack connection type","enum":["AAD","ADFS"]}}},{"type":"object","description":"Sensitive parameters specific to an Azure connection.","properties":{"client_secret":{"type":"string","description":"Secret key for the Azure application. Required in Azure Stack connection.\n"}}}],"example":{"application/json":{"client_secret":"3bf0dbe6-a2c7-431d-9a6f-4843b74c71285nfjdu2","cloud_name":"AzureCloud","client_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12","tenant_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c71285nfjdu2"}}}}],"responses":{"200":{"description":"OK"},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/gcp/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create a new GCP connection.","description":"Create a new GCP connection.","tags":["Connection Manager/Google Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["key_file"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}},{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}}]}],"example":{"application/json":{"name":"gcp-connection","products":["cckm"],"meta":{"color":"blue"},"cloud_name":"gcp","key_file":"{\"type\":\"service_account\",\"private_key_id\":\"y437c51g956b8ab4908yb41541262a2fa3b0f84f\",\"private_key\":\"-----BEGIN RSA PRIVATE KEY-----\\nMIICXAIBAAKBgQDnC1YYTtcpsbj6cV9M/1rOhEYWG9iNdnsMCK0AjMRtb79toU2v\\nyW0JfJR/sR2vqFMD1wJFgpayqo5GDPa8Us23I/vvyWCkatouGYO27r84y5G2h74a\\nZnnEaK7uLQ2OdGNHWcZv8gZhy7X5e6RJfKVVlYrgYtfEKv55E9dQSZrohQIDAQAB\\nAoGAbzre7P7vyQvdkPyJs+jvj6LQlw462AflPyriFvSuED2PPDk+zFU9oCaQ21Sq\\nhQmVRbD6T/qJkGRZ8FGHa6y1if6UVbUymr+0a1hIM7BbPwsG2hLXznYjXWZ8WFDb\\nQyRWTZh4Zj0Br2DtoRjQOG8CHhC7LuFx434acu12VXxN8vUCQQDtS8GRzktOWRBL\\n2l7MWCja3lkqyYR2Ns+tw79eEAYVrGsFZLu6gAMdmn53M+eO5h++Ypr7G+bazvwC\\nD1XtiN+7AkEA+UFuq04YR3lTpCN1OeJ0VKXatVMFMjAejulHF3d3tRc4pIfAjgTk\\n4M+K9y++4QtVdhsGO9sk1jwfHrRTn340vwJBAIJ25DYF9eFdllgd94Dh95ReKygb\\nI3jbKdOfi9drd+zynuSYPZ6MQypDhsSDBQzL+SfzjsIA1Sv4IRYA2H2Ag4ECQAYw\\nHKo+DxY/KddqVe+w8ohjcbGMtRVQ4oFTw0MO4Tbqs6pKAHrGHlSCcoW+drOpj16W\\nPypfP2PeLDub6HOOM4sCQGWUXaHqJzfy2nHRAkr9WJEGgEMCMlGtFuMPH/Jc7aUt\\nNXk9HfcpVO/spIVpyL7x480hq5DHn7KaGwi+Lk2W0A8=\\n-----END RSA PRIVATE KEY-----\\n\\n\",\"client_email\":\"test@some-project.iam.gserviceaccount.com\"}"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}},{"type":"object","description":"Parameters to uniquely identify private key and user email.","properties":{"client_email":{"type":"string","description":"Client email ID."},"private_key_id":{"type":"string","description":"Private key ID is a unique ID corresponding to a private key."}}}]}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of GCP connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Google Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the result based on cloud name."},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}},{"type":"object","description":"Parameters to uniquely identify private key and user email.","properties":{"client_email":{"type":"string","description":"Client email ID."},"private_key_id":{"type":"string","description":"Private key ID is a unique ID corresponding to a private key."}}}]}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"cloud_name":"gcp","client_email":"connmanagertest@project-name.iam.gserviceaccount.com","private_key_id":"ef8799fbd8c46ebdda93cb99f78c356535da2c52","name":"gcp-connection1","id":"15bb8d0f-c763-428b-a04e-60c032e9db78","uri":"kylo:kylo:connectionmgmt:connections:gcp-connection1-15bb8d0f-c763-428b-a04e-60c032e9db78","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-01-13T12:43:40.213432Z","updatedAt":"2021-01-13T12:43:40.213432Z","service":"gcp","category":"cloud","products":["cckm"],"meta":{"color":"blue"},"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z"}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/gcp/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager/Google Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}},{"type":"object","description":"Parameters to uniquely identify private key and user email.","properties":{"client_email":{"type":"string","description":"Client email ID."},"private_key_id":{"type":"string","description":"Private key ID is a unique ID corresponding to a private key."}}}]}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager/Google Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID or URI.\nThe type query parameter can be used to specify the type of ID.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/Google Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}},{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}}]}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"cloud_name":"gcp","key_file":"{\"type\":\"service_account\",\"private_key_id\":\"y437c51g956b8ab4908yb41541262a2fa3b0f84f\",\"private_key\":\"-----BEGIN RSA PRIVATE KEY-----\\nMIICXAIBAAKBgQDnC1YYTtcpsbj6cV9M/1rOhEYWG9iNdnsMCK0AjMRtb79toU2v\\nyW0JfJR/sR2vqFMD1wJFgpayqo5GDPa8Us23I/vvyWCkatouGYO27r84y5G2h74a\\nZnnEaK7uLQ2OdGNHWcZv8gZhy7X5e6RJfKVVlYrgYtfEKv55E9dQSZrohQIDAQAB\\nAoGAbzre7P7vyQvdkPyJs+jvj6LQlw462AflPyriFvSuED2PPDk+zFU9oCaQ21Sq\\nhQmVRbD6T/qJkGRZ8FGHa6y1if6UVbUymr+0a1hIM7BbPwsG2hLXznYjXWZ8WFDb\\nQyRWTZh4Zj0Br2DtoRjQOG8CHhC7LuFx434acu12VXxN8vUCQQDtS8GRzktOWRBL\\n2l7MWCja3lkqyYR2Ns+tw79eEAYVrGsFZLu6gAMdmn53M+eO5h++Ypr7G+bazvwC\\nD1XtiN+7AkEA+UFuq04YR3lTpCN1OeJ0VKXatVMFMjAejulHF3d3tRc4pIfAjgTk\\n4M+K9y++4QtVdhsGO9sk1jwfHrRTn340vwJBAIJ25DYF9eFdllgd94Dh95ReKygb\\nI3jbKdOfi9drd+zynuSYPZ6MQypDhsSDBQzL+SfzjsIA1Sv4IRYA2H2Ag4ECQAYw\\nHKo+DxY/KddqVe+w8ohjcbGMtRVQ4oFTw0MO4Tbqs6pKAHrGHlSCcoW+drOpj16W\\nPypfP2PeLDub6HOOM4sCQGWUXaHqJzfy2nHRAkr9WJEGgEMCMlGtFuMPH/Jc7aUt\\nNXk9HfcpVO/spIVpyL7x480hq5DHn7KaGwi+Lk2W0A8=\\n-----END RSA PRIVATE KEY-----\\n\\n\",\"client_email\":\"test@some-project.iam.gserviceaccount.com\"}"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an GCP connection.","properties":{"cloud_name":{"type":"string","description":"Name of the cloud. Default value is gcp.\n","enum":["gcp"]}}},{"type":"object","description":"Parameters to uniquely identify private key and user email.","properties":{"client_email":{"type":"string","description":"Client email ID."},"private_key_id":{"type":"string","description":"Private key ID is a unique ID corresponding to a private key."}}}]}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/gcp/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests that an existing connection with the given name, ID, or URI reaches the GCP cloud.\nThe connection parameters in request can be used to reach the GCP account.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Google Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}}],"example":{"application/json":{"key_file":"{\"type\":\"service_account\",\"private_key_id\":\"y437c51g956b8ab4908yb41541262a2fa3b0f84f\",\"private_key\":\"-----BEGIN RSA PRIVATE KEY-----\\nMIICXAIBAAKBgQDnC1YYTtcpsbj6cV9M/1rOhEYWG9iNdnsMCK0AjMRtb79toU2v\\nyW0JfJR/sR2vqFMD1wJFgpayqo5GDPa8Us23I/vvyWCkatouGYO27r84y5G2h74a\\nZnnEaK7uLQ2OdGNHWcZv8gZhy7X5e6RJfKVVlYrgYtfEKv55E9dQSZrohQIDAQAB\\nAoGAbzre7P7vyQvdkPyJs+jvj6LQlw462AflPyriFvSuED2PPDk+zFU9oCaQ21Sq\\nhQmVRbD6T/qJkGRZ8FGHa6y1if6UVbUymr+0a1hIM7BbPwsG2hLXznYjXWZ8WFDb\\nQyRWTZh4Zj0Br2DtoRjQOG8CHhC7LuFx434acu12VXxN8vUCQQDtS8GRzktOWRBL\\n2l7MWCja3lkqyYR2Ns+tw79eEAYVrGsFZLu6gAMdmn53M+eO5h++Ypr7G+bazvwC\\nD1XtiN+7AkEA+UFuq04YR3lTpCN1OeJ0VKXatVMFMjAejulHF3d3tRc4pIfAjgTk\\n4M+K9y++4QtVdhsGO9sk1jwfHrRTn340vwJBAIJ25DYF9eFdllgd94Dh95ReKygb\\nI3jbKdOfi9drd+zynuSYPZ6MQypDhsSDBQzL+SfzjsIA1Sv4IRYA2H2Ag4ECQAYw\\nHKo+DxY/KddqVe+w8ohjcbGMtRVQ4oFTw0MO4Tbqs6pKAHrGHlSCcoW+drOpj16W\\nPypfP2PeLDub6HOOM4sCQGWUXaHqJzfy2nHRAkr9WJEGgEMCMlGtFuMPH/Jc7aUt\\nNXk9HfcpVO/spIVpyL7x480hq5DHn7KaGwi+Lk2W0A8=\\n-----END RSA PRIVATE KEY-----\\n\\n\",\"client_email\":\"test@some-project.iam.gserviceaccount.com\"}"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/gcp/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests that the connection parameters can be used to reach the GCP account.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Google Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"required":["key_file"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a GCP connection.","properties":{"key_file":{"type":"string","description":"The contents of private key file of a GCP service account."}}}],"example":{"application/json":{"key_file":"{\"type\":\"service_account\",\"private_key_id\":\"y437c51g956b8ab4908yb41541262a2fa3b0f84f\",\"private_key\":\"-----BEGIN RSA PRIVATE KEY-----\\nMIICXAIBAAKBgQDnC1YYTtcpsbj6cV9M/1rOhEYWG9iNdnsMCK0AjMRtb79toU2v\\nyW0JfJR/sR2vqFMD1wJFgpayqo5GDPa8Us23I/vvyWCkatouGYO27r84y5G2h74a\\nZnnEaK7uLQ2OdGNHWcZv8gZhy7X5e6RJfKVVlYrgYtfEKv55E9dQSZrohQIDAQAB\\nAoGAbzre7P7vyQvdkPyJs+jvj6LQlw462AflPyriFvSuED2PPDk+zFU9oCaQ21Sq\\nhQmVRbD6T/qJkGRZ8FGHa6y1if6UVbUymr+0a1hIM7BbPwsG2hLXznYjXWZ8WFDb\\nQyRWTZh4Zj0Br2DtoRjQOG8CHhC7LuFx434acu12VXxN8vUCQQDtS8GRzktOWRBL\\n2l7MWCja3lkqyYR2Ns+tw79eEAYVrGsFZLu6gAMdmn53M+eO5h++Ypr7G+bazvwC\\nD1XtiN+7AkEA+UFuq04YR3lTpCN1OeJ0VKXatVMFMjAejulHF3d3tRc4pIfAjgTk\\n4M+K9y++4QtVdhsGO9sk1jwfHrRTn340vwJBAIJ25DYF9eFdllgd94Dh95ReKygb\\nI3jbKdOfi9drd+zynuSYPZ6MQypDhsSDBQzL+SfzjsIA1Sv4IRYA2H2Ag4ECQAYw\\nHKo+DxY/KddqVe+w8ohjcbGMtRVQ4oFTw0MO4Tbqs6pKAHrGHlSCcoW+drOpj16W\\nPypfP2PeLDub6HOOM4sCQGWUXaHqJzfy2nHRAkr9WJEGgEMCMlGtFuMPH/Jc7aUt\\nNXk9HfcpVO/spIVpyL7x480hq5DHn7KaGwi+Lk2W0A8=\\n-----END RSA PRIVATE KEY-----\\n\\n\",\"client_email\":\"test@some-project.iam.gserviceaccount.com\"}"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/salesforce/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create a new Salesforce connection.","description":"Create a new Salesforce connection. The connection can be created with Client Credentials (password and client_secret) authentication or Certificate authentication.","tags":["Connection Manager/Salesforce Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["client_id","username","cloud_name"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}}]},{"properties":{"is_certificate_used":{"type":"boolean","description":"User has the option to choose the Certificate Authentication method instead of Client Credentials (password and client_secret)\nAuthentication for Salesforce Cloud connection. In order to use the Certificate, set this field to true.\nOnce the connection is created, in the response user will get a certificate.\n"},"cert_duration":{"type":"integer","description":"Duration in days for which the salesforce server certificate is valid, default (730 i.e. 2 Years)."},"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}}}],"example":{"application/json":{"name":"salesforce-1","products":["cckm"],"cloud_name":"Salesforce Sandbox Cloud","client_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12","client_secret":"BC0556E7A0B4C96E218EF91370C5B","username":"xyz@abc.com","password":"123456","is_certificate_used":false,"certificate":"-----BEGIN CERTIFICATE-----\nMIID5DCCAcygAwIBAgIRAMGjBefOlR7fB0bSCo5DYAgwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZBdXN0aW4xDzAN\nBgNVBAoTBlRoYWxlczEcMBoGA1UEAxMTQ2lwaGVyVHJ1c3QgUm9vdCBDQTAeFw0y\nMjA3MjQwNDM0MjdaFw0yMzA3MjQwNDM0MjdaMBIxEDAOBgNVBAMTB215IGNlcnQw\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQSQouaKoOw0/Xqw7VEtEovbeJcT+qr\n3GWydA7Luvoe6v9qILc1FmPE0xOFtl3PmBxO8+QGjKW9jr0y55PAiw79o4G3MIG0\nMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E\nAjAAMB8GA1UdIwQYMBaAFBi0kpQMK8XlYpcbA+6Q+bD0sKK6MF4GA1UdHwRXMFUw\nU6BRoE+GTWh0dHA6Ly9jaXBoZXJ0cnVzdG1hbmFnZXIubG9jYWwvY3Jscy9lZmU5\nMDI5NC05YjU5LTQ1OTgtYTdlMi0wYzA2NTQ3N2VlYjkuY3JsMA0GCSqGSIb3DQEB\nCwUAA4ICAQBned/3SSHQfsAVWiDG6+WhyYwECz7cHBhLlHOs7WJ5sg7dh9IbU/Dv\nAxD7GCNmHgUx7ibbgidi7S+S3heNal5/xh7D/EUf8Fb5K/aJI77b5Q0c10RUfG4k\nEMNlXb1InNcqrgyjpKzxARyLOAgNm5SL2S0U5dhP2yIGCu22mw3Iec1+4GYCA0JH\nHZtjgZmspvjlHafHmDbHX9i6+fTYE8dWTrwEnrwary2EYXDhFLd/DyOzuYaT9NEQ\nzwkBsMKD4XxFASnpsN5Okp//q8Kzxs/oth9wJmwfChNDX63qz5RM/5Xfo/IDR0ir\nQNWCapz6rJv/pqwgMfV/BLqpIDjLrK76r5ggcDD2abZzwPXXzlq3rgxNqyfsWUYU\npPYmaGHClmDcbPqAr1xNHucYlwnhADgccuEcIygcUqAsq4probK17XebjOwR1dLU\nDBBebZIsxzUNt5vm0y5jmq8NK/rVrVX8vYaaJxDK9LpZPxQ7Fkt+t2NkTBtaAQnc\nSDH0YGXqP1yx18SHSl+gU72R23f9DAtguRDMaPcud2CpXRTu4Wb/y+syGTlLdto5\n3ucq9jE1MXafCkqjpOpXt5RPQB/PQ1o5PIlo78OeoS7xoC4nzKMIzq/CdCRn+S1w\n4nqjjIcJ8ENKSXvLePTWNwhgQOJqk1Ffhzq7+CJDVwh7DXsUeGLuEw==\n-----END CERTIFICATE-----\n","cert_duration":730}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}},{"properties":{"certificate":{"type":"string","description":"Salesforce server certificate."},"certificate_subject":{"type":"string","description":"Subject field of the certificate."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."}}}]}},"400":{"description":"Bad request."},"409":{"description":"Connection already exists"},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of Salesforce connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Salesforce Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"cloud_name","in":"query","type":"string","description":"Filter the result based on cloud name."},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"external_certificate_used","in":"query","type":"string","description":"Filter the result based on if external certificate is used for connection.\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}},{"properties":{"certificate":{"type":"string","description":"Salesforce server certificate."},"certificate_subject":{"type":"string","description":"Subject field of the certificate."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"salesforce-connection1","id":"423382b0-a555-4e55-b1a2-039eff093392","uri":"kylo:kylo:connectionmgmt:connections:salesforce-connection1-423382b0-a555-4e55-b1a2-039eff093392","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-06-23T10:57:49.032873Z","updatedAt":"2021-06-23T10:57:49.031163Z","service":"salesforce","category":"cloud","products":["cckm"],"meta":{"color":"blue"},"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","cloud_name":"Salesforce Sandbox Cloud","client_id":"3bf0dbe6-a2c7-431d-9a6f-4843b74c7e12","username":"xyz@abc.com","certificate_subject":"CN=cckm.thalesesecurity.com,OU=CipherTrust,O=Thales,L=San Jose,ST=California,C=US"}]}}},"400":{"description":"Bad request."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/salesforce/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager/Salesforce Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}},{"properties":{"certificate":{"type":"string","description":"Salesforce server certificate."},"certificate_subject":{"type":"string","description":"Subject field of the certificate."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager/Salesforce Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/Salesforce Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}},{"type":"object","description":".","properties":{"regenerate_certificate":{"type":"boolean","description":"To update the certificate, set the regenerate_certificate to true. This will update the certificate, corresponding private key and certificate subject.\n"},"cert_duration":{"type":"integer","description":"Duration in days for which the salesforce server certificate is valid, default (730 i.e. 2 Years)."},"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection. This option cannot be used with option is_certificate_used and client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}}}]}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"client_secret":"3bf0dbe6-a2c7-431d-9a6f-4843b74c71285nfjdu2"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}},{"properties":{"certificate":{"type":"string","description":"Salesforce server certificate."},"certificate_subject":{"type":"string","description":"Subject field of the certificate."},"external_certificate_used":{"type":"boolean","description":"true if the certificate associated with the connection is generated externally, false otherwise."}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/salesforce/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests an existing connection with the given name, ID, or URI.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Salesforce Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/salesforce/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests that the connection parameters can be used to reach to the salesforce service.\nThis does not create a persistent connection and works only for client credentials authentication.\n","tags":["Connection Manager/Salesforce Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","required":["client_id","username","cloud_name"],"properties":{"certificate":{"type":"string","description":"User has the option to upload external certificate for Salesforce Cloud connection.This option cannot be used with option client_secret. User first has to generate a new Certificate Signing Request (CSR) in POST /v1/connectionmgmt/connections/csr. The generated CSR can be signed with any internal or external CA. The Certificate must have an RSA key strength of 1024, 2048 or 4096. User can also update the new external certificate in the existing connection in Update (PATCH) API call. Any unused certificate will automatically deleted in 24 hours.\n"}},"allOf":[{"type":"object","description":"Sensitive parameters specific to a Salesforce connection.","properties":{"password":{"type":"string","description":"Password for the Salesforce account. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"},"client_secret":{"type":"string","description":"Consumer Secret for the Salesforce application. This a mandatory parameter for a connection\nwith Client Credential Authentication method. This parameter is not needed for\nCertificate Authentication.\n"}}},{"properties":{"client_id":{"type":"string","description":"Unique Identifier (client ID/consumer key) for the Salesforce Application."},"username":{"type":"string","description":"Username of the Salesforce account."},"cloud_name":{"type":"string","description":"Name or Type of the Salesforce cloud. Supported cloud options are listed below:\n","enum":["Salesforce Sandbox Cloud","Salesforce Cloud"]}}}]}],"example":{"application/json":{"client_id":"zeGbejWgeqDzgRv2l62N7CClr9zx7LDBvgdxcfM6rgSzawdji7g","client_secret":"F91370C5BB653152077A4188D5B57E66372410400C97","username":"xyz@abc.com","password":"123456","cloud_name":"Salesforce Sandbox Cloud"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/sap-dc/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Creates a new SAP Data Custodian connection.","description":"Create a new SAP Data Custodian connection. The connection can be created with Standard User Credentials.","tags":["Connection Manager/SAP Data Custodian Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["api_endpoint"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","required":["tenant","user","secret"],"description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian technical user connection.","properties":{"technical_user_credentials":{"type":"object","required":["api_key","secret"],"description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}}]}],"example":{"application/json":{"name":"SAP Data Custodian","user_credentials":{"secret":"secret","tenant":"tenant","user":"username"},"api_endpoint":"https://demo-kms-endpoint/kms/v2","description":"SAP DC connection","products":["cckm"]}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}},{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"}}}}},{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."}}}}}]}},"400":{"description":"Bad request."},"409":{"description":"Connection already exists."},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of SAP Data Custodian connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/SAP Data Custodian Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}},{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"}}}}},{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"SAP Data Custodian","id":"84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","uri":"kylo:kylo:connectionmgmt:connections:sap-data-custodian-84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T10:24:33.547212Z","updatedAt":"2021-09-22T10:24:33.546458Z","service":"sap-data-custodian","category":"cloud","description":"SAP DC connection","products":["cckm"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","api_endpoint":"kms_api","user_credentials":{"tenant":"tenant","user":"username"}},{"name":"SAP Data Custodian Technical User","id":"84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","uri":"kylo:kylo:connectionmgmt:connections:sap-data-custodian-84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T10:24:33.547212Z","updatedAt":"2021-09-22T10:24:33.546458Z","service":"sap-data-custodian","category":"cloud","description":"SAP DC connection","products":["cckm"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","api_endpoint":"kms_api","technical_user_credentials":{"api_key":"api_key"}}]}}},"400":{"description":"Bad request."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/sap-dc/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\n","tags":["Connection Manager/SAP Data Custodian Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}},{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"}}}}},{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."}}}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\n","tags":["Connection Manager/SAP Data Custodian Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID, or URI.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/SAP Data Custodian Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian Technical User connection.","properties":{"technical_user_credentials":{"type":"object","description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API Key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}}]}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"api_endpoint":"https://newURL/kms/v2"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}},{"type":"object","description":"Non-sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"}}}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/sap-dc/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests an existing connection with the given name, ID, or URI.\nThis does not create a persistent connection.\n","tags":["Connection Manager/SAP Data Custodian Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found"}}}},"/v1/connectionmgmt/services/sap-dc/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests that the connection parameters can be used to reach to the SAP Data Custodian service.\n","tags":["Connection Manager/SAP Data Custodian Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"type":"object","required":["api_endpoint"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian connection.","properties":{"user_credentials":{"type":"object","required":["tenant","user","secret"],"description":"Standard User Credentials for SAP Data Custodian connection.","properties":{"tenant":{"type":"string","description":"Tenant of the user."},"user":{"type":"string","description":"Username"},"secret":{"type":"string","description":"Secret/Password of the user."}}}}},{"type":"object","description":"Sensitive parameters specific to a SAP Data Custodian technical user connection.","properties":{"technical_user_credentials":{"type":"object","required":["api_key","secret"],"description":"Technical User Credentials for SAP Data Custodian connection.","properties":{"api_key":{"type":"string","description":"API key of the technical user."},"secret":{"type":"string","description":"Secret/Password of the technical user."}}}}},{"type":"object","properties":{"api_endpoint":{"type":"string","description":"KMS API endpoint of the SAP Data Custodian. Provide HTTP URL with the API version in it.\nOnly `v2` version of KMS API is supported.\nExample - `https://kms-api-demo.datacustodian.cloud.sap/kms/v2`.\n"}}}]}],"example":{"application/json":{"api_endpoint":"https://kms-api-demo.datacustodian.cloud.sap/kms/v2","user_credentials":{"secret":"Temp@SAP123","tenant":"Demo-Tenant","user":"demo-user@temp.com"}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/oci/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Creates a new OCI connection.","description":"Create a new OCI connection.","tags":["Connection Manager/Oracle Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]}],"example":{"application/json":{"name":"OCI Connection","description":"OCI Connection","products":["cckm"],"user_ocid":"ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq","tenancy_ocid":"ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644","fingerprint":"c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e","region":"ap-sydney-1","credentials":{"key_file":"-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----","pass_phrase":"password"}}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]}]}},"400":{"description":"Bad request."},"409":{"description":"Connection already exists."},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of OCI connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Oracle Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"OCI Connnection","id":"84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","uri":"kylo:kylo:connectionmgmt:connections:oci-84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T10:24:33.547212Z","updatedAt":"2021-09-22T10:24:33.546458Z","service":"oci","category":"cloud","description":"OCI connection","products":["cckm"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","user_ocid":"ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq","tenancy_ocid":"ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644","fingerprint":"c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e","region":"ap-sydney-1"}]}}},"400":{"description":"Bad request."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/oci/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\n","tags":["Connection Manager/Oracle Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\n","tags":["Connection Manager/Oracle Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID, or URI.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/Oracle Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","description":"parameters specific to an OCI connection.","properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint for the public key that was added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."},"credentials":{"type":"object","description":"Sensitive parameters specific to an OCI connection. Cannot update individual field.","properties":{"key_file":{"type":"string","description":"Private key file for OCI connection(PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase used for the key, if it is encrypted."}}}}}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"user_ocid":"ocid2.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/oci/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests an existing connection with the given name, ID, or URI.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Oracle Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found"}}}},"/v1/connectionmgmt/services/oci/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests whether the connection parameters can reach to the OCI service.\n","tags":["Connection Manager/Oracle Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OCI connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"Credentials of the OCI connection.","required":["key_file"],"properties":{"key_file":{"type":"string","description":"Private key file for OCI connection (PEM format)."},"pass_phrase":{"type":"string","description":"Passphrase of the encrypted key file."}}}}},{"type":"object","description":"Non-sensitive parameters specific to an OCI connection.","required":["user_ocid","tenancy_ocid","fingerprint","region"],"properties":{"user_ocid":{"type":"string","description":"OCID of the user."},"tenancy_ocid":{"type":"string","description":"OCID of the tenancy."},"fingerprint":{"type":"string","description":"Fingerprint of the public key added to this user."},"region":{"type":"string","description":"An Oracle Cloud Infrastructure region."}}}]}],"example":{"application/json":{"user_ocid":"ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq","tenancy_ocid":"ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644","fingerprint":"c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e","region":"ap-sydney-1","credentials":{"key_file":"-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----","pass_phrase":"password"}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"400":{"description":"Bad request."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/connections/csr":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Creates a Certificate Signing Request (CSR).","description":"Creates a Certificate Signing Request (CSR).","tags":["Connection Manager/CSR Creation"],"consumes":["application/json"],"parameters":[{"name":"body","in":"body","description":"CSR parameters","schema":{"type":"object","title":"CSR Request","required":["cn"],"properties":{"name":{"type":"string","description":"A unique name of CSR."},"algorithm":{"type":"string","description":"RSA or ECDSA (default) algorithms are supported. Signature algorithm (SHA512WithRSA, SHA384WithRSA,\nSHA256WithRSA, SHA1WithRSA, ECDSAWithSHA512, ECDSAWithSHA384, ECDSAWithSHA256) is selected\nbased on the algorithm and size.\n"},"size":{"type":"integer","description":"Key size. RSA: 1024 - 4096 (default: 2048), ECDSA: 256 (default), 384, 521\n"},"cn":{"type":"string","description":"Common Name"},"dnsNames":{"type":"array","items":{"type":"string"},"description":"Subject Alternative Names (SAN) values"},"emailAddresses":{"type":"array","items":{"type":"string"},"description":"E-mail addresses"},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses"},"names":{"type":"array","items":{"type":"object","title":"CSR Name","properties":{"C":{"type":"string","description":"Country, for example \"US\""},"ST":{"type":"string","description":"State/province, for example \"MD\""},"L":{"type":"string","description":"Location, for example \"Belcamp\""},"O":{"type":"string","description":"Organization, for example \"Thales Group\""},"OU":{"type":"string","description":"Organizational Unit, for example \"RnD\""}}},"description":"Name fields are \"O=organization, OU=organizational unit, L=location, ST=state/province, C=country\".\nFields can be duplicated if present in different objects.\n\nExample: [{\"O\": \"Thales Group\", \"OU\": \"CPS\", \"C\": \"US\", \"ST\": \"MD\", \"L\": \"Belcamp\"}, {\"OU\": \"Thales Group Inc.\"}]\n"},"password":{"type":"string","description":"Password to PEM-encrypt the private key. If not specified, the private key is not encrypted in return."},"encryptionAlgo":{"type":"string","description":"Private key encryption algorithm. AES256 (default), AES192, AES128, TDES"},"privateKeyBytes":{"type":"string","description":"Private Key bytes of the key which is to be used while creating CSR(Algorithm and size should be according to this key). If not given will generate key internally as per algorithm and size."}},"example":{"name":"sample-csr","algorithm":"RSA","size":2048,"cn":"kylo.com","dnsNames":["*.thalesgroup.com","*.thalesgroup.net"],"emailAddresses":["contact@thalesgroup.com"],"ipAddresses":["1.1.1.1"],"names":[{"O":"Thales Group","OU":"RnD","C":"US","ST":"MD","L":"Belcamp"}]}}}],"responses":{"201":{"description":"Successful CSR creation.","schema":{"type":"object"},"examples":{"application/json":{"csr":"-----BEGIN CERTIFICATE REQUEST-----\nMIHNMHUCAQAwEzERMA8GA1UEAxMIVGVzdCBDU1IwWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATndOIgsTp7m4bOuixxuAt2XQ3oZqp8th/woAo51z7RiAAGdm7IfB1w\n7uWr8o5PWKBatXIgvPp8hvRWHQPHCfcLoAAwCgYIKoZIzj0EAwIDSAAwRQIgVyvz\nhFGCKV460fNJC0vC48gI268B68Xr6osFoy9Ouw8CIQCWN1LtcyxPIvul3XF1Pj7l\navEeIqDBcfD6VHhbnpO2Ag==\n-----END CERTIFICATE REQUEST-----"}}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/luna-network/servers":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Adds a new Luna Network HSM Server.","description":"Adds a new Luna Network HSM Server.","tags":["Connection Manager/Luna Network HSM Servers"],"consumes":["application/json"],"parameters":[{"in":"body","name":"HSM Server Register","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["hostname","hsm_certificate"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a Luna Network HSM Server.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"hsm_certificate":{"type":"string","description":"Luna Network HSM Server Certificate."}}}]}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"hostname":"sample-hostname","hsm_certificate":"-----BEGIN CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ\nMA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5\nc2FsaXMtSVRTMRUwEwYDVQQDDAwxMC4xNjQuNTYuODYwHhcNMjAwODIwMDg1OTQ0\nWhcNMzAwODIyMDg1OTQ0WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJp\nbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMRUwEwYD\nVQQDDAwxMC4xNjQuNTYuODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCi7oMYdb8IcoqkdsAYNlcqzW32MxSeIwbThImdm1rvwQcwmggOyUhRqnUaiFH4\nsEVVNVDk0bqgAXKoLwauO63XEpu9NU+vHYrtcTkMZ6JxGe0z9LrCYcmqhcrxwPF6\nKSNFWmIpAXbRZ3utsziMlRSwd250pdBwo7idjubMHAWQAjJ16ouTD4maipbdAGtp\nXP/HnKO29aWpPZhj/zSasmwo6S9SvMdzBuT0/zATFYPsjdaGrbq7pbHwhJYmAP7h\nThG8aqdLNxATT36CEy2Tblw0YAGrcdMbLA4bgptt35OZYKcSXB9lm5RTPaaLkz0b\nEURdHGAVIYBAk/DAJCnoBhRxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFN1DUkX\nIXroQaX7yeyK5yK6YtPN8FthZ7k3L+FY18JKbnG8DqO8eocvncXtomZ12rLRAnmt\nsyV86fI5gBtoyyydFqqc4ejRfgjMnNwuD3hNLdDY2HuGgjWH+2N6Wl/Z1FVG1PZU\nGCaAlNGFRYOUxlzz3hltNwQmFX4PhdT8RlCApah7bhuozvSAzdAoHnl2qwE/PoS1\n9HdJPTtbN4019SgY2kSwg1nky8jZY8uA9Qh05izWz3S1p9ZY9kpgRaBCTGCAF/C2\nobI+LA8a7DlU9PQ=\n-----END CERTIFICATE-----\n"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of Luna Network HSM Servers.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Luna Network HSM Servers"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"host","in":"query","type":"string","description":"Filter the result based on hostname."},{"name":"channel","in":"query","type":"string","description":"Filter the result based on channel of communication."},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"14c3e04b-c5f2-4436-a62a-2dea3c1086cb","uri":"kylo:kylo:cckm:connection:luna-network-hsm-server","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-06-05T09:32:00.506116599Z","updatedAt":"2020-06-05T09:32:00.506116599Z","service":"luna network","category":"hsm","url":"/v1/connectionmgmt/services/luna-network/servers:14c3e04b-c5f2-4436-a62a-2dea3c1086cb","channel":"NTLS"}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/luna-network/servers/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a Luna HSM server with the given name, ID, or URI.\n","tags":["Connection Manager/Luna Network HSM Servers"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes an HSM server with the given name, ID, or URI.\n","tags":["Connection Manager/Luna Network HSM Servers"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/luna-network/servers/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Force delete an existing HSM server.","description":"Deletes an HSM server with the given name, ID, or URI. \nThe `force` flag is used to delete the in-use server.\n","tags":["Connection Manager/Luna Network HSM Servers"],"parameters":[{"in":"body","name":"connection","schema":{"title":"Delete Connection Parameters","example":{"force":true},"description":"Parameters required for deleting an in-use server.","type":"object","properties":{"force":{"type":"boolean","description":"If set to true, the in-use server will be deleted forcefully."}}}}],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."},"409":{"description":"Conflict with the current state of the resource"}}}},"/v1/connectionmgmt/services/luna-network/servers/{id}/enable-stc":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Post","description":"Enables the STC mode for the given HSM Server.\n","tags":["Connection Manager/Luna Network HSM Servers"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]}]}},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/luna-network/servers/{id}/disable-stc":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Post","description":"Disables the STC mode for the given HSM Server.\n","tags":["Connection Manager/Luna Network HSM Servers"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]}]}},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/luna-network/client":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the information about Luna Client (certificate, hostname, stc client identity, etc.) for a Luna HSM Server.\n","tags":["Connection Manager/Luna Network HSM Servers"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","required":["hostname","certificate"],"description":"Sensitive parameters specific to a Luna Network HSM Client.","properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Client."},"certificate":{"type":"string","description":"Luna Network HSM Client certificate."}}}]}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/luna-network/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create a new Luna Network HSM connection.","description":"Create a new Luna Network HSM connection.","tags":["Connection Manager/Luna Network HSM Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["password"],"allOf":[{"type":"object","required":["partitions"],"properties":{"partitions":{"type":"array","description":"One partition for a Non HA connection or a list for an HA group.","items":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}}}},{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."}}},{"properties":{"password":{"type":"string","description":"Password associated with the Partition of the Luna Network HSM."}}}]}],"example":{"application/json":{"name":"luna-network-connection","products":["cckm"],"meta":{"color":"blue"},"partitions":[{"hostname":"sample-hostname","partition_label":"sample-label","serial_number":"serialno"}],"is_ha_enabled":false,"password":"Password"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","required":["partitions"],"properties":{"partitions":{"type":"array","description":"One partition for a Non HA connection or a list for an HA group.","items":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}}}},{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."}}}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of Luna Network HSM connections.\nThe results can be filtered using the query parameters.\nConsider partition related information only when operation_status is \"completed\".\n","tags":["Connection Manager/Luna Network HSM Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"operation_status","in":"query","type":"string","description":"Filter the result based on operation_status result.\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."}}}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"name":"luna-ha1","id":"14c3e04b-c5f2-4436-a62a-2dea3c1086cb","uri":"kylo:kylo:cckm:connection:luna-network-hsm-server","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2020-06-05T09:32:00.506116599Z","updatedAt":"2020-06-05T09:32:00.506116599Z","service":"luna network","category":"hsm","meta":{"color":"blue"},"last_connection_ok":true,"last_connection_at":"2020-11-20T05:15:10.595513Z","is_ha_enabled":true,"operation_status":"completed","operation_error":"","label":"cckm-1605849305","manufacturer_id":"Safenet, Inc.","model":"LunaVirtual","flags":1069,"max_session_count":0,"session_count":0,"max_rw_session_count":0,"rw_session_count":0,"max_pin_len":255,"min_pin_len":7,"total_public_memory":409782,"free_public_memory":284002,"total_private_memory":409782,"free_private_memory":284002,"hardware_version":"0.0","firmware_version":"7.4","ha_enabled":true,"partitions":[{"id":"94e6b01f-1939-44df-beda-859280f51116","uri":"kylo:kylo:connectionmgmt:luna-network-partition:luna-ha1-94e6b01f-1939-44df-beda-859280f51116","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-11-20T05:00:34.35009Z","hostname":"10.164.10.44","serial_number":"1429964054509","partition_label":"Partition1"},{"id":"79e5a4f6-3af1-4eab-a15f-1fe2937b7eea","uri":"kylo:kylo:connectionmgmt:luna-network-partition:luna-ha1-79e5a4f6-3af1-4eab-a15f-1fe2937b7eea","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-11-20T05:00:34.350818Z","hostname":"10.164.10.44","serial_number":"1429964054510","partition_label":"Partition2"}]}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/luna-network/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\nThe type query parameter can be used to specify the type of ID.\nConsider partition related information only when operation_status is \"completed\".\n","tags":["Connection Manager/Luna Network HSM Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","required":["partitions"],"properties":{"partitions":{"type":"array","description":"One partition for a Non HA connection or a list for an HA group.","items":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}}}},{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."}}},{"type":"object","description":"HSM Partitions specific information","properties":{"operation_status":{"type":"string","description":"Operation status of the Partition"},"operation_error":{"type":"string","description":"Operation error of the Partition"},"label":{"type":"string","description":"Label of the Partition"},"manufacturer_id":{"type":"string","description":"Manufacturer ID of the Partition"},"models":{"type":"string","description":"Model of the Partition"},"flags":{"type":"integer","description":"Flags of the Partition"},"max_session_count":{"type":"integer","description":"Maximum session count of the Partition"},"session_count":{"type":"integer","description":"Session count of the Partition"},"max_rw_session_count":{"type":"integer","description":"Maximum read-write session count of the Partition"},"rw_session_count":{"type":"integer","description":"Read-Write session count of the Partition"},"max_pin_len":{"type":"integer","description":"Maximum pin length of the partition"},"min_pin_len":{"type":"integer","description":"Minimum pin length of the Partition"},"total_public_memory":{"type":"integer","description":"Total public memory of the Partition"},"free_public_memory":{"type":"integer","description":"Available free memory of the Partition"},"total_private_memory":{"type":"integer","description":"Total private memory of the Partition"},"free_private_memory":{"type":"integer","description":"Free private memory of the Partition"},"hardware_version":{"type":"string","description":"Hardware version of the Partition"},"firmware_version":{"type":"string","description":"Firmware version of the Partition"},"ha_enabled":{"type":"boolean","description":"Is partition HA enabled"}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\n","tags":["Connection Manager/Luna Network HSM Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID or URI.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/Luna Network HSM Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."}}},{"properties":{"password":{"type":"string","description":"Password associated with the Partition of the Luna Network HSM."}}}]}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"password":"Password"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","required":["partitions"],"properties":{"partitions":{"type":"array","description":"One partition for a Non HA connection or a list for an HA group.","items":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/luna-network/connections/{id}/partitions/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Add","description":"Adds a partitiom into a luna network connection with the ID\n","tags":["Connection Manager/Luna Network HSM Connections"],"parameters":[{"in":"body","name":"partition","description":"The partition to add.","schema":{"type":"object","allOf":[{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}],"example":{"application/json":{"hostname":"new partition","partition_label":"sample-label","serial_number":"serialno"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/luna-network/connections/{id}/partitions/{partition_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},{"name":"partition_id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"delete":{"summary":"Delete","description":"Deletes a partition of luna network connection with the given ID\n","tags":["Connection Manager/Luna Network HSM Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/luna-network/stc-partitions":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Registers a new Luna Network HSM STC Partition.","description":"Registers a new Luna Network HSM STC Partition.","tags":["Connection Manager/Luna Network HSM STC Partition"],"consumes":["application/json"],"parameters":[{"in":"body","name":"HSM STC Partition Register","description":"Register the Luna Network HSM STC partition.","schema":{"allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["name","label","serial_number","partition_identity"],"allOf":[{"type":"object","description":"Parameters specific to a Luna Network HSM STC Partition.","properties":{"label":{"type":"string","description":"Label of the Luna Network HSM STC Partition."},"name":{"type":"string","description":"Name of the Luna Network HSM STC Partition."},"serial_number":{"type":"string","description":"Serial Number of Luna Network HSM STC Partition."},"partition_identity":{"type":"string","description":"Contents of Luna Network HSM STC Partition Identity(pid) file in base64 form."}}}]}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"name":"stc-partition","label":"cckm-partition","serial_number":"1234567891011","partition_identity":"BgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJDQTEQ\nMA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5\nc2FsaXMtSVRTMRUwEwYDVQQDDAwxMC4xNjQuNTYuODYwHhcNMjAwODIwMDg1OTQ0\nWhcNMzAwODIyMDg1OTQ0WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJp\nbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMRUwEwYD\nVQQDDAwxMC4xNjQuNTYuODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCi7oMYdb8IcoqkdsAYNlcqzW32MxSeIwbThImdm1rvwQcwmggOyUhRqnUaiFH4\nsEVVNVDk0bqgAXKoLwauO63XEpu9NU+vHYrtcTkMZ6JxGe0z9LrCYcmqhcrxwPF6\nKSNFWmIpAXbRZ3utsziMlRSwd250pdBwo7idjubMHAWQAjJ16ouTD4maipbdAGtp\nXP/HnKO29aWpPZhj/zSasmwo6S9SvMdzBuT0/zATFYPsjdaGrbq7pbHwhJYmAP7h\nThG8aqdLNxATT36CEy2Tblw0YAGrcdMbLA4bgptt35OZYKcSXB9lm5RTPaaLkz0b\nEURdHGAVIYBAk/DAJCnoBhRxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFN1DUkX\nIXroQaX7yeyK5yK6YtPN8FthZ7k3L+FY18JKbnG8DqO8eocvncXtomZ12rLRAnmt\nsyV86fI5gBtoyyydFqqc4ejRfgjMnNwuD3hNLdDY2HuGgjWH+2N6Wl/Z1FVG1PZU\nGCaAlNGFRYOUxlzz3hltNwQmFX4PhdT8RlCApah7bhuozvSAzdAoHnl2qwE/PoS1\n9HdJPTtbN4019SgY2kSwg1nky8jZY8uA9Qh05izWz3S1p9ZY9kpg"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]}]}},"409":{"description":"Conflict! Resource already exist."}}},"get":{"summary":"List","description":"Returns a list of Luna Network HSM STC Partitions.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Luna Network HSM STC Partition"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"label","in":"query","type":"string","description":"Filter the result based on label."},{"name":"serial_number","in":"query","type":"string","description":"Filter the result based on serial number."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]}]}}}}]},"examples":{"application/json":{"skip":"0,","limit":"10,","total":"1,","resources":[{"id":"ad7155ad-39a3-4ae2-8245-0ce9a44b2d3c","uri":"kylo:kylo:connectionmgmt:hsm-stc-partition:oparnew-ad7155ad-39a3-4ae2-8245-0ce9a44b2d3c","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-08-01T17:03:14.234458162Z","updatedAt":"2022-08-01T17:03:14.203404619Z","service":"luna network","last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","name":"oparnew","products":["cckm"],"label":"parnew","serial_number":"1465065595776"}]}}},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/luna-network/stc-partitions/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a Luna HSM STC Partition with the given name, ID, or URI.\n","tags":["Connection Manager/Luna Network HSM STC Partition"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]}]}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes an HSM STC Partition with the given name, ID, or URI.\n","tags":["Connection Manager/Luna Network HSM STC Partition"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/luna-network/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Tests Luna Network HSM connection parameters.","description":"Test HSM Connection tests that the connection parameters can be used to reach the Luna Network HSM server. This does not create a persistent connection. It is a time taking operation. Hence this API always returns \"In Progress\" status typically. ID returned in the API is used in Connection Status API to know the connection status.","tags":["Connection Manager/Luna Network HSM Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["password"],"allOf":[{"type":"object","required":["partitions"],"properties":{"partitions":{"type":"array","description":"One partition for a Non HA connection or a list for an HA group.","items":{"type":"object","required":["hostname","partition_label","serial_number"],"properties":{"hostname":{"type":"string","description":"Hostname/IP of the Luna Network HSM Server."},"partition_label":{"type":"string","description":"Label of the partition on the Luna Network HSM Server."},"serial_number":{"type":"string","description":"Serial number of the partition."}}}}}},{"type":"object","properties":{"is_ha_enabled":{"type":"boolean","description":"This flag signifies if it is HighAvailability(HA) Group or not. The default is false."}}},{"properties":{"password":{"type":"string","description":"Password associated with the Partition of the Luna Network HSM."}}}]}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"partitions":[{"hostname":"sample-hostname","partition_label":"sample-label","serial_number":"serialno"}],"is_ha_enabled":false,"password":"Password"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/luna-network/connection-test/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get connection status","description":"Returns the status of the Luna HSM server connection test for the given ID.\n","tags":["Connection Manager/Luna Network HSM Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/luna-network/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests that an existing connection with the given ID reaches the Luna Network HSM server.\nThe type query parameter can be used to specify the type of ID.\n","tags":["Connection Manager/Luna Network HSM Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/dsm/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create a new connection","description":"Create a new connection to DSM server.","tags":["Connection Manager/DSM Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["username","password","nodes"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a DSM connection.","properties":{"password":{"type":"string","description":"Password of DSM server\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}}}}]}],"example":{"application/json":{"name":"dsm-connection","products":["cckm"],"description":"a description of the connection","username":"user","password":"password","nodes":[{"hostname":"node1","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"},{"hostname":"node2","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"}]}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}}}}]}},"409":{"description":"Connection already exists"},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of DSM connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/DSM Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"service","in":"query","type":"string","description":"Filter the result based on the external services associated with the connections. (e.g. aws, azure, gcp, hadoop-knox, luna network).","enum":["aws","azure","gcp","luna network","hadoop-knox"]},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"dsm-connection","id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc","uri":"kylo:kylo:connectionmgmt:connections:dsm-connection-ce4b1c0d-656d-4a3e-b280-2487fe360fbc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.680993Z","updatedAt":"2020-10-07T09:29:44.666036Z","service":"DSM","category":"KeyManager","description":"a description","products":["cckm"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","username":"user","nodes":[{"id":"210a67f1-b1ca-41ba-b316-9d71dacf54ee","uri":"kylo:kylo:connectionmgmt:dsm-node:dsm-connection-210a67f1-b1ca-41ba-b316-9d71dacf54ee","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.698405Z","updatedAt":"2020-10-07T09:29:44.692384Z","hostname":"node1","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----","connection_id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc"},{"id":"8a75d2e1-4de5-4051-91ae-12ca3b73b574","uri":"kylo:kylo:connectionmgmt:dsm-node:dsm-connection-8a75d2e1-4de5-4051-91ae-12ca3b73b574","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.705429Z","updatedAt":"2020-10-07T09:29:44.700694Z","hostname":"node2","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----","connection_id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc"}]}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/dsm/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a DSM connection with the ID or name.\n","tags":["Connection Manager/DSM Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a DSM connection with the given ID or name.\n","tags":["Connection Manager/DSM Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a DSM connection with the given ID or name.\nThe parameters that are to be updated are specified in the request body.\n","tags":["Connection Manager/DSM Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a DSM connection.","properties":{"password":{"type":"string","description":"Password of DSM server\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}}]}],"example":{"application/json":{"products":["cckm"],"meta":{"color":"blue"},"password":"new-password","username":"new-user"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/dsm/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Post","description":"Checks connectivity to an already existing DSM connection\n","tags":["Connection Manager/DSM Connections"],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/dsm/connections/{id}/nodes":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Add a new DSM Node","description":"Add a new node to an existing DSM connection","tags":["Connection Manager/DSM Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"node","description":"The node to be added.","schema":{"allOf":[{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}],"example":{"application/json":{"hostname":"node1","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of nodes of a DSM connection.\n","tags":["Connection Manager/DSM Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"dsm-connection","id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc","uri":"kylo:kylo:connectionmgmt:connections:dsm-connection-ce4b1c0d-656d-4a3e-b280-2487fe360fbc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.680993Z","updatedAt":"2020-10-07T09:29:44.666036Z","service":"DSM","category":"KeyManager","description":"a description","products":["cckm"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","username":"user","nodes":[{"id":"210a67f1-b1ca-41ba-b316-9d71dacf54ee","uri":"kylo:kylo:connectionmgmt:dsm-node:dsm-connection-210a67f1-b1ca-41ba-b316-9d71dacf54ee","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.698405Z","updatedAt":"2020-10-07T09:29:44.692384Z","hostname":"node1","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----","connection_id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc"},{"id":"8a75d2e1-4de5-4051-91ae-12ca3b73b574","uri":"kylo:kylo:connectionmgmt:dsm-node:dsm-connection-8a75d2e1-4de5-4051-91ae-12ca3b73b574","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.705429Z","updatedAt":"2020-10-07T09:29:44.700694Z","hostname":"node2","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----","connection_id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc"}]}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/dsm/connections/{id}/nodes/{node_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},{"name":"node_id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a node in the DSM connection with the given connection ID and node ID / hostname.\n","tags":["Connection Manager/DSM Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a node of DSM connection with the given connection ID and node ID / hostname.\n","tags":["Connection Manager/DSM Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a node of a DSM connection with the given connection ID and node ID / hostname.\nThe parameters that are to be updated are specified in the request body.\n","tags":["Connection Manager/DSM Connections"],"parameters":[{"in":"body","name":"node","description":"The node to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Update parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}],"example":{"application/json":{"hostname":"updated node"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","description":"Update parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/dsm/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests that the connection parameters can be used to reach the DSM server of the provided type.\nThis does not create a persistent connection.\n","tags":["Connection Manager/DSM Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"type":"object","required":["username","password","nodes"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a DSM connection.","properties":{"password":{"type":"string","description":"Password of DSM server\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing DSM server"},"domain_id":{"type":"string","description":"If DSM user is restricted to a domain, provide domain id."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","server_certificate"],"description":"Create parameters specific to a DSM node.","allOf":[{"properties":{"hostname":{"type":"string","description":"hostname of DSM Server"},"server_certificate":{"type":"string","description":"SSL certificate of DSM Server for TLS communication"}}}]}}}}]}],"example":{"application/json":{"username":"admin-user","password":"password","nodes":[{"hostname":"node1","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"},{"hostname":"node2","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"}]}}}}],"responses":{"200":{"description":"OK"},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/log-forwarders/elasticsearch/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Creates a new Elasticsearch connection.","description":"Creates a new Elasticsearch connection.","tags":["Connection Manager/Elasticsearch Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"elasticsearch_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}}],"example":{"application/json":{"name":"Elasticsearch Connection","description":"Elasticsearch Connection","products":["logger"],"host":"127.0.0.1","port":5321,"elasticsearch_params":{"transport":"tcp"}}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"elasticsearch_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}}]}},"400":{"description":"Bad request."},"409":{"description":"Connection already exists."}}},"get":{"summary":"List","description":"Returns a list of Elasticsearch connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Elasticsearch Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"elasticsearch_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"Elasticsearch Connection","id":"84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","uri":"kylo:kylo:connectionmgmt:connections:oci-84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T10:24:33.547212Z","updatedAt":"2021-09-22T10:24:33.546458Z","category":"log-forwarders","service":"elasticsearch","host":"127.0.0.1","port":5321,"description":"Elasticsearch connection","products":["logger"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","elasticsearch_params":{"transport":"tcp"}}]}}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/log-forwarders/elasticsearch/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\n","tags":["Connection Manager/Elasticsearch Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"elasticsearch_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\n","tags":["Connection Manager/Elasticsearch Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID, or URI.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/Elasticsearch Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"elasticsearch_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}}],"example":{"application/json":{"description":"Updated elasticsearch Connection","products":["logger"],"host":"127.0.0.2","port":555,"elasticsearch_params":{"transport":"tcp"}}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"elasticsearch_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/log-forwarders/elasticsearch/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests an existing connection with the given name, ID, or URI.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Elasticsearch Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found"}}}},"/v1/connectionmgmt/services/log-forwarders/elasticsearch/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests whether the connection parameters can reach to the Elasticsearch server.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Elasticsearch Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","required":["elasticsearch_params"],"properties":{"elasticsearch_params":{"type":"object","required":["transport"],"properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}}],"example":{"application/json":{"host":"127.0.0.2","port":555,"elasticsearch_params":{"transport":"tcp"}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/log-forwarders/loki/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Creates a new Loki connection.","description":"Creates a new Loki connection.","tags":["Connection Manager/Loki Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"loki_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}}],"example":{"application/json":{"name":"Loki Connection","description":"Loki Connection","products":["logger"],"host":"127.0.0.1","port":5321,"loki_params":{"transport":"tcp"}}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"loki_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}}]}},"400":{"description":"Bad request."},"409":{"description":"Connection already exists."}}},"get":{"summary":"List","description":"Returns a list of Loki connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Loki Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"loki_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"Loki Connection","id":"84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","uri":"kylo:kylo:connectionmgmt:connections:oci-84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T10:24:33.547212Z","updatedAt":"2021-09-22T10:24:33.546458Z","category":"log-forwarders","service":"loki","host":"127.0.0.1","port":5321,"description":"Loki connection","products":["logger"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","loki_params":{"transport":"tcp"}}]}}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/log-forwarders/loki/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\n","tags":["Connection Manager/Loki Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"loki_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\n","tags":["Connection Manager/Loki Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID, or URI.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/Loki Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"loki_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}}],"example":{"application/json":{"description":"Updated loki Connection","products":["logger"],"host":"127.0.0.2","port":555,"loki_params":{"transport":"tcp"}}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"loki_params":{"type":"object","properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\n","enum":["tcp (default)","tls"]}}}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/log-forwarders/loki/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests an existing connection with the given name, ID, or URI.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Loki Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found"}}}},"/v1/connectionmgmt/services/log-forwarders/loki/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests whether the connection parameters can reach to the Loki server.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Loki Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","required":["loki_params"],"properties":{"loki_params":{"type":"object","required":["transport"],"properties":{"http_user":{"type":"string","description":"HTTP basic auth username."},"http_password":{"type":"string","description":"HTTP basic auth password."},"ca_cert":{"type":"string","description":"CA certificate in PEM format."},"insecure_tls_skip_verify":{"type":"boolean","description":"In TLS mode, skip server certificate validation. This setting should only be used for testing."},"transport":{"type":"string","description":"Transport mode for sending data, supports \"tls\" and \"tcp\".\n\"tls\" requires either a trusted CA cert or insecure TLS skip verify to be set to true.\nDefault is \"tcp\".\n","enum":["tcp","tls"]}}}}}],"example":{"application/json":{"host":"127.0.0.2","port":555,"loki_params":{"transport":"tcp"}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/log-forwarders/syslog/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Creates a new Syslog connection.","description":"Creates a new Syslog connection.","tags":["Connection Manager/Syslog Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"required":["syslog_params"],"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"The port to use for the connection. Defaults to 514 for udp, 601 for tcp and 6514 for tls"},"syslog_params":{"type":"object","required":["transport"],"properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}}],"example":{"application/json":{"name":"Syslog Connection","description":"Syslog Connection","products":["logger"],"host":"127.0.0.1","port":514,"syslog_params":{"transport":"TLS","message_format":"rfc3164","ca_cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"The port to use for the connection. Defaults to 514 for udp, 601 for tcp and 6514 for tls"},"syslog_params":{"type":"object","required":["transport"],"properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}}]}},"400":{"description":"Bad request."},"409":{"description":"Connection already exists."}}},"get":{"summary":"List","description":"Returns a list of Syslog connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Syslog Connections"],"parameters":[{"name":"transport","in":"query","required":false,"type":"string","description":"Filter by the transport of the syslog connection (`udp`, `tcp`, or `tls`)"},{"name":"message_format","in":"query","required":false,"type":"string","description":"Filter by the message format of the syslog connection (`rfc5424` , `rfc3164` , `cef` ,`leef`)"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"The port to use for the connection. Defaults to 514 for udp, 601 for tcp and 6514 for tls"},"syslog_params":{"type":"object","required":["transport"],"properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"Syslog Connection","id":"84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","uri":"kylo:kylo:connectionmgmt:connections:oci-84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T10:24:33.547212Z","updatedAt":"2021-09-22T10:24:33.546458Z","category":"log-forwarders","service":"syslog","host":"127.0.0.1","port":5321,"description":"Sysylog connection","products":["logger"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","syslog_params":{"transport":"TCP","message_format":"rfc5424"}}]}}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/log-forwarders/syslog/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\n","tags":["Connection Manager/Syslog Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"The port to use for the connection. Defaults to 514 for udp, 601 for tcp and 6514 for tls"},"syslog_params":{"type":"object","required":["transport"],"properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a connection with the given name, ID, or URI.\n","tags":["Connection Manager/Syslog Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID, or URI.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/Syslog Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","properties":{"syslog_params":{"type":"object","properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}}],"example":{"application/json":{"description":"Updated syslog Connection","products":["logger"],"host":"127.0.0.2","port":555,"syslog_params":{"transport":"TLS","message_format":"rfc3164","ca_cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"The port to use for the connection. Defaults to 514 for udp, 601 for tcp and 6514 for tls"},"syslog_params":{"type":"object","required":["transport"],"properties":{"message_format":{"type":"string","description":"The log message format for new log messages:\n* `rfc5424` (default)\n* `rfc3164`\n* `cef`\n* `leef`\n"},"transport":{"type":"string","description":"Transport mode for sending data, supports \"udp\", \"tls\" and \"tcp\".","enum":["tcp","udp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/log-forwarders/syslog/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests an existing connection with the given name, ID, or URI.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Syslog Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found"}}}},"/v1/connectionmgmt/services/log-forwarders/syslog/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests whether the connection parameters can reach to the Syslog service.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Syslog Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"type":"object","required":["host","port"],"properties":{"host":{"type":"string","description":"Host of the log-forwarder server."},"port":{"type":"integer","description":"Port of the log-forwarder server."}}},{"type":"object","required":["syslog_params"],"properties":{"syslog_params":{"type":"object","required":["transport"],"properties":{"transport":{"type":"string","description":"Test connection for UDP protocol is not supported. Valid values are tcp and tls only","enum":["tcp","tls"]},"ca_cert":{"type":"string","description":"The trusted CA certificate in the PEM format. Only used in the TLS transport mode."}}}}}],"example":{"application/json":{"host":"127.0.0.2","port":555,"syslog_params":{"transport":"TLS","ca_cert":"-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIBADANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEL\nMAkGA1UECAwCVFgxDzANBgNVBAcMBkF1c3RpbjEQMA4GA1UECgwHR2VtYWx0bzEM\nMAoGA1UECwwDUm5EMRwwGgYDVQQDDBNjYS5reWxvLmdlbWFsdG8uY29tMB4XDTE3\nMDgwMjIyNDIyM1oXDTQ3MDcyNjIyNDIyM1owaTELMAkGA1UEBhMCVVMxCzAJBgNV\nBAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xEDAOBgNVBAoMB0dlbWFsdG8xDDAKBgNV\nBAsMA1JuRDEcMBoGA1UEAwwTY2Eua3lsby5nZW1hbHRvLmNvbTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAO+M3/EdapR+e6jbl8c08w1ynboOIX0/T0E7\nHBj0iAsSJOQJTwLcfkG4vU2AeRLca8dNJfx+qF1y9LSMeRNJhrxpEZR+L2PHl2Ti\niHxkS09UwwOSIN6SGSEX847ZiVA8DWNuHDtqtruWYH/oAa3go2V2qw21vzZ6UUjo\nTDViZegUEDIeRkp/hgl5hx2JKrtA1HhpHe18PedHwq8b/QbLfke9K89Psxd5+Vof\ndT63UUArzRJcB37XgjiTlOOVG9MYEn59ouTnzQkAzM640O3w16l9WX0v98/auKdq\nQzu3RBSaQUgoJf8v5C4p3Edgk1Uq7EOgbrJW6sS4F9k2JgdruasCAwEAAaNQME4w\nHQYDVR0OBBYEFK5n3Eevh2xLROIoYM4VsnCZfpHwMB8GA1UdIwQYMBaAFK5n3Eev\nh2xLROIoYM4VsnCZfpHwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB\nAFy0LkGHFGZaEf4bIWMB5B7u/CMGjejw64fojIjGYQtB4WQehl3wqOxX1MvlXm0B\nxXDvgALq+BXw6NEwOT7nlx4uRspHA0cER0qmvTpH/uePnidvBzxDFCHpJM0eoZae\n9f7EPL0XNxvV8FdhtQ1p133DtzTWfxygpcG+E+ES2m2wzwwEGTShAST4SJOlCKVX\nzPZ+2NFEepxkfiikqSl6QPLGz+TEUZZ4vrshFiBxUI5zzDNcONtd14Nh/XjUWWrd\n2MXk37ASKPZgdJQzx8U8AsITdtuaYF/d/OCIuNASbQs07nuk1dE7RS6em/d6GB33\nlfuDSu3uKT9h6JmcCy7BzJY=\n-----END CERTIFICATE-----"}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/smb/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create a new connection","description":"Creates a new connection to SMB share.","tags":["Connection Manager/SMB Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["username","password"],"allOf":[{"type":"object","description":"Sensitive parameters specific to a SMB connection.","properties":{"password":{"type":"string","description":"Password for SMB share.\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]}],"example":{"application/json":{"name":"smbConnection","products":["cte"],"description":"a description of the connection","username":"user","password":"password","domain":"domainName","host":"1.2.3.4","port":"445"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of SMB connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/SMB Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"smbConnection","id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc","uri":"kylo:kylo:connectionmgmt:connections:smbConnection-ce4b1c0d-656d-4a3e-b280-2487fe360fbc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.680993Z","updatedAt":"2020-10-07T09:29:44.666036Z","service":"SMB","category":"file-shares","description":"a description","products":["cte"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","username":"user","domain":"domainName","host":"1.3.4.5","port":"445"}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/smb/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a SMB connection with the ID.\n","tags":["Connection Manager/SMB Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a SMB connection with the given ID.\n","tags":["Connection Manager/SMB Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a SMB connection with the given ID.\nThe parameters that are to be updated are specified in the request body.\n","tags":["Connection Manager/SMB Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a SMB connection.","properties":{"password":{"type":"string","description":"Password for SMB share.\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]}],"example":{"application/json":{"products":["cte"],"meta":{"color":"blue"},"password":"new-password","username":"new-user","host":"1.2.3.4.5","port":"445","domain":"domainName"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/smb/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Checks connectivity to an already existing SMB connection\n","tags":["Connection Manager/SMB Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The existing connection to test.","schema":{"type":"object","required":["path"],"allOf":[{"type":"object","description":"Path of the SMB share against whom the credentials to test","properties":{"path":{"type":"string","description":"Path of SMB share on the host\n"}}}],"example":{"application/json":{"path":"share-name"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/smb/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests that the connection parameters can be used to reach the SMB share of the provided type.\nThis does not create a persistent connection.\n","tags":["Connection Manager/SMB Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"required":["username","password","host","port","path"],"allOf":[{"properties":{"username":{"type":"string","description":"Username for accessing SMB share."},"domain":{"type":"string","description":"Domain for SMB share."},"host":{"type":"string","description":"Hostname or FQDN of SMB share."},"port":{"type":"string","description":"Port where SMB service runs on host (usually 445)."}}},{"type":"object","description":"Sensitive parameters specific to a SMB connection.","properties":{"password":{"type":"string","description":"Password for SMB share.\n"}}},{"type":"object","description":"Path of the SMB share against whom the credentials to test","properties":{"path":{"type":"string","description":"Path of SMB share on the host\n"}}}],"example":{"application/json":{"username":"username","password":"password","host":"1.2.3.4","port":"445","domain":"thales","path":"share-name"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/scp/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create a new connection","description":"Create a new connection to SCP.","tags":["Connection Manager/SCP Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["host","username","auth_method","path_to","public_key"],"allOf":[{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}},{"type":"object","description":"Sensitive parameters specific to a SCP connection.","properties":{"password":{"type":"string","description":"Password for SCP.\n"},"public_key":{"type":"string","description":"Public key of destination host machine. It will be used to verify the host's identity by verifying key fingerprint. You can find it in /etc/ssh/ at host machine.\n"}}}]}],"example":{"application/json":{"name":"scp-connection","products":["backup/restore"],"description":"a description of the connection","host":"1.2.3.4","port":22,"username":"user","auth_method":"Password","password":"password","path_to":"/home/path/to/directory/","public_key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxnOBfBVU4L3fQBVWK71CdoHXmFNxkD0lFYDagM8etytGxRMQeOSeARUYQA+xC/8ig+LHimQ97L0XPSCvTr/XbXxOYBOdGHFqr1o6QwmSBABoPz0fvfCHaipAdwGlfS50aDbCWYZSd9UX6stOazCPdQ9wiiGD0+wYmagxBtrBlzrXiXKV3q+GNr6iIlejsv2aK"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}}]}},"400":{"description":"Bad request."}}},"get":{"summary":"List","description":"Returns a list of SCP connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/SCP Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"scp-connection","id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc","uri":"kylo:kylo:connectionmgmt:connections:scpConnection-ce4b1c0d-656d-4a3e-b280-2487fe360fbc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.680993Z","updatedAt":"2020-10-07T09:29:44.666036Z","service":"SCP","category":"external-server","description":"a description of the connection","products":["backup/restore"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","host":"1.2.3.4","port":22,"username":"user","auth_method":"Password","password":"password","path_to":"/home"}]}}},"404":{"description":"Resource Not Found."}}}},"/v1/connectionmgmt/services/scp/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a SCP connection with the ID or name..\n","tags":["Connection Manager/SCP Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}}]}},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a SCP connection with the given ID or name.\n","tags":["Connection Manager/SCP Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a SCP connection with the given ID or name.\nThe parameters that are to be updated are specified in the request body.\n","tags":["Connection Manager/SCP Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a SCP connection.","properties":{"password":{"type":"string","description":"Password for SCP.\n"},"public_key":{"type":"string","description":"Public key of destination host machine. It will be used to verify the host's identity by verifying key fingerprint. You can find it in /etc/ssh/ at host machine.\n"}}},{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}}]}],"example":{"application/json":{"products":["backup/restore"],"description":"a description of the connection","host":"1.2.3.4","port":22,"username":"user","auth_method":"Password","password":"password","path_to":"/home/path/to/directory/"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}}]}},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/scp/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests an existing connection with the given name, ID, or URI able to transfer temporary file with SCP.\nThe connection parameters in the request can be used to reach the remote SCP machine.\nThis does not create a persistent connection.\n","tags":["Connection Manager/SCP Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/scp/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests that the connection parameters are able to transfer temporary file with SCP.\nThis does not create a persistent connection.\n","tags":["Connection Manager/SCP Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","required":["host","username","auth_method","path_to","public_key"],"allOf":[{"properties":{"host":{"type":"string","description":"Hostname or FQDN of SCP."},"port":{"type":"integer","description":"Port where SCP service runs on host (usually 22)."},"username":{"type":"string","description":"Username for accessing SCP."},"auth_method":{"type":"string","description":"Authentication type for SCP. Accepted values are \"key\" or \"password\""},"path_to":{"type":"string","description":"A path where the file to be copied via SCP. Example \"/home/ubuntu/datafolder/\""}}},{"type":"object","description":"Sensitive parameters specific to a SCP connection.","properties":{"password":{"type":"string","description":"Password for SCP.\n"},"public_key":{"type":"string","description":"Public key of destination host machine. It will be used to verify the host's identity by verifying key fingerprint. You can find it in /etc/ssh/ at host machine.\n"}}}]}],"example":{"application/json":{"host":"1.2.3.4","port":22,"username":"user","auth_method":"Password","password":"password","path_to":"/home/path/to/directory/","public_key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxnOBfBVU4L3fQBVWK71CdoHXmFNxkD0lFYDagM8etytGxRMQeOSeARUYQA+xC/8ig+LHimQ97L0XPSCvTr/XbXxOYBOdGHFqr1o6QwmSBABoPz0fvfCHaipAdwGlfS50aDbCWYZSd9UX6stOazCPdQ9wiiGD0+wYmagxBtrBlzrXiXKV3q+GNr6iIlejsv2aK"}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/oidc/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Creates a new OIDC connection.","description":"Create a new OIDC connection.","tags":["Connection Manager/OIDC Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OIDC connection.","required":["client_secret"],"properties":{"client_secret":{"type":"string","description":"Client Secret of the OIDC connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}}]}],"example":{"application/json":{"name":"OIDC Connection","description":"OIDC Connection","products":["cte"],"client_id":"js7sjn-4jas98-fo2rm13-94ne5t","url":"www.oidc-test-connection.com","client_secret":"huj4be2sdf97ahs5fd98h"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","description":"Checksum generated from OIDC credentials.","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}}],"properties":{"checksum":{"type":"string","description":"A SHA256 checksum value generated from clientSecret and URL. Will get updated if any of these two values change."}}}]}},"400":{"description":"Bad request."},"409":{"description":"Connection already exists."}}},"get":{"summary":"List","description":"Returns a list of OIDC connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/OIDC Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an OIDC connection.","required":["client_secret"],"properties":{"client_secret":{"type":"string","description":"Client Secret of the OIDC connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}}]}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"OIDC Connnection","id":"84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","uri":"kylo:kylo:connectionmgmt:connections:oci-84ce4d3b-ef93-4b0d-ac15-8249aeeff4e4","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-09-22T10:24:33.547212Z","updatedAt":"2021-09-22T10:24:33.546458Z","service":"OIDC","category":"IdP","description":"OIDC connection","products":["cte"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","client_id":"js7sjn-4jas98-fo2rm13-94ne5t","url":"www.oidc-test-connection.com","checksum":"0b932ee7067bde9c86792c794e8dafdff1fdd322704807af131e0f629fc40a4a"}]}}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/oidc/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\n","tags":["Connection Manager/OIDC Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","description":"Checksum generated from OIDC credentials.","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}}],"properties":{"checksum":{"type":"string","description":"A SHA256 checksum value generated from clientSecret and URL. Will get updated if any of these two values change."}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID, or URI.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/OIDC Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","description":"parameters specific to an OIDC connection.","properties":{"url":{"type":"string","description":"url for the connection."},"client_secret":{"type":"string","description":"client secret for the connection."}}}],"example":{"application/json":{"products":["cte"],"meta":{"in_use":true},"url":"www.update-url-oidc.com"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","description":"Checksum generated from OIDC credentials.","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an OIDC connection.","required":["client_id","url"],"properties":{"client_id":{"type":"string","description":"clientID for the connection."},"url":{"type":"string","description":"url for the connection."}}}],"properties":{"checksum":{"type":"string","description":"A SHA256 checksum value generated from clientSecret and URL. Will get updated if any of these two values change."}}}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."},"500":{"description":"Internal server error."}}}},"/v1/connectionmgmt/services/oidc/connections/{id}/delete":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Delete connection with optional parameters","description":"Deletes the specified OIDC connection.\nIn order to delete a connection in use, force flag must be set.\n","tags":["Connection Manager/OIDC Connections"],"parameters":[{"in":"body","name":"connection","schema":{"title":"Delete Connection Parameters","example":{"force":true},"description":"Parameters required for deleting an in-use connection.","type":"object","properties":{"force":{"type":"boolean","description":"If set to true, the in-use connection will be deleted forcefully."}}}}],"responses":{"204":{"description":"No Content | Successful deletion of the connection."},"404":{"description":"Resource not found."},"409":{"description":"Conflict with the current state of the resource"}}}},"/v1/connectionmgmt/services/ldap/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Creates a new LDAP connection.","description":"Create a new LDAP connection.","tags":["Connection Manager/LDAP Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an LDAP connection.","properties":{"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}}]}],"example":{"application/json":{"name":"LDAP Connection","description":"LDAP Connection","products":["cte"],"server_url":"ldap://172.27.0.6:389","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","base_dn":"dc=planetexpress,dc=com","search_filter":"(objectclass=User)","user_login_attribute":"uid","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_filter":"(objectclass=Group)","group_name_attribute":"groupFriendlyName","user_dn_attribute":"dn","group_id_attribute":"cn","group_member_field":"member"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}}]}]}},"400":{"description":"Bad request."},"409":{"description":"Connection already exists."}}},"get":{"summary":"List","description":"Returns a list of LDAP connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/LDAP Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"server_url","in":"query","type":"string","description":"Filter the result based on server URL."},{"name":"base_dn","in":"query","type":"string","description":"Filter the result based on base DN."},{"name":"user_login_attribute","in":"query","type":"string","description":"Filter the result based on user login attribute."},{"name":"group_base_dn","in":"query","type":"string","description":"Filter the result based on group base DN."},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}}]}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"LDAP Connection","id":"b6554c20-cb55-492e-9743-d68f6328ab96","uri":"kylo:kylo:connectionmgmt:connections:ldap-connection-b6554c20-cb55-492e-9743-d68f6328ab96","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2022-07-04T05:08:04.206434Z","updatedAt":"2022-07-04T05:08:04.202585Z","service":"LDAP","category":"IdP","description":"LDAP Connection","products":["cte"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","server_url":"ldap://172.27.0.6:389","bind_dn":"cn=admin,dc=planetexpress,dc=com","base_dn":"dc=planetexpress,dc=com","search_filter":"(objectclass=User)","user_login_attribute":"uid","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_filter":"(objectclass=Group)","group_name_attribute":"groupFriendlyName","user_dn_attribute":"dn","group_id_attribute":"cn","group_member_field":"member"}]}}},"400":{"description":"Bad request."}}}},"/v1/connectionmgmt/services/ldap/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a connection with the given name, ID, or URI.\n","tags":["Connection Manager/LDAP Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}}]}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."}}},"delete":{"summary":"Delete","description":"Deletes a LDAP connection with the given ID or name.\n","tags":["Connection Manager/LDAP Connections"],"responses":{"204":{"description":"No Content | Successful deletion of the connection."},"404":{"description":"Resource not found."},"409":{"description":"Conflict with the current state of the resource"}}},"patch":{"summary":"Update","description":"Updates a connection with the given name, ID, or URI.\nThe parameters to be updated are specified in the request body.\n","tags":["Connection Manager/LDAP Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"parameters specific to an LDAP connection.","properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"bind_password":{"type":"string","description":"Password for the Bind DN object."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}}]}],"example":{"server_url":"ldap://172.27.0.6:389","base_dn":"dc=example,dc=com","user_login_attribute":"uid","bind_dn":"cn=admin,dc=planetexpress,dc=com"}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"type":"object","allOf":[{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}}]}]}},"400":{"description":"Bad request."},"404":{"description":"Resource not found."}}}},"/v1/connectionmgmt/services/ldap/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Test existing connection","description":"Tests an existing connection with the given name, ID, or URI.\nThis does not create a persistent connection.\n","tags":["Connection Manager/LDAP Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"404":{"description":"Resource not found"}}}},"/v1/connectionmgmt/services/ldap/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests whether the connection parameters can reach to the LDAP service.\n","tags":["Connection Manager/LDAP Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"allOf":[{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to an LDAP connection.","properties":{"bind_password":{"type":"string","description":"Password for the Bind DN object of the LDAP connection."}}},{"type":"object","description":"Non-sensitive parameters specific to an LDAP connection.","required":["server_url","base_dn","user_login_attribute"],"properties":{"server_url":{"type":"string","description":"LDAP URL for your server. (e.g. ldap://172.16.2.2:3268)"},"insecure_skip_verify":{"type":"boolean","description":"Optional flag to disable verifying the server's certficate. It ignores both the operating system's CAs and `root_cas` if provided. Only applies if the `server_url` scheme is `ldaps`.\n\nDefault value is `false`.\n"},"root_cas":{"type":"array","items":{"type":"string"},"description":"Optional list of certificates that are used to determine if the server is trusted. Only applies if the `server_url` scheme is `ldaps`.\n\nIf not provided, then the server's certificate is verified using the operating system's CAs.\n\nAccepts [PEM encoded certificates](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). Here's an example showing an abbreviated (see `[...]`) list of root CAs.\n```\n\"root_cas\": [\n \"-----BEGIN CERTIFICATE-----\\nMIIEiTCCA3GgAwIBAgIQEtTWutN7HdEKAAAAAOthCDANBgkqhkiG9w0BAQsFADBG[...]rVtyMKdOXGZl1gR22A==\\n-----END CERTIFICATE-----\",\n \"-----BEGIN CERTIFICATE-----\\nMIIHCjCCBfKgAwIBAgIQDhZMtvVrLG4NDkY/70TmRDANBgkqhkiG9w0BAQsFADBw[...]lYgbVhEaSeWnKcSG/4OJDLgbJL1cQa5BQUjWiZo7\\n-----END CERTIFICATE-----\"\n]\n```\n"},"bind_dn":{"type":"string","description":"Object which has permission to search under the root DN for users."},"base_dn":{"type":"string","description":"Starting point to use when searching for users."},"search_filter":{"type":"string","description":"LDAP search filter which can further restrict the set of users who will be allowed to log in."},"user_login_attribute":{"type":"string","description":"Attribute inside the user object which contains the username used to login with."},"group_base_dn":{"type":"string","description":"Starting point to use when searching for groups. This value can be left empty to disable group support for this connection."},"group_filter":{"type":"string","description":"Search filter for listing groups. Searching with this filter should only return groups. This value can be left empty to disable group support for this connection."},"group_name_attribute":{"type":"string","description":"Attribute inside the group object which contains the friendly name of the group."},"user_dn_attribute":{"type":"string","description":"Attribute inside the user object which contains the user distingushed name. If user_dn_attribute is not provided, it will default to 'dn'.\n\nWhen this property is set it uses the specified attribute to test for user equality. This primarily affects LDAP group maps. For example:\n- If a user's LDAP entry has \"`cn: John Doe`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`cn`\", then the LDAP group entry must have a member attribute that is exactly \"`John Doe`\", not \"`cn=John Doe`\", in order for the user to be considered part of the group.\n- If a user's LDAP entry has \"`customDN: cn=John Doe,ou=Users`\" and the LDAP configuration has \"`user_dn_attribute`\" set to \"`customDN`\", then the LDAP group entry must have a member attribute that is exactly \"`cn=John Doe,ou=Users`\" in order for the user to be considered part of the group.\n"},"group_id_attribute":{"type":"string","description":"Attribute inside the group object which contains the group identifier (name). This value should be unique and can be left empty to disable group support for this connection. If group_id_attribute is not provided, it will default to 'group_name_attribute'."},"group_member_field":{"type":"string","description":"Attribute inside the group object which contains group membership information, basically which users are members of the group. This value can be left empty to disable group support for this connection."}}},{"type":"object","description":"Sensitive parameters specific to a LDAP test connection.","required":["credentials"],"properties":{"credentials":{"type":"object","description":"User Credentials for testing a LDAP connection.","required":["username","password"],"properties":{"username":{"type":"string","description":"Username to test the connection with."},"password":{"type":"string","description":"Password that authenticates the username."}}}}}]}],"example":{"application/json":{"server_url":"ldap://172.27.0.6:389","bind_dn":"cn=admin,dc=planetexpress,dc=com","bind_password":"GoodNewsEveryone","base_dn":"dc=planetexpress,dc=com","search_filter":"(objectclass=User)","user_login_attribute":"uid","group_base_dn":"ou=people, dc=planetexpress, dc=com","group_filter":"(objectclass=Group)","group_name_attribute":"groupFriendlyName","user_dn_attribute":"dn","group_id_attribute":"cn","group_member_field":"member","credentials":{"username":"fry","password":"fry"}}}}}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"type":"object","properties":{"connection_ok":{"type":"boolean","description":"true if the test was successful, otherwise false"},"connection_error":{"type":"string","description":"Error message if the connection test failed"}}}]}},"400":{"description":"Bad request."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/hadoop/connections":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create a new connection","description":"Create a new connection to Hadoop server.","tags":["Connection Manager/Hadoop Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection to create.","schema":{"allOf":[{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","required":["service","username","password","nodes"],"allOf":[{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"Sensitive parameters specific to a Hadoop connection.","properties":{"password":{"type":"string","description":"Password for Hadoop server (required for Knox)\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}}}}]}],"example":{"application/json":{"name":"knoxConnection","service":"hadoop-knox","products":["cte","data discovery"],"description":"a description of the connection","username":"user","password":"password","topology":"default","nodes":[{"hostname":"node1","port":1234,"protocol":"https","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"},{"hostname":"node2","port":1234,"protocol":"https","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"}]}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}}}}]}},"409":{"description":"Connection already exists"},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of Hadoop connections.\nThe results can be filtered using the query parameters.\n","tags":["Connection Manager/Hadoop Connections"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"service","in":"query","type":"string","description":"Filter the result based on the external services associated with the connections. (e.g. aws, azure, gcp, hadoop-knox, luna network).","enum":["aws","azure","gcp","luna network","hadoop-knox"]},{"name":"fields","in":"query","type":"string","description":"Filter the result based on fields associated with the connections and return the field attribute in the response.\nCurrently, only \"meta\" is supported.\n"},{"name":"id","in":"query","type":"string","description":"Filter the result based on connection's ID"},{"name":"name","in":"query","type":"string","description":"Filter the result based on connection name."},{"name":"products","in":"query","type":"string","description":"Filter the result based on the CipherTrust Manager products associated with the connections.\n Valid values are \"cckm\" for AWS, Azure, GCP, Luna connections, \"cte\", \"ddc\", \"data discovery\" for Hadoop connections\n and \"cte\" for SMB connections\n"},{"name":"meta_contains","in":"query","type":"string","format":"JSON","description":"A valid JSON value. Only resources whose 'meta' attribute contains the JSON value will be\nreturned. Examples of JSON containment:\n\n- Values contain themselves: `{\"color\":\"red\"}` contains `{\"color\":\"red\"}`\n\n- Values contain subsets: `{\"color\":\"red\", \"size\":\"big\"}` contains `{\"color\":\"red\"}` and `{\"size\":\"big\"}`, but not `{\"size\":\"small\"}`\n\n- Contained values can be nested: `{\"info\":{\"size\":\"big\",\"color\":\"red\"}}` contains `{\"info\":{\"color\":\"red\"}}`, but not `{\"color\":\"red\"}`\n\n- Array containment: `[\"east\",\"west\",\"north\"]` contains `[\"east\"]` and `[\"east\",\"north\"]`, but not `[\"south\"]` or `[\"east\",\"south\"]`\n"},{"name":"createdBefore","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"createdAfter","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_ok","in":"query","type":"string","description":"Filter the result based on last_connection_ok result.\n"},{"name":"last_connection_before","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or before the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"},{"name":"last_connection_after","in":"query","type":"string","format":"date-time","x-nullable":true,"description":"Filters results to those created at or after the specified timestamp. Timestamp should be in RFC3339Nano\nformat, e.g. 1985-04-12T23:20:50.52Z, or a relative timestamp where valid units are 'Y', 'M', 'D' representing\nyears, months, and days respectively. Negative values are permitted. e.g. \"-1Y-2M-5D\".\n"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"knoxConnection","id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc","uri":"kylo:kylo:connectionmgmt:connections:knoxConnection-ce4b1c0d-656d-4a3e-b280-2487fe360fbc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.680993Z","updatedAt":"2020-10-07T09:29:44.666036Z","service":"hadoop-knox","category":"system","topology":"default","description":"a description","products":["cte","data discovery"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","username":"user","nodes":[{"id":"210a67f1-b1ca-41ba-b316-9d71dacf54ee","uri":"kylo:kylo:connectionmgmt:hadoop-knox-node:knoxconnection-210a67f1-b1ca-41ba-b316-9d71dacf54ee","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.698405Z","updatedAt":"2020-10-07T09:29:44.692384Z","hostname":"node1","port":1234,"protocol":"https","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----","connection_id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc"},{"id":"8a75d2e1-4de5-4051-91ae-12ca3b73b574","uri":"kylo:kylo:connectionmgmt:hadoop-knox-node:knoxconnection-8a75d2e1-4de5-4051-91ae-12ca3b73b574","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.705429Z","updatedAt":"2020-10-07T09:29:44.700694Z","hostname":"node2","port":1234,"protocol":"https","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----","connection_id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc"}]}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/hadoop/connections/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a Hadoop connection with the ID.\n","tags":["Connection Manager/Hadoop Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a Hadoop connection with the given ID.\n","tags":["Connection Manager/Hadoop Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a Hadoop connection with the given ID.\nThe parameters that are to be updated are specified in the request body.\n","tags":["Connection Manager/Hadoop Connections"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"object","allOf":[{"type":"object","description":"Sensitive parameters specific to a Hadoop connection.","properties":{"password":{"type":"string","description":"Password for Hadoop server (required for Knox)\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}}]}],"example":{"application/json":{"products":["cte"],"meta":{"color":"blue"},"password":"new-password","username":"new-user"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/hadoop/connections/{id}/test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Post","description":"Checks connectivity to an already existing Hadoop connection\n","tags":["Connection Manager/Hadoop Connections"],"responses":{"200":{"description":"OK"},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/hadoop/connections/{id}/nodes":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"post":{"summary":"Add a new Hadoop Node","description":"Add a new node to an existing Hadoop connection","tags":["Connection Manager/Hadoop Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"node","description":"The node to be added.","schema":{"allOf":[{"required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}],"example":{"application/json":{"hostname":"node1","port":1234,"protocol":"https","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of nodes of a Hadoop connection.\n","tags":["Connection Manager/Hadoop Connections"],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}}]}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"name":"knoxConnection","id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc","uri":"kylo:kylo:connectionmgmt:connections:knoxconnection-ce4b1c0d-656d-4a3e-b280-2487fe360fbc","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.680993Z","updatedAt":"2020-10-07T09:29:44.666036Z","service":"hadoop-knox","category":"system","topology":"default","description":"a description","products":["cte"],"last_connection_ok":null,"last_connection_at":"0001-01-01T00:00:00Z","username":"user","nodes":[{"id":"210a67f1-b1ca-41ba-b316-9d71dacf54ee","uri":"kylo:kylo:connectionmgmt:hadoop-knox-node:knoxconnection-210a67f1-b1ca-41ba-b316-9d71dacf54ee","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.698405Z","updatedAt":"2020-10-07T09:29:44.692384Z","hostname":"node1","port":1234,"protocol":"https","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----","connection_id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc"},{"id":"8a75d2e1-4de5-4051-91ae-12ca3b73b574","uri":"kylo:kylo:connectionmgmt:hadoop-knox-node:knoxconnection-8a75d2e1-4de5-4051-91ae-12ca3b73b574","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2020-10-07T09:29:44.705429Z","updatedAt":"2020-10-07T09:29:44.700694Z","hostname":"node2","port":1234,"protocol":"https","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----","connection_id":"ce4b1c0d-656d-4a3e-b280-2487fe360fbc"}]}]}}},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/hadoop/connections/{id}/nodes/{node_id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"},{"name":"node_id","in":"path","description":"The connection's name, ID, or URI. If the type flag\nis not specified, it will be inferred from the format\nof the identifier, according to the following rules:\n - UUID string: id\n - 64 bit hex string: id\n - string containing 5 colons: uri\n - all others: name\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a node in the hadoop connection with the given connection ID and node ID / hostname.\n","tags":["Connection Manager/Hadoop Connections"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"type":"object","description":"Unique connection name.","required":["name"],"properties":{"name":{"type":"string","description":"Unique connection name."}}},{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"type":"object","description":"category of the service (e.g. cloud, hsm)","properties":{"service":{"type":"string","description":"category of the service\nExamples: cloud.\n"}}},{"type":"object","description":"This is the full path to the URL associated with the connection.","properties":{"url":{"type":"string","description":"This is the full path to the URL associated with the connection."}}},{"type":"object","description":"Parameters specific to all types of connections.","properties":{"products":{"type":"array","description":"Array of the CipherTrust products associated with the connection.\nValid values are:\n - \"cckm\" for:\n - AWS\n - Azure\n - GCP\n - Luna connections\n - DSM\n - Salesforce\n - SAP Data Custodian\n - \"cte\", \"ddc\", \"data discovery\" for Hadoop connections.\n - \"cte\" for SMB, OIDC and LDAP connections.\n - \"backup/restore\" for SCP connections.\n - \"logger\" for:\n - loki connections\n - elasticsearch connections\n - syslog connections\n - \"hsm_anchored_domain\" for:\n - Luna connections\n","items":{"type":"string"}},"meta":{"type":"object","description":"Optional end-user or service data stored with the connection."},"description":{"type":"string","description":"Description about the connection."}}},{"type":"boolean","readOnly":true,"description":"true if the last connection test succeeded, false if it failed and null if it has never been tested"},{"type":"string","readOnly":true,"description":"If the last connection test was unsuccessful this is the error received"},{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the last connection test was performed"}]},{"required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a node of hadoop connection with the given connection ID and node ID / hostname.\n","tags":["Connection Manager/Hadoop Connections"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Update","description":"Updates a node of a hadoop connection with the given connection ID and node ID / hostname.\nThe parameters that are to be updated are specified in the request body.\n","tags":["Connection Manager/Hadoop Connections"],"parameters":[{"in":"body","name":"node","description":"The node to update.","schema":{"type":"object","allOf":[{"required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}],"example":{"application/json":{"hostname":"updated node","port":5678,"protocol":"https"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/connectionmgmt/services/hadoop/connection-test":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Test connection parameters","description":"Tests that the connection parameters can be used to reach the Hadoop server of the provided type.\nThis does not create a persistent connection.\n","tags":["Connection Manager/Hadoop Connections"],"consumes":["application/json"],"parameters":[{"in":"body","name":"connection","description":"The connection parameters to test.","schema":{"required":["service","username","password","nodes"],"allOf":[{"type":"object","description":"name of third-party service (e.g. aws, azure, gcp, hadoop-knox, luna network)","properties":{"service":{"type":"string","description":"Name of the third-party service associated with the resource.\nExamples: aws, azure, gcp, luna network, hadoop-knox.\n"}}},{"properties":{"username":{"type":"string","description":"Username for accessing Hadoop server (required for Knox)."},"topology":{"type":"string","description":"Topology deployment of the Knox gateway."}}},{"properties":{"nodes":{"type":"array","items":{"type":"object","required":["hostname","port","protocol"],"properties":{"hostname":{"type":"string","description":"hostname for Hadoop Server"},"port":{"type":"integer","description":"port for Hadoop Server. Possible values 1-65535."},"server_certificate":{"type":"string","description":"SSL certificate for Hadoop Server TLS communication"},"path":{"type":"string","description":"path for Hadoop Server"},"protocol":{"type":"string","description":"http or https protocol to be used for communication with the Hadoop node (https required for hadoop-knox)"}}}}}},{"type":"object","description":"Sensitive parameters specific to a Hadoop connection.","properties":{"password":{"type":"string","description":"Password for Hadoop server (required for Knox)\n"}}}],"example":{"application/json":{"service":"hadoop-knox","username":"knox-user","password":"password","nodes":[{"hostname":"node1","port":1234,"protocol":"https","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"},{"hostname":"node2","port":1234,"protocol":"https","server_certificate":"-----BEGIN CERTIFICATE-----\nMIIG1TCCBb2gAwIBAgIQBVfICygmg6F7ChFEkylreTANBgkqhkiG9w0BAQsFADBw\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\ndXJhbmNlIFNlcnZlciBDQTAeFw0yMDA1MDUwMDAwMDBaFw0yMjA1MTAxMjAwMDBa\nMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdp\ndGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7MrTQ2J6a\nnox5KUwrqO9cQ9STO5R4/zBUxxvI5S8bmc0QjWfIVAwHWuT0Bn/H1oS0LM0tTkQm\nARrqN77v9McVB8MWTGsmGQnS/1kQRFuKiYGUHf7iX5pfijbYsOkfb4AiVKysKUNV\nUtgVvpJoe5RWURjQp9XDWkeo2DzGHXLcBDadrM8VLC6H1/D9SXdVruxKqduLKR41\nZ/6dlSDdeY1gCnhz3Ch1pYbfMfsTCTamw+AtRtwlK3b2rfTHffhowjuzM15UKt+b\nrr/cEBlAjQTva8rutYU9K9ONgl+pG2u7Bv516DwmNy8xz9wOjTeOpeh0M9N/ewq8\ncgbR87LFaxi1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVk\nYqISuFlyOzAdBgNVHQ4EFgQUYwLSXQJf943VWhKedhE2loYsikgwJQYDVR0RBB4w\nHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5o\ndHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYuY3JsMDSg\nMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzYu\nY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBz\nOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3\nMHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEF\nBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhp\nZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADCCAXwGCisGAQQB\n1nkCBAIEggFsBIIBaAFmAHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVd\nx4QAAAFx5ltprwAABAMARjBEAiAuWGCWxN/M0Ms3KOsqFjDMHT8Aq0SlHfQ68KDg\nrVU6AAIgDA+2EB0D5W5r0i4Nhljx6ABlIByzrEdfcxiOD/o6//EAdQAiRUUHWVUk\nVpY/oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXHmW2nTAAAEAwBGMEQCIBp+XQKa\nUDiPHwjBxdv5qvgyALKaysKqMF60gqem8iPRAiAk9Dp5+VBUXfSHqyW+tVShUigh\nndopccf8Gs21KJ4jXgB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXl\nAAABceZbahsAAAQDAEcwRQIgd/5HcxT4wfNV8zavwxjYkw2TYBAuRCcqp1SjWKFn\n4EoCIQDHSTHxnbpxWFbP6v5Y6nGFZCDjaHgd9HrzUv2J/DaacDANBgkqhkiG9w0B\nAQsFAAOCAQEAhjKPnBW4r+jR3gg6RA5xICTW/A5YMcyqtK0c1QzFr8S7/l+skGpC\nyCHrJfFrLDeyKqgabvLRT6YvvM862MGfMMDsk+sKWtzLbDIcYG7sbviGpU+gtG1q\nB0ohWNApfWWKyNpquqvwdSEzAEBvhcUT5idzbK7q45bQU9vBIWgQz+PYULAU7KmY\nz7jOYV09o22TNMQT+hFmo92+EBlwSeIETYEsHy5ZxixTRTvu9hP00CyEbiht5OTK\n5EiJG6vsIh/uEtRsdenMCxV06W2f20Af4iSFo0uk6c1ryHefh08FcwA4pSNUaPyi\nPb8YGQ6o/blejFzo/OSiUnDueafSJ0p6SQ==\n-----END CERTIFICATE-----"}]}}}}],"responses":{"200":{"description":"OK"},"422":{"description":"Validation error."}}}},"/v1/migration-split-keys":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Create","description":"Create a new migration split key.","tags":["Migration Split Keys"],"consumes":["application/json"],"parameters":[{"in":"body","name":"split-key","description":"The migration split key to create.","schema":{"allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}}],"example":{"application/json":{"name":"msk1","threshold":2,"digest":"a23-bd9"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}},{"type":"object","description":"Array of split key share parameters present in the API response.","properties":{"shares":{"type":"array","description":"Array of split key share parameters present in the API response.","items":{"type":"object","allOf":[{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}}]}}}}]}]}},"422":{"description":"Validation error."}}},"get":{"summary":"List","description":"Returns a list of all migration split keys. The results can be filtered using the query parameters.","tags":["Migration Split Keys"],"consumes":["application/json"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"name","in":"query","type":"string","description":"Filter the result based on split key name. Supports * and ? wildcards."},{"name":"digest","in":"query","type":"string","description":"Filter the result based on split key digest."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"type":"object","allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}}]}]}}}}]}},"422":{"description":"Validation error."}}}},"/v1/migration-split-keys/{name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The split key's name.\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns the details of a migration split key given its name.\n","tags":["Migration Split Keys"],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}},{"type":"object","description":"Array of split key share parameters present in the API response.","properties":{"shares":{"type":"array","description":"Array of split key share parameters present in the API response.","items":{"type":"object","allOf":[{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}}]}}}}]}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}},"delete":{"summary":"Delete","description":"Deletes a migration split key given its name.\n","tags":["Migration Split Keys"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}}},"/v1/migration-split-keys/{name}/shares":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The split key's name.\n","required":true,"type":"string"}],"post":{"summary":"Add a share","description":"Add a new share to an existing migration split key.","tags":["Migration Split Keys"],"consumes":["application/json"],"parameters":[{"in":"body","name":"split-key","description":"The migration split key to create.","schema":{"allOf":[{"type":"object","description":"A share asociated with the split key.","required":["material"],"properties":{"name":{"type":"string","description":"Unique name of share."},"material":{"type":"string","description":"Share's key material."}}}],"example":{"application/json":{"name":"share1","material":"0000000045D9BF65ABDFB39CAF8D0736F23C32CA589952486DCA42D860F1730CB197AF0436A2C5F5"}}}}],"responses":{"201":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}},{"type":"object","description":"Array of split key share parameters present in the API response.","properties":{"shares":{"type":"array","description":"Array of split key share parameters present in the API response.","items":{"type":"object","allOf":[{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}}]}}}}]}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/migration-split-keys/{name}/shares/{share_name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"name","in":"path","description":"The split key's name.\n","required":true,"type":"string"},{"name":"share_name","in":"path","description":"The split key share's name.\n","required":true,"type":"string"}],"delete":{"summary":"Delete a share","description":"Deletes a migration split key share.\n","tags":["Migration Split Keys"],"responses":{"204":{"description":"No Content | Connection is deleted successfully."},"404":{"description":"Resource not found."}}},"patch":{"summary":"Modify a share","description":"Modifies a migration split key share.","tags":["Migration Split Keys"],"parameters":[{"in":"body","name":"connection","description":"The connection to update.","schema":{"type":"object","allOf":[{"type":"object","description":"A key material asociated with the split key share.","required":["material"],"properties":{"material":{"type":"string","description":"Share's key material."}}}],"example":{"application/json":{"material":"0000000045D9BF65ABDFB39CAF8D0736F23C32CA589952486DCA42D860F1730CB197AF0436A2C5F5"}}}}],"responses":{"200":{"description":"OK","schema":{"allOf":[{"type":"object","allOf":[{"type":"object","description":"Unique name of a Migration Split Key.","required":["name"],"properties":{"name":{"type":"string","description":"Unique name of a Migration Split Key."}}},{"type":"object","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10).","required":["threshold"],"properties":{"threshold":{"type":"integer","description":"The minimum number of split key shares needed to reconstruct the split key (> 1, <= 10)."}}},{"type":"object","description":"A digest associated with the migration split key.","required":["digest"],"properties":{"digest":{"type":"string","description":"A digest associated with the migration split key.\nThe digest is calculated on the DSM, and should be passed in while creating the split key.\nWhen the key is reassembled, the CM checks if the key matched.\n"}}},{"type":"object","description":"A boolean that can be used to determine whether the key is usable.","required":["usable"],"properties":{"usable":{"type":"boolean","description":"A boolean that can be used to determine whether the key is usable.\nIt is set to false when the split key is created.\nIt is set to true after enough shares have been added, and the digest of the reconstructed key matches.\n"}}},{"type":"object","description":"Array of split key share parameters present in the API response.","properties":{"shares":{"type":"array","description":"Array of split key share parameters present in the API response.","items":{"type":"object","allOf":[{"type":"object","description":"The split key share parameters present in the API response.","properties":{"name":{"type":"string","description":"Split key share unique name."}}}]}}}}]}]}},"404":{"description":"Resource not found."},"422":{"description":"Validation error."}}}},"/v1/quorum-mgmt/quorums":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all quorums. Supports standard paging\nquery params. Supports filtering on resource_uri, operation, state, requester_id.\nSupports sorting on uri, resource_uri, operation, state or createdAt.\n","tags":["Quorum"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"resource_uri","in":"query","description":"Filter results by resources uri of quorums. Wildcards are supported.","required":false,"type":"string"},{"name":"operation","in":"query","description":"Filter results by operation of quorums. Wildcards are supported.","required":false,"type":"string"},{"name":"state","in":"query","description":"Filter results by state of quorums. Wildcards are supported.","required":false,"type":"string"},{"name":"requester_id","in":"query","description":"Filter results by requester's user ID. Wildcards are supported.","required":false,"type":"string"},{"name":"votable","in":"query","description":"Filter results by ability of user to cast a vote.","required":false,"type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","allOf":[{"description":"Quorum model represents a quorum.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"requester_id":{"type":"string","description":"The user ID of the requester of the quorum."},"operation_fingerprint":{"type":"string","readOnly":true,"description":"Fingerprint of the operation."},"resource_uri":{"type":"string","format":"uri","description":"URI of the resource on which the operation is being performed."},"state":{"type":"string","description":"State of the quorum [pre-active, active, denied, expired, executed]."},"description":{"type":"string","description":"Description of the quorum."},"votes":{"type":"array","description":"Votes of the quorum.","items":[{"description":"Quorum votes tracks the votes of a quorum.\n","type":"object","allOf":[{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the vote was cast."},"approver_id":{"type":"string","description":"The identity of the user who voted."},"note":{"type":"string","description":"Any description of vote."},"vote":{"type":"string","description":"Vote can be either deny or approve."}}}]}]}}}]}]}}}}]}}}}},"/v1/quorum-mgmt/quorums/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Fetch a quorum.","tags":["Quorum"],"responses":{"200":{"description":"OK"},"404":{"description":"Quorum not found."}}},"delete":{"summary":"Delete a quorum.","tags":["Quorum"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"responses":{"204":{"description":"No Content | Successful deletion of quorum."},"404":{"description":"Quorum not found."}}}},"/v1/quorum-mgmt/quorums/{id}/activate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Activate a quorum.","tags":["Quorum"],"parameters":[{"name":"body","in":"body","required":false,"schema":{"type":"object","properties":{"reason":{"type":"string","description":"Reason for performing the operation."}}}}],"responses":{"200":{"description":"Successfully activated the Quorum."},"404":{"description":"Quorum not found."}}}},"/v1/quorum-mgmt/quorums/{id}/approve":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Approve a quorum.","tags":["Quorum"],"parameters":[{"name":"body","in":"body","required":false,"schema":{"type":"object","properties":{"note":{"type":"string","description":"Additional information for vote."}}}}],"responses":{"200":{"description":"Vote has been added."},"404":{"description":"Quorum not found."}}}},"/v1/quorum-mgmt/quorums/{id}/deny":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Deny a quorum.","tags":["Quorum"],"parameters":[{"name":"body","in":"body","required":false,"schema":{"type":"object","properties":{"note":{"type":"string","description":"Additional information for vote."}}}}],"responses":{"200":{"description":"Vote has been added."},"404":{"description":"Quorum not found."}}}},"/v1/quorum-mgmt/quorums/{id}/revoke":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"post":{"summary":"Revoke the vote cast for the quorum.","tags":["Quorum"],"responses":{"200":{"description":"Vote has been revoked."},"404":{"description":"Quorum not found."}}}},"/v1/quorum-mgmt/quorums/{id}/resources":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"List resources of the quorum.","description":"List Resource URIs of resources on which Quorum has been raised. Supports standard paging options like skip and limit.\n","tags":["Quorum"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK"}}}},"/v1/quorum-mgmt/policy/activate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Activate","description":"Activates the Quorum policy for specified actions.\n","tags":["Quorum"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Activate Quorum Policy","required":["actions"],"properties":{"actions":{"description":"Allowed actions for quorum. Multiple actions cannot be activated simultaneously. You must activate only one action at a time.\n","enum":["DeleteKey","AddUserToGroup","ManagePolicyAttachment","DeletePolicy","DeleteDomain","DownloadBackupkeyDomain","RestoreBackupDomain","DownloadBackupkey (Only Root Domain)","RestoreBackup (Only Root Domain)","DeleteEKMEndpoint (for deleting EKM Endpoints)","DeleteClientCTE (for deleting CTE Client)","DeleteClientGroupCTE (for deleting CTE Client-Group)","DeleteGuardPointCTE (for deleting CTE Guard-Point)","UpdatePolicyCTE (for updating CTE Policies Operations including (key, LDT, IDT, DataTx and Security Rules))","UpdateClientGroupCTE (for updating CTE Client-Group)","DeleteGoogleWorkspaceCSEEndpoint (for deleting Google Worspace CSE endpoint)"],"type":"array","items":{"type":"string"}}},"example":{"actions":["DeleteKey"]}}}],"responses":{"201":{"description":"Successful policy creation.","schema":{"description":"Policies are access control rules. They declare a set of\nactions, applied to a set of resources, under an optional set of\nconditions, which are either allowed or not allowed.\n\nPolicies, like other resources, share common properties like `id`,\n`uri`, `name`, etc.\n\n`actions` is a list of permissions.\n\nTBD: link to\ncanonical dictionary of permissions. Operations will require some\nset of the these permissions\n\n`resources` is a list of URI patterns.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"name":{"type":"string","readOnly":true,"description":"The name of the resource"}}},{"type":"object","properties":{"actions":{"type":"array","items":{"type":"string","format":"action name or \"*\""}},"resources":{"type":"array","items":{"type":"string","format":"uri mask"}},"allow":{"type":"boolean"},"effect":{"type":"integer","description":"The effect describes the effect of the policy. There are 4 possible values.\nWith effect, the allow flag gets deprecated. Please use one of the two and\nuse allow only if it is needed, instead use effect.\n","enum":["allow","deny","obligate_on_allow","obligate_on_deny"]},"conditions":{"type":"array","items":{"type":"object","properties":{"path":{"type":"string","format":"A JSON path, with template variables.","description":"A JSON path which resolves to a value in the operation\n"},"op":{"type":"string","format":"equals|==|equalsignorescase|matches|regex|=~|empty|contains|@>\n","description":"The comparison operator used to compare the operation value\nto the conditions values.\n"},"values":{"description":"The value or values to compare with the operation value.\nCan be either a single value, or an array. If an\narray, each of the items in the array is compared to\nthe operation value, and if any match, the condition is\nmet. In other words, the items are logically OR'd.\n"}}}},"includeDescendantAccounts":{"type":"boolean","description":"When this is false, only the resources in the principal's account can be accessed if the policy allows it.\nWhen this is true, the resources the principal's account as well as all child accounts associated with the\nprincipal's account, can be accessed if the policy allows it.\nFor example, sub-domains will be included while listing domains when this parameter is true.\n"}}}]},"examples":{"application/json":{"Policy":{"id":"7a332843-e503-4c43-a23f-32ee12de9b98","uri":"kylo:kylo:admin:policies:deletekey-requires-quorum-7a332843-e503-4c43-a23f-32ee12de9b98","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2021-12-16T21:43:44.236869Z","name":"DeleteKey requires quorum","deletedAt":null,"updatedAt":"2021-12-16T21:43:44.236869Z","actions":["DeleteKey"],"resources":null,"allow":false,"effect":"obligate_on_allow","obligations":[{"type":"quorum","attributes":{"fingerprint":["{{action}}","{{resource}}","{{context.resource.updatedAt}}"],"quorum_profile":"DeleteKey requires quorum"}}]},"required_approvals":3}}},"400":{"description":"Quorum Policy is already active."}}}},"/v1/quorum-mgmt/policy/deactivate":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"post":{"summary":"Deactivate","description":"Deactivates the Quorum policy for specified actions.\n","tags":["Quorum"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Deactivate Quorum Policy","required":["actions"],"properties":{"actions":{"description":"Allowed actions for quorum. Deactivating multiple actions together is not supported, deactivate each action individually.\n","enum":["DeleteKey","AddUserToGroup","ManagePolicyAttachment","DeletePolicy","DeleteDomain","DownloadBackupkeyDomain","RestoreBackupDomain","DownloadBackupkey (Only Root Domain)","RestoreBackup (Only Root Domain)","DeleteEKMEndpoint (for deleting EKM Endpoints)","DeleteClientCTE (for deleting CTE Client)","DeleteClientGroupCTE (for deleting CTE Client-Group)","DeleteGuardPointCTE (for deleting CTE Guard-Point)","UpdatePolicyCTE (for updating CTE Policies Operations including (key, LDT, IDT, DataTx and Security Rules))","UpdateClientGroupCTE (for updating CTE Client-Group)","DeleteGoogleWorkspaceCSEEndpoint (for deleting Google Worspace CSE endpoint)"],"type":"array","items":{"type":"string"}}}}}],"responses":{"204":{"description":"Quorum has been deactivated."},"404":{"description":"Quorum Policy is not active."}}}},"/v1/quorum-mgmt/policy/status":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Status","description":"Fetch status of the all Quorum policies (whether active/deactive).\n","tags":["Quorum"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"operation","type":"string","description":"The fields to sort results by. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n -operation\n\n...will sort the results descending by field `operation`.\n"},{"name":"operations","in":"query","description":"Filter results by operation name. Multiple operations can be given separated by a comma. Wildcards are supported.","required":false,"type":"string"}],"responses":{"200":{"description":"Returns the list of all quorum policies.","schema":{"description":"Fetch status of the all Quorum policies.\n","type":"array","items":{"description":"Represents status of a quorum policy\n","type":"object","properties":{"operation":{"type":"string","description":"Operation for the policy."},"active":{"type":"boolean","description":"Status of the policy."},"profile":{"type":"boolean","description":"Quorum profile used by this policy."}}}}}}}},"/v1/quorum-mgmt/profiles":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Return quorum profiles.","description":"Fetch Quorum profiles.\n","tags":["Quorum"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"sort","in":"query","default":"updatedAt","type":"string","description":"The fields to sort results by. This should be a comma-delimited list of properties.\nMultiple properties will result in a multi-column sort. Sort order is ascending by default.\nTo have a descending sort for a field, precede the field name with a minus sign (\"-\").\nFor example:\n\n name,-createdAt\n\n...will sort the results first by `name`, ascending, then by `createdAt`, descending.\n"},{"name":"names","in":"query","description":"Filter results by name. Multiple profile names can be given separated by a comma. Wildcards are supported.","required":false,"type":"string"}],"responses":{"200":{"description":"Returns the list of quorum profiles.","schema":{"description":"Returns the list of quorum profiles.\n","type":"array","items":{"description":"Represents a quorum profile.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"Name":{"type":"string","description":"Name of the profile."},"voter-groups":{"type":"array","description":"Voters allowed to vote for this profile.","items":{"type":"string"}},"ExpirationPeriod":{"type":"string","format":"date-time","description":"Expiration of Quorum after it is activated (in minutes)."},"RequiredApprovals":{"type":"integer","description":"Required number of approvals for a quorum."},"Description":{"type":"string","description":"Description of the profile."}}}]}}}}}},"/v1/quorum-mgmt/profiles/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true}],"get":{"summary":"Return the quorum profile.","description":"Fetch the Quorum profile associated with the identifier.\n","tags":["Quorum"],"responses":{"200":{"description":"Fetch the Quorum profile associated with the identifier.","schema":{"description":"Fetch the Quorum profile associated with the identifier.\n","type":"array","items":{"description":"Represents a quorum profile.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"Name":{"type":"string","description":"Name of the profile."},"voter-groups":{"type":"array","description":"Voters allowed to vote for this profile.","items":{"type":"string"}},"ExpirationPeriod":{"type":"string","format":"date-time","description":"Expiration of Quorum after it is activated (in minutes)."},"RequiredApprovals":{"type":"integer","description":"Required number of approvals for a quorum."},"Description":{"type":"string","description":"Description of the profile."}}}]}},"examples":{"application/json":{"id":"c3a1c2d0-eedf-4815-82ed-8d3eb6e99dc3","uri":"kylo:kylo:sallyport:quorum-profile:downloadbackupkey-requires-quorum-c3a1c2d0-eedf-4815-82ed-8d3eb6e99dc3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-12T16:00:19.58837Z","updatedAt":"2021-07-12T16:00:19.586649Z","name":"DownloadBackupkey requires quorum","required_approvals":3,"voter_groups":["Backup Admins"],"expiration_period":10080}}}}},"patch":{"summary":"Update the quorum profile associated with the identifier.","description":"Updates the quorum profile associated with the identifier.\n","tags":["Quorum"],"parameters":[{"name":"body","in":"body","required":true,"schema":{"type":"object","title":"Update Quorum Profile","properties":{"required_approvals":{"type":"integer","description":"The number of approvals required to move the Quorum to the Approved state.\n"},"voter_groups":{"type":"array","description":"List of groups allowed to vote for this profile.","items":{"type":"string"}}},"example":{"required_approvals":2,"voter_groups":["Key Users","Key Admins"]}}}],"responses":{"200":{"description":"Returns the updated quorum profile.","schema":{"description":"Returns the updated quorum profile.\n","type":"array","items":{"description":"Represents a quorum profile.\n","type":"object","allOf":[{"properties":{"id":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the resource"},"instanceID":{"type":"string","format":"UUIDv4","readOnly":true,"description":"The unique identifier of the ProtectV client instance resource"},"uri":{"type":"string","format":"URI","readOnly":true,"description":"A human readable unique identifier of the resource"},"account":{"type":"string","format":"URI","readOnly":true,"description":"The account which owns this resource."},"application":{"type":"string","format":"URI","readOnly":true,"description":"The application this resource belongs to."},"devAccount":{"type":"string","format":"URI","readOnly":true,"description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was created"}}},{"properties":{"updatedAt":{"type":"string","format":"date-time","readOnly":true,"description":"Date/time the application was updated"}}},{"type":"object","properties":{"Name":{"type":"string","description":"Name of the profile."},"voter-groups":{"type":"array","description":"Voters allowed to vote for this profile.","items":{"type":"string"}},"ExpirationPeriod":{"type":"string","format":"date-time","description":"Expiration of Quorum after it is activated (in minutes)."},"RequiredApprovals":{"type":"integer","description":"Required number of approvals for a quorum."},"Description":{"type":"string","description":"Description of the profile."}}}]}},"examples":{"application/json":{"id":"c3a1c2d0-eedf-4815-82ed-8d3eb6e99dc3","uri":"kylo:kylo:sallyport:quorum-profile:downloadbackupkey-requires-quorum-c3a1c2d0-eedf-4815-82ed-8d3eb6e99dc3","account":"kylo:kylo:admin:accounts:kylo","createdAt":"2021-07-12T16:00:19.58837Z","updatedAt":"2021-07-12T16:00:19.586649Z","name":"DownloadBackupkey requires quorum","required_approvals":3,"voter_groups":["Backup Admins"],"expiration_period":10080}}}}}},"/v1/usermgmt/pwdpolicies/":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List password policies","description":"Returns a list of passphrase policies resources. Query parameters can be\nused to filter the results. Results are returned in pages.\nEach page of results includes the total results found, and\ninformation for requesting the next page of results, using\nthe `skip` and `limit` query parameters.\n","tags":["Users"],"parameters":[{"name":"policy_name","in":"query","description":"Filter by policy name.\n","required":false,"type":"string"},{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10}],"responses":{"200":{"description":"OK","examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":[{"policy_name":"custom_policy","inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":0,"inclusive_min_total_length":8,"inclusive_max_total_length":30,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30,"password_change_min_days":1}]}}}}},"post":{"summary":"Create a password policy","description":"Create a password policy. Can only be used by a member of the admin or user admin group. Currently, be default 'global' policy is applied to all users. To apply the policy, you need to assign it to a user.","tags":["Users"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Create a Password Policy","required":["policy_name"],"properties":{"policy_name":{"type":"string","description":"Name of the Policy"},"inclusive_min_upper_case":{"type":"integer","description":"The minimum number of upper cases"},"inclusive_min_lower_case":{"type":"integer","description":"The minimum number of lower cases"},"inclusive_min_digits":{"type":"integer","description":"The minimum number of digits"},"inclusive_min_other":{"type":"integer","description":"The minimum number of other characters"},"inclusive_min_total_length":{"type":"integer","description":"The minimum length of the password. Value 0 is ignored."},"inclusive_max_total_length":{"type":"integer","description":"The maximum length of the password. Value 0 is ignored."},"password_history_threshold":{"type":"integer","description":"Determines the number of past passwords a user cannot reuse. Even with value 0, the user will not be able to change their password to the same password."},"password_lifetime":{"type":"integer","description":"The maximum lifetime of the password in days. Value 0 is ignored."},"password_change_min_days":{"type":"integer","description":"The minimum period in days between password changes. Value 0 is ignored."},"failed_logins_lockout_thresholds":{"type":"array","items":{"type":"integer"},"description":"List of lockout durations in minutes for failed login attempts.\nFor example, with input of [0, 5, 30], the first failed login attempt with duration of zero will not lockout the user account,\nthe second failed login attempt will lockout the account for 5 minutes,\nthe third and subsequent failed login attempts will lockout for 30 minutes.\nSet an empty array '[]' to disable the user account lockout.\n"}},"example":{"policy_name":"custom_policy","inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":0,"inclusive_min_total_length":8,"inclusive_max_total_length":30,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30,"password_change_min_days":1}}}],"responses":{"201":{"description":"Successful resource create.","examples":{"application/json":{"inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":1,"inclusive_min_total_length":5,"inclusive_max_total_length":10,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30}}}}}},"/v1/usermgmt/pwdpolicies/{policy_name}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"},{"name":"policy_name","in":"path","required":true,"description":"the name of the policy","type":"string"}],"patch":{"summary":"Change password policy","description":"Change the specified password policy. Can only be used to by a member of the admin or user admin group.","tags":["Users"],"parameters":[{"name":"body","in":"body","schema":{"type":"object","title":"Change Password Policy","properties":{"inclusive_min_upper_case":{"type":"integer","description":"The minimum number of upper cases"},"inclusive_min_lower_case":{"type":"integer","description":"The minimum number of lower cases"},"inclusive_min_digits":{"type":"integer","description":"The minimum number of digits"},"inclusive_min_other":{"type":"integer","description":"The minimum number of other characters"},"inclusive_min_total_length":{"type":"integer","description":"The minimum length of the password. Value 0 is ignored."},"inclusive_max_total_length":{"type":"integer","description":"The maximum length of the password. Value 0 is ignored."},"password_history_threshold":{"type":"integer","description":"Determines the number of past passwords a user cannot reuse. Even with value 0, the user will not be able to change their password to the same password."},"password_lifetime":{"type":"integer","description":"The maximum lifetime of the password in days. Value 0 is ignored."},"password_change_min_days":{"type":"integer","description":"The minimum period in days between password changes. Value 0 is ignored."},"failed_logins_lockout_thresholds":{"type":"array","items":{"type":"integer"},"description":"List of lockout durations in minutes for failed login attempts.\nFor example, with input of [0, 5, 30], the first failed login attempt with duration of zero will not lockout the user account,\nthe second failed login attempt will lockout the account for 5 minutes,\nthe third and subsequent failed login attempts will lockout for 30 minutes.\nSet an empty array '[]' to disable the user account lockout.\n"}},"example":{"inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":0,"inclusive_min_total_length":8,"inclusive_max_total_length":30,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30,"password_change_min_days":1}}}],"responses":{"200":{"description":"Successful resource update.","examples":{"application/json":{"inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":1,"inclusive_min_total_length":5,"inclusive_max_total_length":10,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30}}}}},"get":{"summary":"Get password policy","description":"Get the password policy.","tags":["Users"],"responses":{"200":{"description":"OK","examples":{"application/json":{"inclusive_min_upper_case":1,"inclusive_min_lower_case":1,"inclusive_min_digits":1,"inclusive_min_other":1,"inclusive_min_total_length":5,"inclusive_max_total_length":10,"password_history_threshold":0,"failed_logins_lockout_thresholds":[0,0,30],"password_lifetime":30}}}}},"delete":{"summary":"Delete password policy","description":"Delete the password policy.","tags":["Users"],"responses":{"204":{"description":"No Content | Successful deletion of policy."},"404":{"description":"Resource not found."}}}},"/v1/vault/templates":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"List","description":"Lists all the templates. Results can be refined with query parameters.","tags":["Templates"],"parameters":[{"name":"skip","in":"query","description":"The index of the first resource to return. Equivalent to 'offset' in SQL.","type":"integer","default":0},{"name":"limit","in":"query","description":"The max number of resources to return. Equivalent to 'limit' in SQL.","type":"integer","default":10},{"name":"id","in":"query","type":"string","format":"UUID","description":"Filters results to those with matching IDs. May be specified more than once. Results will match *any* of the values.\n"},{"name":"size","in":"query","type":"integer","collectionFormat":"multi","description":"Filters results based on matching size. May be specified more than once. Results will match *any* of the values.\n"},{"name":"curveid","in":"query","type":"string","collectionFormat":"multi","description":"Filters results based on matching elliptic key curve id. May be specified more than once. Results will match *any* of the values.\n"},{"name":"algorithm","in":"query","type":"string","collectionFormat":"multi","description":"Filters results based on matching algorithms. The '?' and '*' wildcard characters may be used."},{"name":"usageMask","in":"query","type":"integer","collectionFormat":"multi","description":"Filters results based on matching Cryptographic usage mask. Add the usage mask values to allow the usages.\nThe associated values are - Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), \nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), \nTranslate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). \nTo set all usage mask bits, use 4194303 (all usage masks including Export).Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),\n'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12),'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},{"name":"name","in":"query","type":"string","description":"Filters results based on matching names. The '?' and '*' wildcard characters may be used."},{"name":"uri","in":"query","type":"string","description":"Filters results based on matching URIs. The '?' and '*' wildcard characters may be used."}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usageMask":{"type":"integer","description":"Cryptographic usage mask."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was updated."},"objectType":{"type":"string","description":"Type of the object. It will be Template.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping).\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Template Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping).\n"}}}}}}]},"examples":{"application/json":{"skip":0,"limit":10,"total":1,"resources":{"id":"24aae5e5-b627-4b0e-964a-f48af998ee2b","uri":"kylo:kylo:vault:template:1480633212136-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-01T23:00:10.072423Z","name":"1480633212136","updatedAt":"2016-12-01T23:00:10.072423Z","usageMask":4194303,"algorithm":"AES","size":256,"unexportable":false,"undeletable":false,"objectType":"Template","activationDate":"2017-10-02T14:24:37.436073Z","deactivationDate":"2017-10-02T14:24:37.439922Z","archiveDate":"2017-10-02T14:24:37.440033Z"}}}}}},"post":{"summary":"Create","description":"Creates a new template.","tags":["Templates"],"parameters":[{"name":"body","in":"body","schema":{"title":"Create Template","properties":{"name":{"type":"string","description":"Optional friendly name. The template name should not contain special characters such as angular brackets (<,>) and backslash (\\)."},"usageMask":{"type":"integer","description":"Filters results based on matching Cryptographic usage mask. Add the usage mask values to allow the usages. \nThe associated values are - Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), \nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), \nTranslate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). To set all usage mask bits, \nuse 4194303 (all usage masks including Export). Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728), 'blob' (Encrypt + Decrypt = 12), \n'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"},"algorithm":{"type":"string","description":"The Cryptographic algorithm of the template that is used to create the specific key.","enum":["aes","tdes","rsa","ec","hmac-sha1","hmac-sha256","hmac-sha384","hmac-sha512","seed","aria"]},"curveid":{"type":"string","description":"The Cryptographic curve id of a template used for the elliptic key. The template algorithm must be 'EC'. Values:\n * secp224k1\n * secp224r1\n * secp256k1\n * secp384r1\n * secp521r1\n * prime256v1\n * brainpoolP224r1\n * brainpoolP224t1\n * brainpoolP256r1\n * brainpoolP256t1\n * brainpoolP384r1\n * brainpoolP384t1\n * brainpoolP512r1\n * brainpoolP512t1\n"},"size":{"type":"integer","description":"The Bit length of the key using this template."},"unexportable":{"type":"boolean","description":"The key created using this template will not be exportable. The default value is false."},"undeletable":{"type":"boolean","description":"The key created using this template will not be deleted. The default value is false."},"meta":{"type":"object","description":"Optional end-user or service data stored with the template.","properties":{"ownerId":{"type":"string","description":"Optional owner information for the template, required for non-admin. The value should be the user_id."}}},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object may begin to be used to process\ncryptographically protected information (for example, decryption or unwrapping).\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Template Object will not be used for\napplying cryptographic protection (for example, encryption or wrapping).\n"}},"example":{"name":"Template1","usageMask":12,"algorithm":"aes","deactivationDate":"2018-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z"}}}],"responses":{"200":{"description":"OK"}}}},"/v1/vault/templates/{id}":{"parameters":[{"name":"Authorization","in":"header","description":"An HTTP header carrying the API token. Format: `Bearer {token}`\n","required":true,"type":"string"}],"get":{"summary":"Get","description":"Returns information about the template.\n","tags":["Templates"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"}],"responses":{"200":{"description":"OK","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usageMask":{"type":"integer","description":"Cryptographic usage mask."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was updated."},"objectType":{"type":"string","description":"Type of the object. It will be Template.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping).\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Template Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping).\n"}}}}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:template:sample-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904312Z","name":"sample template","updatedAt":"2016-12-02T21:23:48.853904312Z","usageMask":12,"meta":{},"algorithm":"RSA","size":1024,"unexportable":false,"undeletable":false,"activationDate":"2017-10-02T14:24:37.436073Z"}}},"409":{"description":"Conflict | An existing template has an incompatible usage."}}},"patch":{"summary":"Update","description":"Updates the template properties. For example, metadata, change the exportable and deletable properties, activation date, and deactivation date.\nIf you update the meta field and both the current value and the updated value are JSON objects, the fields of the objects will be merged.\n","tags":["Templates"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id (id, name, or slug).","type":"string"},{"name":"body","in":"body","description":"The new metadata to update. The \"Body Sample\" on the right pane shows the format.","required":true,"schema":{"title":"Update Template","properties":{"meta":{"type":"object","description":"Optional end-user or service data stored with the template"},"unexportable":{"type":"boolean","description":"Key created using this template will not be exportable.\n"},"undeletable":{"type":"boolean","description":"Key created using this template will not be deleted."},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object activation date."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Object deactivation date."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping)\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Template Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping)\n"},"usageMask":{"type":"integer","description":"Filters results based on matching Cryptographic usage mask. Add the usage mask values to allow the usages. \nThe associated values are - Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), \nContent Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), \nTranslate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). To set all usage mask bits, \nuse 4194303 (all usage masks including Export).Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728),'blob' (Encrypt + Decrypt = 12), \n'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).\n"}},"example":{"meta":"Sample Metadata","activationDate":"2017-10-02T14:24:37.436073Z","deactivationDate":"2018-10-02T14:24:37.436073Z","processStartDate":"2017-10-02T14:24:37.436073Z","protectStopDate":"2018-10-02T14:24:37.436073Z","usageMask":3}}}],"responses":{"201":{"description":"Successful resource update.","schema":{"type":"object","allOf":[{"description":"The result of a query on the resource collection endpoints.\nCollection endpoints (e.g. '/widgets/') return a set of resources\nwrapped in this envelope. The envelope structure contains meta data\nabout the list of results, to assist in paging.\n","type":"object","required":["skip","limit","total"],"properties":{"skip":{"type":"integer","description":"The index of the first record returned. Equivalent to 'offset' in\nSQL.\n"},"limit":{"type":"integer","description":"The max number of records returned. Equivalent to 'limit' in SQL.\n"},"total":{"type":"integer","description":"The total records matching the query."},"messages":{"description":"An optional list of warning messages, usually used to note when unsupported query parameters were ignored.","type":"array","items":{"type":"string"}}},"example":{"skip":0,"limit":10,"total":1,"messages":["Filtering by \"color\" is not supported"],"resources":[{"name":"first"},{"name":"second"}]}},{"type":"object","required":["resources"],"properties":{"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string","format":"UUIDv4","description":"The unique identifier of the resource."},"uri":{"type":"string","format":"URI","description":"A human readable unique identifier of the resource."},"name":{"type":"string","description":"The name of the resource"},"account":{"type":"string","format":"URI","description":"The account which owns this resource."},"application":{"type":"string","format":"URI","description":"The application this resource belongs to."},"usageMask":{"type":"integer","description":"Cryptographic usage mask."},"devAccount":{"type":"string","format":"URI","description":"The developer account which owns this resource's application."},"createdAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was created."},"updatedAt":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the application was updated."},"objectType":{"type":"string","description":"Type of the object. It will be Template.\n"},"activationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes active."},"deactivationDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes inactive."},"archiveDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time the object becomes archived."},"processStartDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time when a Managed Template Object MAY begin to be used to process\ncryptographically protected information (e.g., decryption or unwrapping).\n"},"protectStopDate":{"type":"string","format":"date-time","x-nullable":true,"description":"Date/time after which a Managed Template Object SHALL NOT be used for\napplying cryptographic protection (e.g., encryption or wrapping).\n"}}}}}}]},"examples":{"application/json":{"id":"5a78b671-8467-4548-82c8-ebce11bea4d6","uri":"kylo:kylo:vault:template:sample-v0","account":"kylo:kylo:admin:accounts:kylo","application":"ncryptify:gemalto:admin:apps:kylo","devAccount":"ncryptify:gemalto:admin:accounts:gemalto","createdAt":"2016-12-02T21:23:48.853904Z","name":"sample template","updatedAt":"2016-12-02T21:31:30.854924686Z","usageMask":12,"meta":"Object","algorithm":"RSA","size":1024,"unexportable":false,"undeletable":false,"activationDate":"2017-10-02T14:24:37.436073Z"}}}}},"delete":{"summary":"Delete","description":"Deletes a template.","tags":["Templates"],"parameters":[{"name":"id","in":"path","description":"An identifier of the resource. This can be either the ID (a UUIDv4), the Name, the URI, or the slug (which is the last component of the URI).","type":"string","required":true},{"name":"type","in":"query","description":"An optional parameter, to explicitly specify the type of id ( id, name or slug ).","type":"string"}],"responses":{"204":{"description":"No Content | Successful deletion of template."}}}}}}